我正在为逆向工程师构建一款浏览器

I'm Building a Browser for Reverse Engineers|

我正在为逆向工程师构建一个浏览器|

Mon Oct 06 2025authored by veritas

Mon Oct 06 2025authored by veritas

In the expanding world of AI my heart still lies in AST transforms, browser fingerprinting, and anti-bot circumvention. In fact, that's the majority of this blog's content. But my workflow always felt... primitive. I was still manually sifting through page scripts, pasting suspicious snippets into an editor, and writing bespoke deobfuscators by hand. Tools like Webcrack and deobfuscate.io help, but the end-to-end loop still felt slow and manual. I wanted to build a tool that would be my web reverse-engineering Swiss Army knife

在 AI 不断扩张的世界里，我的心仍然属于 AST transforms、browser fingerprinting 和 anti-bot circumvention。事实上，这也是本博客的主要内容。但我的工作流程始终感觉……原始。我仍然手动筛选页面脚本，把可疑片段粘贴到编辑器里，并手写定制的 deobfuscator。Webcrack 和 deobfuscate.io 等工具有所帮助，但端到端的循环仍然缓慢且手动。我想打造一把属于我自己的 web 逆向瑞士军刀。

If you're just curious about what it looks like and don't care about how it works then here's a quick showcase:

如果你只是好奇它长什么样，而不关心实现细节，这里有一个快速演示：

Your browser does not support the video tag.

您的浏览器不支持 video 标签。

Humble Beginnings

卑微的起点

My first idea was simple: make a browser extension. For an MVP I wanted to hook an arbitrary function like Array.prototype.push as early as possible and log every call to it.

我的第一个想法很简单：做一个浏览器扩展。作为 MVP，我想尽早钩住一个任意函数，比如 Array.prototype.push，并记录每一次调用。

Hooking functions in JavaScript

在 JavaScript 中钩住函数

In JavaScript, it's trivial to hook into and override existing functions because you can reassign references at runtime. A common pattern is to stash the original function, replace it with a wrapper that does whatever instrumentation you want, and then call the original so the page keeps behaving normally:

在 JavaScript 中，钩住并覆盖现有函数轻而易举，因为你可以在运行时重新赋值引用。常见做法是先把原函数存起来，用一个包装函数替换它，在包装函数里做你想要的插桩，然后再调用原函数，让页面继续正常运行：

const _origPush = Array.prototype.push;
Array.prototype.push = function (...args) { console.log('Array.push called on', this, 'with', args); return _origPush.apply(this, args);
};

Here's what that looks li...