Skip to content
/ js2img Public

A POC of an obfuscation method used by polyglot malvertising attacks

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

x052/js2img

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

x052x052
Create README.md
Apr 9, 2025
637b8d7 · Apr 9, 2025

History

4 Commits
POC.js
POC.js
Mar 9, 2019
README.md
README.md
Apr 9, 2025
index.html
index.html
Mar 9, 2019
input.bmp
input.bmp
Mar 9, 2019
package.json
package.json
Mar 9, 2019
server.js
server.js
Mar 9, 2019

Repository files navigation

JS2IMG - JavaScript to Image Converter

A proof-of-concept project that demonstrates how to embed JavaScript code within a BMP image file, similar to techniques used in polyglot malvertising attacks. This project creates a hybrid file that can be both displayed as an image and contain executable JavaScript code.

Overview

This project demonstrates a technique used in real-world malvertising attacks where attackers embed malicious JavaScript code within image files. The project takes a BMP image and JavaScript code as input, and produces a modified BMP file that contains both the image data and the JavaScript code. The resulting file can be used as a regular image while also containing executable JavaScript code.

Security Context

This project demonstrates a technique that has been observed in real-world malvertising attacks, where attackers:

  • Hide malicious JavaScript payloads within seemingly innocent image files
  • Use polyglot files that can be interpreted as both images and JavaScript
  • Obfuscate the malicious code to evade detection
  • Exploit browser behavior to execute the hidden code

Note: This is an educational demonstration of a technique that has been used in actual attacks. The implementation is for research and educational purposes only.

Features

  • Converts JavaScript code into an image-embedded format
  • Maintains image display capabilities
  • Simple Express.js server for demonstration
  • Proof-of-concept implementation of polyglot file creation
  • Educational demonstration of malvertising techniques

Prerequisites

  • Node.js (v12 or higher)
  • npm (Node Package Manager)

Installation

  1. Clone this repository:
git clone https://github.com/x052/js2img
cd js2img
  1. Install dependencies:
npm install

Usage

  1. Start the server:
npm start

  1. The server will run on http://localhost:8080

  2. Access the demo page and view the generated image with embedded JavaScript

Project Structure

  • server.js - Express server implementation
  • POC.js - Core JavaScript to Image conversion logic
  • input.bmp - Sample input image
  • index.html - Demo page
  • package.json - Project configuration and dependencies

How It Works

The project demonstrates how polyglot files work by:

  1. Taking a BMP image as input
  2. Appending JavaScript code to the image data
  3. Creating a modified BMP file that contains both the image and code
  4. Serving the hybrid file through an Express server
  5. Exploiting browser behavior to execute the hidden JavaScript

Security Implications

This project demonstrates several important security concepts:

  • How attackers can hide malicious code in seemingly innocent files
  • The importance of proper file validation and sanitization
  • The risks of polyglot files in web applications
  • Browser security considerations when handling mixed content

Security Best Practices

When implementing file handling in production environments:

  1. Always validate file types using multiple methods
  2. Implement proper content-type checking
  3. Use secure file handling practices
  4. Consider implementing file sanitization
  5. Monitor for unusual file behavior

License

ISC License

References

About

A POC of an obfuscation method used by polyglot malvertising attacks

Resources

Readme
Activity

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages