To evade static analysis, the document body can returned with each character rotated by some fixed amount in the response where JavaScript can decode it and append it to the DOM.
This helps defeat simple scanners which don't evaluate JavaScript.
title: rot13 encoded body
description: |
To evade static analysis, the document body can returned with each character rotated by
some fixed amount in the response where JavaScript can decode it and append it to the DOM.
This helps defeat simple scanners which don't evaluate JavaScript.
detection:
characterRotation:
html|contains: "String.fromCharCode(s.charCodeAt(i)-1)"
condition: characterRotation
tags:
- anti-analysis