Build and install Beepbop:
$ make $ make install
- Shell code that is executed by exploiting vulnerable plugins.
- Infinite alerts or other infinite loops.
- Re-opening a window after the user closes it.
- Malicious code delivered through (typically) invisible iframes.
Beepbop prevents the first form by detecting sequences of unicode characters that get passed to
unescape call. For an example, look at
test/shellcode.js. Therefore, if the proxy sees a certain number of encoded UTF-16 characters and a certain number of
unescape calls, the script is marked as malicious and removed.
The other three cases are detected and removed through simple regular expressions.