adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html
T

95 lines
67 KiB
HTML
Raw Normal View History

Reboot gh-pages
2026-05-08 17:08:43 +00:00
<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><link rel="shortcut icon" href="/assets/images/favicon.png" type="image/x-icon"><link rel="stylesheet" href="/assets/css/just-the-docs-default.css"> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-4622520-7"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-4622520-7', { 'anonymize_ip': true }); </script> <script type="text/javascript" src="/assets/js/vendor/lunr.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/mermaid@10.8.0/dist/mermaid.min.js"></script> <script type="text/javascript" src="/assets/js/just-the-docs.js"></script><meta name="viewport" content="width=device-width, initial-scale=1"><title>JavaScript Obfuscation | Metasploit Documentation Penetration Testing Software, Pen Testing Security</title><meta name="generator" content="Jekyll v4.3.4" /><meta property="og:title" content="JavaScript Obfuscation" /><meta property="og:locale" content="en_US" /><meta name="description" content="View Metasploit Framework Documentation" /><meta property="og:description" content="View Metasploit Framework Documentation" /><link rel="canonical" href="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html" /><meta property="og:url" content="https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html" /><meta property="og:site_name" content="Metasploit Documentation Penetration Testing Software, Pen Testing Security" /><meta property="og:type" content="website" /><meta name="twitter:card" content="summary" /><meta property="twitter:title" content="JavaScript Obfuscation" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","description":"View Metasploit Framework Documentation","headline":"JavaScript Obfuscation","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://rapid7.github.io/metasploit-framework/assets/images/favicon.png"}},"url":"https://rapid7.github.io/metasploit-framework/docs/development/developing-modules/libraries/obfuscation/how-to-obfuscate-javascript-in-metasploit.html"}</script><body> <svg xmlns="http://www.w3.org/2000/svg" style="display: none;"> <symbol id="svg-link" viewBox="0 0 24 24"><title>Link</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-link"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path> </svg> </symbol> <symbol id="svg-search" viewBox="0 0 24 24"><title>Search</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-search"> <circle cx="11" cy="11" r="8"></circle><line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </symbol> <symbol id="svg-menu" viewBox="0 0 24 24"><title>Menu</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-menu"><line x1="3" y1="12" x2="21" y2="12"></line><line x1="3" y1="6" x2="21" y2="6"></line><line x1="3" y1="18" x2="21" y2="18"></line> </svg> </symbol> <symbol id="svg-arrow-right" viewBox="0 0 24 24"><title>Expand</title><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-chevron-right"><polyline points="9 18 15 12 9 6"></polyline> </svg> </symbol> <symbo
<span class="nx">arrr</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="nx">windows</span><span class="p">.</span><span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">"</span><span class="s2">img</span><span class="dl">"</span><span class="p">);</span>
<span class="nx">arrr</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="dl">"</span><span class="s2">src</span><span class="dl">"</span><span class="p">]</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">a</span><span class="dl">"</span><span class="p">;</span>
</code></pre></div></div><p>To avoid getting flagged, there are some common evasive tricks we can try. For example, you can manually modify the code a little bit to make it not recognizable by any signatures. Or if the antivirus relies on cached webpages to scan for exploits, it is possible to make the browser not cache your exploit so you stay undetected. Or in this case, you can obfuscate your code, which is what this writeup will focus on.</p><p>In Metasploit, there are three common ways to obfuscate your JavaScript. The first one is simply by using the <code class="language-plaintext highlighter-rouge">rand_text_alpha</code> method (in <a href="https://github.com/rapid7/rex-text/blob/3bb11cb5c9997096a82a4e160fcb31c152385a9a/lib/rex/text/rand.rb#L127-L132">Rex</a>) to randomize your variables. The second one is by using the <a href="https://github.com/rapid7/rex-exploitation/blob/f3058a0737ba89fd116f99a8381a409bba6a53fa/lib/rex/exploitation/obfuscatejs.rb">ObfuscateJS</a> class. And the third option is the <a href="https://github.com/rapid7/rex-exploitation/blob/f3058a0737ba89fd116f99a8381a409bba6a53fa/lib/rex/exploitation/jsobfu.rb">JSObfu</a> class.</p><h2 id="the-rand_text_alpha-trick"> <a href="#the-rand_text_alpha-trick" class="anchor-heading" aria-labelledby="the-rand_text_alpha-trick"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> The rand_text_alpha trick</h2><p>Using <code class="language-plaintext highlighter-rouge">rand_text_alpha</code> is the most basic form of evasion, but also the least effective. If this is your choice, you should randomize whatever can be randomized without breaking the code.</p><p>By using the above MS12-063, heres how you would use <code class="language-plaintext highlighter-rouge">rand_text_alpha</code>:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Randomizes the array variable</span>
