Finding an alert in the middle of your javascript

Ariel Popovsky — Fri, 11 Mar 2011 21:40:22 GMT

I was debugging a script injection issue the other day using some sample code with an alert in it. The alert was popping out meaning the code got executed leaving open the possibility for a hacker to put there some nasty malicious code. I knew my alert was being executed but didn’t know how. So I tried something that worked perfectly for this problem, replaced the native alert function with my own one.

All I had to do in Chrome was open the javascript console and type:

alert = function(msg){ console.log(msg); console.trace(); };

The next time the malicious code was executed, instead of the regular alert I got something similar to this:

alert("testing")

testing

console.trace()

alert:2

(anonymous function):2

InjectedScript._evaluateOn:312

InjectedScript._evaluateAndWrap:294

InjectedScript.evaluate:288

undefined

In my case I was able to see what was going on and find the offending function.

This was tested on Firebug in Firefox and it works as.

Otros

Finding an alert in the middle of your javascript