Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Javascript obfuscators used in the wild - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Javascript obfuscators used in the wild

I have been doing some research on Javascript obfuscators.  Various handlers have done stories in the past on how to reverse engineer obfuscated javascript that does evil things.  But I would be interested in hearing what kind of obfuscators people have been finding being used in the wild.  Are you able to identify the obfuscator just by looking at it?  What are the hardest off-the-shelf obfuscators to reverse-engineer?  I will collect responses and post them throughout the day (unless you wish the information to remain private).

-Kyle Haugsness


112 Posts
Mar 5th 2010
The Dean Edwards Packer is used quite a bit for packing/obfuscating scripts. Additionally stunnix is used quite a bit too.

Both of these can be identified.
I'm not sure how to identify a given packer/obfuscator; JSUnpack ( takes care of them all, though. I've never met a script it couldn't handle.

4 Posts

Sign Up for Free or Log In to start participating in the conversation!