Download
ast-hook-for-js-RE is an open source JavaScript reverse engineering toolkit designed to help analysts locate and understand client-side encryption logic used by web applications. It works by intercepting browser traffic through a local proxy server and modifying JavaScript code before it executes in the browser. Using Abstract Syntax Tree (AST) transformations, it injects hook functions into the code to monitor variable assignments and other runtime changes during execution. This allows ast-hook-for-js-RE to capture variable values in memory and store them in a searchable database, effectively enabling variable-level monitoring of program execution. When a user encounters encrypted parameters in network requests, the captured variable data can be searched to determine where those values originated in the code. Once the relevant variable and code location are identified, analysts can trace backward to extract or reproduce the encryption logic used by the site.
Features
- AST-based JavaScript instrumentation to inject runtime hook logic
- Proxy-based interception and modification of JavaScript and HTML responses
- Variable-level monitoring that records runtime value changes
- Searchable in-memory database for captured variables
- Plugin system for extending hook and analysis functionality
- Tools for locating the source of encrypted request parameters
Project Samples
