A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Last update: Dec 29, 2022

Overview

Invisible Backdoor Detector

Invisible Backdoor Detector is a little Python script that allows you to spot and remove Bidi characters that could lead to an invisible backdoor. If you don't know what that is you should check the related paragraph.

Table of contents
What is an Invisible Backdoor
Installation and Usage
Examples
Contributions
Credits
License

What is an Invisbile Backdoor

An Invisible Backdoor is exactly what you think: a backdoor that you cannot see! It was described by Wolfgang Ettlinger at Certitude in this blog post. It leverages the presence of Unicode characters (Bidi characters) which behaves like normal spaces. In conjunction with the Javascript object destructuring those characters may allow an attacker to introduce a backdoor into an open-source project without anyone noticing it. Check out the blog post for more info.

Installation and Usage

python3 -m pip install -r requirements.txt
python3 invisible-backdoor-detector.py path 
   
     [--remove]

The path argument is mandatory while the --remove argument allows you to automatically remove the spotted Bidi characters

Example

The example folder provides a working example of an invisible backdoor in Node.js, you may test the script on that folder. If you want to try out the backdoor you can add the following parameter to the query string:

%E3%85%A4=

Contributions

Everyone is invited to contribute! If you are a user of the tool and have a suggestion for a new feature or a bug to report, please do so through the issue tracker.

Credits

Developed by Angelo Delicato @SecSI

License

invisible-backdoor-detector is released under the MIT LICENSE

A quick script to spot the usage of Unicode Bidi (bidirectional) characters that could lead to an Invisible Backdoor

Related tags

Overview

Invisible Backdoor Detector

Table of Contents

What is an Invisbile Backdoor

Installation and Usage

Example

Contributions

Credits

License

Owner

SecSI

Shell hunter for AF

Dependency Combobulator is an Open-Source, modular and extensible framework to detect and prevent dependency confusion leakage and potential attacks.

Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1

Fuck - Multi Brute Force 🚶‍♂

Workshop Material on VM-based Deobfuscation

Windows Virus who destroy some impotants files on C:\windows\system32\

Just another script for automatize boolean-based blind SQL injections.

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you.

AIL LeakFeeder: A Module for AIL Framework that automate the process to feed leaked files automatically to AIL

将hw时信息收集以及简单的漏洞操作步骤简单化

Industry ready custom API payload with an easy format for building Python APIs (Django/Django Rest Framework)

PKUAutoElective for 2021 spring semester

log4j burp scanner

Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints.

A Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries

Cryptick is a stock ticker for cryptocurrency tokens, and a physical NFT.

Discord-keylogger - Discord keylogger With Python

Scan your logs for CVE-2021-44228 related activity and report the attackers

A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.

Local File Inclusion Scanner and Exploiter