top | item 45508426

(no title)

Matheus28 | 4 months ago

You can just use Proxy to get around toString shenanigans and prevent any detection whatsoever.

discuss

Someone mentioned this as well in another comment. Turns out most of this could’ve been done as an extension after all :-)

edit: actually, wouldn’t you still need to override the global you’d like to instrument? At that point, the toString of the modified function would leak your hook.

see: https://gist.github.com/voidstar0/179990efe918d1028b72f292cf...

Regardless, I do have some interesting ideas that should hopefully make my pain of compiling Chromium for 3 hours worth it though :p

Cheat Engine for site scripts? Who knows. Mostly just using this as an opportunity to learn some browser internals so id say it still paid off :)

coolelectronics|4 months ago

Your example proxies the console object, the intended way in this case is to make a proxy from the log function itself and use the apply hook

toString will be called on the Proxy and not your hook so it won't reveal anything

kachapopopow|4 months ago

no you cannot since you can throw an exception and your proxy will be leaked leading to a detection.

Matheus28|4 months ago

How are you gonna throw an error inside Array.prototype.push?