Is there a way to detect a malicious JavaScript code within a webpage before the script runs on my computer ?
I want to develop a Python script that prevents from 8 JS malwares that I can embed on my website (for test). But if the malicious script runs on my computer then I do not find it useful for my Python script to detect it. I would love to know if there is a method that can allow me to detect the JS malware before it runs.
That means you need some way to access the Javascript code after it got downloaded but before it got executed.
Depending on the web browser, there might be a browser-specific way to create an extension or plugin which is able to access the website content before the rendering engine does. Refer to the relevant documentations about your web browser for details.
A much more browser-independent solution would be to create a local proxy server and configure all your web browsers to use that proxy server to access the internet. That proxy could easily examine all html and javascript files for malicious code before relaying them to the client. There already are solutions which work that way, free or commercial.
One problem with this solution is that it is impossible for a proxy to scan any content transferred via HTTPS. With TLS, the content is encrypted between browser and server, and the proxy has no way to decrypt it. But there is also a workaround for that: SSLStrip is an example for a proxy server which handles the TLS en- and decryption itself. It then re-encrypts the connection between itself and the browser using a new certificate signed by itself. This, of course, requires that the proxy servers root certificate is added manually to the list of trusted certificate authorities of the browsers.
While TLS certificate spoofing can be used maliciously, this method isn't uncommon in corporate environments to be able to filter the web from content which might be malware or distract employees from their work in other ways (games, porn, etc.).
