If making your own build of Chromium for your investigation purposes makes
sense to you,
it should work for you to remove "Unforgeable" here:
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/frame/Window.idl?l=41
Then, you could defineProperty window.location to your "proxy" object.
--
Best regards,
*Krzysztof Olczyk*
Software Developer & Architect
TVSDK Core team
Opera TV
Pl. Teatralny 8, 50-051 Wroclaw, Poland
On Thu, Oct 20, 2016 at 7:54 AM, PhistucK <phist...@gmail.com> wrote:
> File crbug.com/657697 (and crbug.com/657700 for a related bug I found
> as a result :(). But it is really a duplicate of crbug.com/496666 (so I
> closed mine). I guess it will not be in progress soon. :(
>
>
> ☆*PhistucK*
>
> On Thu, Oct 20, 2016 at 8:19 AM, Jochen Eisinger <joc...@chromium.org>
> wrote:
>
>> As far as I know that's not possible. Could you file a feature request
>> for this (probably on crbug.com if you also want to cover DOM functions)
>>
>> On Wed, Oct 19, 2016 at 7:38 PM PhistucK <phist...@gmail.com> wrote:
>>
>>> I wanted to know whether there is a V8 (or Chrome) flag of some sort
>>> that will let me add breakpoints on native function calls.
>>> I do not mean C++ functions, I mean built in web platform (or
>>> ECMAScript) functions.
>>> My issue is that I click on a link and suddenly some code is apparently
>>> calling document.location.replace("foo") or something and the page
>>> redirects (maliciously). In order to find the calling code, I want to set a
>>> breakpoint on calling document.location.replace, which is a native web
>>> platform function, that is not writable (so I cannot override it with my
>>> own function using Object.defineProperty, or use a proxy).
>>> (The code is apparently elusive and obfuscated somewhat, so it is not
>>> just a search and replace)
>>> I tried using the Developer Tools API - debug(function), but it did not
>>> break (even when I call it with setTimeout).
>>>
>>> A V8 flag (or a Chrome flag) that either lets me break on calling that
>>> function, or that overrides the security feature that makes it
>>> non-writable, or something like that, would let me see the code that calls
>>> it and find the malicious way it does so.
>>>
>>> So, is there something like that?
>>>
>>> Thank you!
>>>
>>> --
>>> --
>>> v8-users mailing list
>>> v8-users@googlegroups.com
>>> http://groups.google.com/group/v8-users
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "v8-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to v8-users+unsubscr...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>> --
>> v8-users mailing list
>> v8-users@googlegroups.com
>> http://groups.google.com/group/v8-users
>> ---
>> You received this message because you are subscribed to a topic in the
>> Google Groups "v8-users" group.
>> To unsubscribe from this topic, visit https://groups.google.com/d/to
>> pic/v8-users/j2CPHefGEmQ/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> v8-users+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> --
> v8-users mailing list
> v8-users@googlegroups.com
> http://groups.google.com/group/v8-users
> ---
> You received this message because you are subscribed to the Google Groups
> "v8-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to v8-users+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
--
v8-users mailing list
v8-users@googlegroups.com
http://groups.google.com/group/v8-users
---
You received this message because you are subscribed to the Google Groups
"v8-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to v8-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
