VisibleV8

Overview

strace for the web

VisibleV8 (VV8) is a custom variant of the V8 JavaScript engine at the heart of the Chromium browser, the Node.js application runtime, and probably other titans of the modern software world. Maintained and distributed as a minimally-invasive and maintainable patchset, VV8 captures and logs the following activities in plaintext logs:

• All JS function calls that cross the JS/hosting-application boundary (i.e., calls to what V8 internally dubs “API” functions, like window.alert in a browser)
• Named (e.g., foo.bar) or keyed (e.g., foo["bar"]) property lookups for which the receiver (e.g., foo) refers to an object defined by the hosting application or the global object
• Assignments to named or keyed property expressions involving receiver objects defined by the hosting application (or the global object)
• Reflect.get and Reflect.set API access to properties on hosting application-defined objects

Log records directly or indirectly include the following context:

• Source code of the immediately active/invoking script
• Simple provenance details of active script (i.e., source URL or eval-ing script)
• Character offset of function call/property access within active script
• Receiver type information (i.e., constructor/prototype function name)
• Property/function name
• Value (for primitive values) or type information (for objects) passed to function calls as arguments or as the new property value for property assignments

Papers

1. Hiding in Plain Site: Detecting JavaScript Obfuscation through Concealed Browser API Usage
   Shaown Sarker, Jordan Jueckstock, Alexandros Kapravelos
   Proceedings of the ACM Internet Measurement Conference (IMC), 2020
   [PDF] [Bibtex]

   ×

   @inproceedings{jsobf-imc20,
     title = {{Hiding in Plain Site: Detecting JavaScript Obfuscation through Concealed Browser API Usage}},
     author = {Sarker, Shaown and Jueckstock, Jordan and Kapravelos, Alexandros},
     booktitle = {{Proceedings of the ACM Internet Measurement Conference (IMC)}},
     pages = {648–661},
     month = oct,
     tag = {vv8},
     year = {2020}
   }
   

2. VisibleV8: In-browser Monitoring of JavaScript in the Wild
   Jordan Jueckstock, Alexandros Kapravelos
   Proceedings of the ACM Internet Measurement Conference (IMC), 2019
   [PDF] [Bibtex] [website] [slides] [talk] [code]

   ×

   @inproceedings{vv8-imc19,
     title = {{VisibleV8: In-browser Monitoring of JavaScript in the Wild}},
     author = {Jueckstock, Jordan and Kapravelos, Alexandros},
     booktitle = {{Proceedings of the ACM Internet Measurement Conference (IMC)}},
     pages = {393–405},
     month = oct,
     howpublished = {/projects/vv8/},
     code = {{https://github.com/wspr-ncsu/visiblev8}},
     slides = {/presentations/vv8-imc19.pdf},
     talk = {https://vimeo.com/showcase/6531379/video/369121825#t=3500s},
     tag = {vv8},
     year = {2019}
   }
   

Availability

The VV8 patches, tests, build scripts, and documentation are all available on GitHub.