lookyloo icon indicating copy to clipboard operation
lookyloo copied to clipboard

Published 20 hours ago verified publisher icon Lookyloo

[Feature]: Detect "obfuscated" and delayed JS redirections

Open esellier opened this issue 2 years ago • 1 comments

Is your feature request related to a problem? Please describe.

Lookyloo does not detect delayed redirections through Javascript, at least when the javascript is "obfuscated".

Describe the solution you'd like

Before getting the final result, wait a few more seconds each time a new JS is loaded/detected as it may execute a new redirection (in any frame, main or not).

Describe alternatives you've considered

No response

Additional context

Example of a simple "hidden" JS redirecting to a new URL after a few seconds (let's imagine there is a spinner displayed in the mean time):

let f = eval("set"+"Timeout");
    let l = this["loc"+"ation"]
    f(()=>{
        l.href="https://www.google.com";
        document.querySelector("#id1").style="";
    },5000);

esellier avatar Mar 24 '22 11:03 esellier

Hmm this one is weird, because that should be supported just fine by splash, it's not anything new JS wise, even a very old webkit should support it, right?

I'll add a sample like that in the testing repository - live instance.

As of now, Lookyloo supports fine the window.location.href calls (https://lookyloo-testing.herokuapp.com/redirect_js_loc) and the setTimeout (https://lookyloo-testing.herokuapp.com/redirect_js_loc_replace). So I guess there something phishy with the obfuscated call? Or is it some "new" JS syntax from the last few years?

Rafiot avatar Mar 24 '22 12:03 Rafiot

That's properly supported by playwright.

Rafiot avatar Jan 25 '24 16:01 Rafiot