<span class="c1"># Max size = 6, Min = 3</span>
<span class="n">var_array</span> <span class="o">=</span> <span class="n">rand_text_alpha</span><span class="p">(</span><span class="nb">rand</span><span class="p">(</span><span class="mi">6</span><span class="p">)</span> <span class="o">+</span> <span class="mi">3</span><span class="p">)</span>
<span class="c1"># Randomizes the src value</span>
<span class="n">val_src</span> <span class="o">=</span> <span class="n">rand_text_alpha</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span>
<span class="n">js</span> <span class="o">=</span> <span class="sx">%Q|
var </span><span class="si">#{</span><span class="n">var_array</span><span class="si">}</span><span class="sx"> = new Array();
</span><span class="si">#{</span><span class="n">var_array</span><span class="si">}</span><span class="sx">[0] = windows.document.createElement("img");
</span><span class="si">#{</span><span class="n">var_array</span><span class="si">}</span><span class="sx">[0]["src"] = "</span><span class="si">#{</span><span class="n">val_src</span><span class="si">}</span><span class="sx">";
|</span>
</code></pre></div></div><h2 id="the-obfuscatejs-class"> <a href="#the-obfuscatejs-class" class="anchor-heading" aria-labelledby="the-obfuscatejs-class"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> The ObfuscateJS class</h2><p>The ObfuscateJS class is like the <code class="language-plaintext highlighter-rouge">rand_text_alpha</code> technique on steroids, but even better. It allows you to replace symbol names such as variables, methods, classes, and namespaces. It can also obfuscate strings by either randomly using <code class="language-plaintext highlighter-rouge">fromCharCode</code> or <code class="language-plaintext highlighter-rouge">unescape</code>. And lastly, it can strip JavaScript comments, which is handy because exploits often are hard to understand and read so you need comments to remember why something is written in a specific way, but you dont want to show or leak those comments in a pentest.</p><p>To use ObfuscateJS, lets use the MS12-063 example again to demonstrate. If you feel like following the steps yourself without writing a module, what you can do is go ahead and run <code class="language-plaintext highlighter-rouge">msfconsole</code>, and then switch to irb, like this:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ./msfconsole -q
msf &gt; irb
[*] Starting IRB shell...
&gt;&gt;
</code></pre></div></div><p>And then you are ready to go.</p><p>The first thing you do with ObfuscateJS is you need to initialize it with the JavaScript you want to obfuscate, so in this case, begin like the following:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">js</span> <span class="o">=</span> <span class="sx">%Q|
var arrr = new Array();
arrr[0] = windows.document.createElement("img");
arrr[0]["src"] = "a";
|</span>
<span class="n">obfu</span> <span class="o">=</span> <span class="o">::</span><span class="no">Rex</span><span class="o">::</span><span class="no">Exploitation</span><span class="o">::</span><span class="no">ObfuscateJS</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">js</span><span class="p">)</span>
</code></pre></div></div><p><code class="language-plaintext highlighter-rouge">obfu</code> should return a <a href="https://github.com/rapid7/rex-exploitation/blob/f3058a0737ba89fd116f99a8381a409bba6a53fa/lib/rex/exploitation/obfuscatejs.rb">Rex::Exploitation::ObfuscateJS</a> object. It allows you to do a lot of things, you can really just call <code class="language-plaintext highlighter-rouge">methods</code>, or look at the source to see what methods are available (with additional API documentation). But for demo purposes, well showcase the most common one: the <code class="language-plaintext highlighter-rouge">obfuscate</code> method.</p><p>To actually obfuscate, you need to call the <code class="language-plaintext highlighter-rouge">obfuscate</code> method. This method accepts a symbols argument that allows you to manually specify what symbol names (variables, methods, classes, etc) to obfuscate, it should be in a hash like this:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="p">{</span>
