Mayall: a framework for desktop JavaScript auditing and post-exploitation analysis

Adam Rapley, Xavier Bellekens, Lynsay A. Shepherd, Colin McLean

Research output: Contribution to journalArticle

Abstract

Writing desktop applications in JavaScript offers developers the opportunity to create cross-platform applications with cutting-edge capabilities. However, in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime—an increasingly popular server-side technology. By bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. This paper also exposes fifteen highly popular Electron applications and demonstrates that two-thirds of applications were found to be using known vulnerable elements with high CVSS (Common Vulnerability Scoring System) scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.
LanguageEnglish
Article number46
Number of pages20
JournalInformatics
Volume5
Issue number4
DOIs
Publication statusPublished - 17 Dec 2018

Fingerprint

Electrons
Computer systems programming
Freight transportation
Remediation
Byproducts
Servers
Malware

Keywords

  • JavaScript
  • Node.js
  • security vulnerabilities
  • arbitrary code execution
  • post-exploitation

Cite this

Rapley, Adam ; Bellekens, Xavier ; Shepherd, Lynsay A. ; McLean, Colin. / Mayall : a framework for desktop JavaScript auditing and post-exploitation analysis. 2018 ; Vol. 5, No. 4.
@article{ffc19a39e1494900b107b27d26ce13bc,
title = "Mayall: a framework for desktop JavaScript auditing and post-exploitation analysis",
abstract = "Writing desktop applications in JavaScript offers developers the opportunity to create cross-platform applications with cutting-edge capabilities. However, in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime—an increasingly popular server-side technology. By bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. This paper also exposes fifteen highly popular Electron applications and demonstrates that two-thirds of applications were found to be using known vulnerable elements with high CVSS (Common Vulnerability Scoring System) scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.",
keywords = "JavaScript, Node.js, security vulnerabilities, arbitrary code execution, post-exploitation",
author = "Adam Rapley and Xavier Bellekens and Shepherd, {Lynsay A.} and Colin McLean",
year = "2018",
month = "12",
day = "17",
doi = "10.3390/informatics5040046",
language = "English",
volume = "5",
number = "4",

}

Mayall : a framework for desktop JavaScript auditing and post-exploitation analysis. / Rapley, Adam; Bellekens, Xavier; Shepherd, Lynsay A.; McLean, Colin.

Vol. 5, No. 4, 46, 17.12.2018.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Mayall

T2 - a framework for desktop JavaScript auditing and post-exploitation analysis

AU - Rapley, Adam

AU - Bellekens, Xavier

AU - Shepherd, Lynsay A.

AU - McLean, Colin

PY - 2018/12/17

Y1 - 2018/12/17

N2 - Writing desktop applications in JavaScript offers developers the opportunity to create cross-platform applications with cutting-edge capabilities. However, in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime—an increasingly popular server-side technology. By bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. This paper also exposes fifteen highly popular Electron applications and demonstrates that two-thirds of applications were found to be using known vulnerable elements with high CVSS (Common Vulnerability Scoring System) scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

AB - Writing desktop applications in JavaScript offers developers the opportunity to create cross-platform applications with cutting-edge capabilities. However, in doing so, they are potentially submitting their code to a number of unsanctioned modifications from malicious actors. Electron is one such JavaScript application framework which facilitates this multi-platform out-the-box paradigm and is based upon the Node.js JavaScript runtime—an increasingly popular server-side technology. By bringing this technology to the client-side environment, previously unrealized risks are exposed to users due to the powerful system programming interface that Node.js exposes. In a concerted effort to highlight previously unexposed risks in these rapidly expanding frameworks, this paper presents the Mayall Framework, an extensible toolkit aimed at JavaScript security auditing and post-exploitation analysis. This paper also exposes fifteen highly popular Electron applications and demonstrates that two-thirds of applications were found to be using known vulnerable elements with high CVSS (Common Vulnerability Scoring System) scores. Moreover, this paper discloses a wide-reaching and overlooked vulnerability within the Electron Framework which is a direct byproduct of shipping the runtime unaltered with each application, allowing malicious actors to modify source code and inject covert malware inside verified and signed applications without restriction. Finally, a number of injection vectors are explored and appropriate remediations are proposed.

KW - JavaScript

KW - Node.js

KW - security vulnerabilities

KW - arbitrary code execution

KW - post-exploitation

U2 - 10.3390/informatics5040046

DO - 10.3390/informatics5040046

M3 - Article

VL - 5

IS - 4

M1 - 46

ER -