A common trick sites use to protect against reverse engineering is to prevent Javascript from executing correctly when the developer tools are open. Usually, this relies on an object logged to the console with a getter or custom toString
function that only gets called when the console is visible. A simple workaround is to proxy console.*
functions and discard offending objects.
I recently stumbled across a site that is a bit more difficult - it detects if you've proxied or otherwise messed around with native functions. Unfortunately, the site's scripts are heavily obfuscated, so I haven't been able to determine the exact method they use. However, the following seems to be a reliable way to determine if a native function is proxied in Chrome:
function isProxied(func) {
return func.toString().length === 29;
}
console.log(isProxied(eval));
eval = new Proxy(eval, {});
console.log(isProxied(eval));
How can I make a proxied object appear identical to its target?
eval.toString = () => ""
. We don't know what else they're checking though so we can't recommend anything specific.toString
of the original? It seems to work that way in Firefox.toString
(which isFunction.prototype.toString
), it's just that the native.toString()
method returns a different value for the proxy function.