<span class="s1">'Variables'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'var1'</span><span class="p">,</span> <span class="o">...</span> <span class="p">],</span>
<span class="s1">'Methods'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'method1'</span><span class="p">,</span> <span class="o">...</span> <span class="p">],</span>
<span class="s1">'Namespaces'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'n'</span><span class="p">,</span> <span class="o">...</span> <span class="p">],</span>
<span class="s1">'Classes'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="p">{</span> <span class="s1">'Namespace'</span> <span class="o">=&gt;</span> <span class="s1">'n'</span><span class="p">,</span> <span class="s1">'Class'</span> <span class="o">=&gt;</span> <span class="s1">'y'</span><span class="p">},</span> <span class="o">...</span> <span class="p">]</span>
<span class="p">}</span>
</code></pre></div></div><p>So if I want to obfuscate the variable <code class="language-plaintext highlighter-rouge">arrr</code>, and I want to obfuscate the src string, heres how:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; obfu.obfuscate('Symbols' =&gt; {'Variables'=&gt;['arrr']}, 'Strings' =&gt; true)
=&gt; "\nvar QqLFS = new Array();\nQqLFS[0] = windows.document.createElement(unescape(String.fromCharCode( 37, 54, 071, 045, 0x36, 0144, 37, 066, 067 )));\nQqLFS[0][String.fromCharCode( 115, 0x72, 0143 )] = unescape(String.fromCharCode( 045, 0x36, 0x31 ));\n"
</code></pre></div></div><p>In some cases, you might actually want to know the obfuscated version of a symbol name. One scenario is calling a JavaScript function from an elements event handler, such as this:</p><div class="language-html highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nt">&lt;html&gt;</span>
<span class="nt">&lt;head&gt;</span>
<span class="nt">&lt;script&gt;</span>
<span class="kd">function</span> <span class="nf">test</span><span class="p">()</span> <span class="p">{</span>
<span class="nf">alert</span><span class="p">(</span><span class="dl">"</span><span class="s2">hello, world!</span><span class="dl">"</span><span class="p">);</span>
<span class="p">}</span>
<span class="nt">&lt;/script&gt;</span>
<span class="nt">&lt;/head&gt;</span>
<span class="nt">&lt;body</span> <span class="na">onload=</span><span class="s">"test();"</span><span class="nt">&gt;</span>
<span class="nt">&lt;/body&gt;</span>
<span class="nt">&lt;/html&gt;</span>
</code></pre></div></div><p>The obfuscated version would look like the following:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">js</span> <span class="o">=</span> <span class="sx">%Q|
function test() {
alert("hello, world!");
}
|</span>
<span class="n">obfu</span> <span class="o">=</span> <span class="o">::</span><span class="no">Rex</span><span class="o">::</span><span class="no">Exploitation</span><span class="o">::</span><span class="no">ObfuscateJS</span><span class="p">.</span><span class="nf">new</span><span class="p">(</span><span class="n">js</span><span class="p">)</span>
<span class="n">obfu</span><span class="p">.</span><span class="nf">obfuscate</span><span class="p">(</span><span class="s1">'Symbols'</span> <span class="o">=&gt;</span> <span class="p">{</span><span class="s1">'Methods'</span><span class="o">=&gt;</span><span class="p">[</span><span class="s1">'test'</span><span class="p">]},</span> <span class="s1">'Strings'</span> <span class="o">=&gt;</span> <span class="kp">true</span><span class="p">)</span>
<span class="n">html</span> <span class="o">=</span> <span class="sx">%Q|
&lt;html&gt;
&lt;head&gt;
&lt;script&gt;
</span><span class="si">#{</span><span class="n">js</span><span class="si">}</span><span class="sx">
&lt;/script&gt;
&lt;/head&gt;
&lt;body onload="</span><span class="si">#{</span><span class="n">obfu</span><span class="p">.</span><span class="nf">sym</span><span class="p">(</span><span class="s1">'test'</span><span class="p">)</span><span class="si">}</span><span class="sx">();"&gt;
&lt;/body&gt;
&lt;/html&gt;
|</span>
<span class="nb">puts</span> <span class="n">html</span>
</code></pre></div></div><h2 id="the-jsobfu-class"> <a href="#the-jsobfu-class" class="anchor-heading" aria-labelledby="the-jsobfu-class"><svg viewBox="0 0 16 16" aria-hidden="true"><use xlink:href="#svg-link"></use></svg></a> The JSObfu class</h2><p>The JSObfu class used to be ObfuscateJS cousin, but it has been completely rewritten since September 2014, and packaged as a <a href="https://rubygems.org/gems/jsobfu">gem</a>. The obfuscation is more complex and you can actually tell it to obfuscate multiple times. You also no longer have to manually specify what symbol names to change, it just knows.</p><p><strong>Trying JSObfu in Rex</strong></p><p>Lets get back to irb again to demonstrate how easy it is to use JSObfu:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>$ ./msfconsole -q
msf &gt; irb
[*] Starting IRB shell...
