Going through a bunch of JavaScript I do not trust and it has a ton of web address comments like citations but likely some bad stuff in there too. What could be swapped with the address to instead act as a local tripwire or trap?

Just a mild curiosity for scripting stuff.

    • 𞋴𝛂𝛋𝛆@lemmy.worldOPEnglish
      2·
      4 days ago

      Assuming it is a quoted string for simplicity.
      ..."http://foo.bar/"...
      $ sed -i 's/\/.*\"/injection/g'

      That is flawed in practicality, but gets the point across and will result in http:injection. It would take more convoluted escapes to replace the ‘//’.

      I was thinking there has to be a way to use the address like a printf like situation. However someone tries to use an address, it just hits a local trip wire. Pass that to anything you don’t want to connect on the internet. It is super lazy and hacky, but I don’t really care. I use an external firewall device with DNS whitelist, so I block everything anyways. Flagging stuff just makes it easy to say something to others that might benefit.

      • sin_free_for_00_days@sopuli.xyzEnglish
        2·
        3 days ago

        I must be missing something here, because sed should be able to do it. Something like:

        echo '"http://foo.bar/"' | sed 's|"http[^"]*|"http:injection|'
"http:injection"
        • 𞋴𝛂𝛋𝛆@lemmy.worldOPEnglish
          1·
          3 days ago

          Yeah, I could do it. The question is how to redirect a web address to do something useful locally. Like maybe setup an Apache server or something to capture and log any such attempts regardless of how the address is called.

          • sin_free_for_00_days@sopuli.xyzEnglish
            2·
            3 days ago

            If it’s a link to an external site, redirecting to local won’t really do anything useful. I still feel like I’m missing something. I’ll give it a last try.

            If I start a local super basic webserver:

            python3 -m http.server 8000 2>&1 | tee -a logfile.txt

            so that I’m running a server on localhost, port 8000 creating logfile.txt, I can do something like this on the file:

            sed 's|"http://\([^/]*\)|"http://0.0.0.0:8000//1|'

            which should rewrite a url from:

            http://foo.bar/testing/link

            to

            http://0.0.0.0:8000/foo.bar/testing/link

            Now if you click on that link, it won’t do anything except give you an error, but:

            $ cat logfile.txt
127.0.0.1 - - [27/Mar/2026 00:12:49] code 404, message File not found
127.0.0.1 - - [27/Mar/2026 00:12:49] "GET /foo.bar/testing/link HTTP/1.1" 404 -

            so you’d now have a log of all attempts which would be easy to clean up.

            • 𞋴𝛂𝛋𝛆@lemmy.worldOPEnglish
              1·
              2 days ago

              Awesome. Now how would you strace/ptrace the active process correlated with the return packet?

              This is way past my pay grade in the territory of edge-of-abstract – understanding.

              See one of my problems is that the malicious software is running across Python, JavaScript, and a ton of dubious packages scattered throughout the machine. It is all interconnected and using unconventional operations. Right now I am just removing a package one and a time and seeing what breaks. I will likely miss how things are interconnected. I am not at all familiar with this type of thing, and learning as I go. The system used unshare, manually created no-label packets with all records obfuscated, used a hidden daemon function in systemd, and no-account to operate outside of namespaces.