A tool that can inject any js into the V8 VM
Explore the docs »
Report Bug
·
Request Feature
Table of Contents
This project began with an initial idea: injecting scripts into Electron applications. There are traditionally two main approaches for accomplishing this.
- Modifying resource files, such as .js or .asar files. However, this approach is highly invasive and cannot pass integrity checks in some software.
- Opening a debugging port (
--inspector--inspect-brk) and injecting scripts using a debugger. However, some software may inspect this parameter or outright block it.
This project takes a different approach by hooking into the compilation functions of the V8 engine, directly modifying the source code passed to the V8 compiler. This allows scripts to be injected into the V8 engine without altering any local files or opening any debugging ports. Through testing, it has been confirmed that this method can be used with any software/framework built on the V8 engine, including but not limited to Node.js, Electron, and Deno.
Currently, this project has been tested exclusively on Linux and Windows. In theory, with minor modifications, it should be possible to run it on macOS. However, this is not currently part of our development roadmap.
This project is divided into two parts: core and launcher. The core constitutes the central component and represents the actual injected payload. The launcher is responsible for loading the payload, which is the core, into the target program.
On Linux, loading the payload can be accomplished simply using LD_PRELOAD. However, on Windows, this might require additional work, and this is where the purpose of the launcher comes into play.
So far, we support the following targets:
| Target | Supported | Note |
|---|---|---|
| Node.js | Yes | |
| Electron | Yes | |
| CEF | Untested | |
| Deno | No | Deno remove exports from V8. In future versions, we will introduce pattern matching to address this issue. |
Pattern matching is on the way. #12
This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.
This is an example of how to list things you need to use the software and how to install them.
- rust
Please follow Rust's official installation instructions: https://www.rust-lang.org/tools/install
- Clone the repo
git clone https://github.com/ShellWen/v8_killer.git
- Run
to get a debug build, or
cargo build
to get a release build.cargo build --release
In short, you need pass environment variable V8_KILLER_CONFIG_FILE_PATH to the launcher, and the launcher will load the config file and inject the payload into the target program.
Here we use Node.js as an example.
V8_KILLER_CONFIG_FILE_PATH=path_to_config.toml v8_killer_launcher /usr/bin/node path_to_target.jsExample config files can be found in the examples/configs/ directory.
Currently, v8 killer only supports toml format config files.
For more examples, please refer to the Wiki
WIP
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the MIT License. See LICENSE for more information.
ShellWen - @realShellWen - me@shellwen.com
Project Link: https://github.com/ShellWen/v8_killer