&gt;&gt;
</code></pre></div></div><p>This time well do a “hello world” example:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; js = ::Rex::Exploitation::JSObfu.new %Q|alert('hello, world!');|
=&gt; alert('hello, world!');
&gt;&gt; js.obfuscate
=&gt; nil
</code></pre></div></div><p>And heres the output:</p><div class="language-javascript highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">window</span><span class="p">[(</span><span class="nf">function </span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">_d</span><span class="o">=</span><span class="dl">"</span><span class="s2">t</span><span class="dl">"</span><span class="p">,</span><span class="nx">y</span><span class="o">=</span><span class="dl">"</span><span class="s2">ler</span><span class="dl">"</span><span class="p">,</span><span class="nx">N</span><span class="o">=</span><span class="dl">"</span><span class="s2">a</span><span class="dl">"</span><span class="p">;</span> <span class="k">return</span> <span class="nx">N</span><span class="o">+</span><span class="nx">y</span><span class="o">+</span><span class="nx">_d</span> <span class="p">})()]((</span><span class="nf">function </span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">f</span><span class="o">=</span><span class="dl">'</span><span class="s1">d!</span><span class="dl">'</span><span class="p">,</span><span class="nx">B</span><span class="o">=</span><span class="dl">'</span><span class="s1">orl</span><span class="dl">'</span><span class="p">,</span><span class="nx">Q2</span><span class="o">=</span><span class="dl">'</span><span class="s1">h</span><span class="dl">'</span><span class="p">,</span><span class="nx">m</span><span class="o">=</span><span class="dl">'</span><span class="s1">ello, w</span><span class="dl">'</span><span class="p">;</span> <span class="k">return</span> <span class="nx">Q2</span><span class="o">+</span><span class="nx">m</span><span class="o">+</span><span class="nx">B</span><span class="o">+</span><span class="nx">f</span> <span class="p">})());</span>
</code></pre></div></div><p>Like ObfuscateJS, if you need to get the randomized version of a symbol name, you can still do that. Well demonstrate this with the following example:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">&gt;&gt;</span> <span class="n">js</span> <span class="o">=</span> <span class="o">::</span><span class="no">Rex</span><span class="o">::</span><span class="no">Exploitation</span><span class="o">::</span><span class="no">JSObfu</span><span class="p">.</span><span class="nf">new</span> <span class="sx">%Q|function test() { alert("hello"); }|</span>
<span class="o">=&gt;</span> <span class="n">function</span> <span class="nb">test</span><span class="p">()</span> <span class="p">{</span>
<span class="n">alert</span><span class="p">(</span><span class="s2">"hello"</span><span class="p">);</span>
<span class="p">}</span>
<span class="o">&gt;&gt;</span> <span class="n">js</span><span class="p">.</span><span class="nf">obfuscate</span>
</code></pre></div></div><p>Say we want to know the randomized version of the method name “test”:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">&gt;&gt;</span> <span class="nb">puts</span> <span class="n">js</span><span class="p">.</span><span class="nf">sym</span><span class="p">(</span><span class="s2">"test"</span><span class="p">)</span>
<span class="n">_</span>
</code></pre></div></div><p>OK, double check right quick:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; puts js
function _(){window[(function () { var N="t",r="r",i="ale"; return i+r+N })()](String.fromCharCode(0150,0x65,0154,0x6c,0x6f));}
</code></pre></div></div><p>Yup, that looks good to me.</p><p>And finally, lets try to obfuscate a few times to see how that goes:</p><div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>&gt;&gt; js = ::Rex::Exploitation::JSObfu.new %Q|alert('hello, world!');|
=&gt; alert('hello, world!');
&gt;&gt; js.obfuscate(:iterations=&gt;3)
=&gt; window[String[((function(){var s=(function () { var r="e"; return r })(),Q=(function () { var I="d",dG="o"; return dG+I })(),c=String.fromCharCode(0x66,114),w=(function () { var i="C",v="r",f="omCh",j="a"; return f+j+v+i })();return c+w+Q+s;})())](('Urx'.length*((0x1*(01*(1*020+5)+1)+3)*'u'.length+('SGgdrAJ'.length-7))+(('Iac'.length*'XLR'.length+2)*'qm'.length+0)),(('l'.length*((function () { var vZ='k'; return vZ })()[((function () { var E="h",t="t",O="leng"; return O+t+E })())]*(0x12*1+0)+'xE'.length)+'h'.length)*(function () { var Z='uA',J='tR',D='x'; return D+J+Z })()[((function () { var m="th",o="g",U="l",Y="en"; return U+Y+o+m })())]+'lLc'.length),('mQ'.length*(02*023+2)+('Tt'.length*'OEzGiMVf'.length+5)),(String.fromCharCode(0x48,0131)[((function () { var i="gth",r="len"; return r+i })())]*('E'.length*0x21+19)+(0x1*'XlhgGJ'.length+4)),(String.fromCharCode(0x69)[((function () { var L="th",Q="n",$="l",I="g",x="e"; return $+x+Q+I+L })())]*('QC'.length*0x2b+3)+(01*26+1)))]((function(){var C=String[((function () { var w="rCode",j="mCha",A="fr",B="o"; return A+B+j+w })())]((6*0x10+15),('riHey'.length*('NHnex'.length*0x4+2)+4),(01*95+13),(1*('Z'.length*(0x1*(01*(0x3*6+5)+1)+18)+12)+46),(0x1*(01*013+6)+16)),JQ=String[((function () { var NO="ode",T="rC",HT="fromCha"; return HT+T+NO })())](('J'.length*0x54+17),(0x2*051+26),('TFJAGR'.length*('ymYaSJtR'.length*'gv'.length+0)+12),(01*0155+2),(0xe*'FBc'.length+2),(0x1*22+10),(3*(01*043+1)+11)),g=(function(){var N=(function () { var s='h'; return s })();return N;})();return g+JQ+C;})());
</code></pre></div></div><p><strong>Using JSObfu for module development</strong></p><p>When you are writing a module, you should not call Rex directly like the above examples. Instead, you should be using the <code class="language-plaintext highlighter-rouge">#js_obfuscate</code> method found in <a href="https://github.com/rapid7/rex-exploitation/blob/f3058a0737ba89fd116f99a8381a409bba6a53fa/lib/rex/exploitation/jsobfu.rb">JSObfu mixin</a>. When youre using JavaScript in your module, always do write it like this:</p><div class="language-ruby highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># This returns a Rex::Exploitation::JSObfu object</span>
<span class="n">js</span> <span class="o">=</span> <span class="n">js_obfuscate</span><span class="p">(</span><span class="n">your_code</span><span class="p">)</span>
</code></pre></div></div><p>Note that by default, even though your module is calling the #js_obfuscate method, obfuscation will not kick in unless the user sets the JsObfuscate datastore option. This option is an OptInt, which allows you to set the number of times to obfuscate (default is 0).</p><hr><footer><p><a href="#top" id="back-to-top">Back to top</a></p><p class="text-small text-grey-dk-000 mb-0"> <a href="https://github.com/rapid7/metasploit-framework/tree/master/docs/metasploit-framework.wiki/How-to-obfuscate-JavaScript-in-Metasploit.md" id="edit-this-page">Edit this page on GitHub</a></p></footer></div></div><div class="search-overlay"></div></div><script type="text/javascript" src="/assets/js/toggle_mode.js"></script> <script> var config = { theme: 'default', logLevel: 'fatal', securityLevel: 'strict', startOnLoad: true, arrowMarkerAbsolute: false, er: { diagramPadding: 20, layoutDirection: 'TB', minEntityWidth: 100, minEntityHeight: 75, entityPadding: 15, stroke: 'gray', fill: 'honeydew', fontSize: 12, useMaxWidth: true, }, flowchart:{ diagramPadding: 8, htmlLabels: true, curve: 'basis', }, sequence: { diagramMarginX: 50, diagramMarginY: 10, actorMargin: 50, width: 150, height: 65, boxMargin: 10, boxTextMargin: 5, noteMargin: 10, messageMargin: 35, messageAlign: 'center', mirrorActors: true, bottomMarginAdj: 1, useMaxWidth: true, rightAngles: false, showSequenceNumbers: false, }, gantt: { titleTopMargin: 25, barHeight: 20, barGap: 4, topPadding: 50, leftPadding: 75, fontSize: 11, gridLineStartPadding: 35, fontFamily: '\'Open Sans\', sans-serif', numberSectionStyles: 4, axisFormat: '%Y-%m-%d', topAxis: false, }, }; mermaid.initialize(config); window.mermaid.init(undefined, document.querySelectorAll('.language-mermaid')); </script>
Reference in New Issue Copy Permalink