0

I've got Java web app and I want to obfuscate some JS code on server.

Now I've got site, where I can paste my JS code and obfuscate it manually e.g.

alert(1);

'Button press'

The site uses obfuscation from:

https://cdn.jsdelivr.net/npm/javascript-obfuscator/dist/index.browser.js

and this script obfuscates my code:

var obfuscationResult = JavaScriptObfuscator.obfuscate(
        jsCodeToObfuscate,
        {
            compact: true,
            controlFlowFlattening: true,
            controlFlowFlatteningThreshold: 1,
            deadCodeInjection: true,
            deadCodeInjectionThreshold: 1,
            debugProtection: true,
            debugProtectionInterval: true,
            disableConsoleOutput: true,
            identifierNamesGenerator: 'hexadecimal',
            log: false,
            renameGlobals: false,
            rotateStringArray: true,
            selfDefending: true,
            shuffleStringArray: true,
            splitStrings: true,
            splitStringsChunkLength: 5,
            stringArray: true,
            stringArrayEncoding: 'rc4',
            stringArrayThreshold: 1,
            transformObjectKeys: true,
            unicodeEscapeSequence: false
        });

and I've got my result.

I need to run obfuscation in backend. This method in Java should call javascript and return obfuscation result inside server.

I know, that using javascript in Java is possible, but I don't know how to use obfuscation function from the link in Java.

Is it possible to obfuscate my code on java server? Maybe there is any free api to make it and avoid to make it by myself?

Marcin Frąckiewicz
  • 69
  • 1
  • 2
  • 10
  • [Execute JS on Java server maybe?](https://stackoverflow.com/questions/1999503/how-can-i-run-javascript-code-at-server-side-java-code) – simplecreator Sep 27 '20 at 20:09
  • This question has nothing to do with Java; it is only about Javascript. Please remove the java tag. Using the java tag on this is as defensible as using a Human tag on this because the programmer is most likely human. – NomadMaker Sep 27 '20 at 21:17
  • @NomadMaker I want to run this JS in Java app. – Marcin Frąckiewicz Sep 27 '20 at 21:19
  • 1
    And yet the fact that the app you're running this in has nothing to do with your question. You could be running it in a python app for all it matters. Does it matter what language your browser was written in? Please remove the java tag, or edit your question to show how Java is important to obfuscating the javascript. – NomadMaker Sep 27 '20 at 21:22
  • @NomadMaker I want to write Java method, which will call JS from the server without any browser and without any user. I can obfuscate code on website using javascript, but I can't run this only in Java backend, what I need. – Marcin Frąckiewicz Sep 27 '20 at 21:27
  • 1
    Then, if this is important, then edit your question to include this. If it isn't important, then please, remove the java tag. Do not put important information in the comments. – NomadMaker Sep 27 '20 at 21:29
  • Does this answer your question? [Minify and obfuscate JavaScript code in Java](https://stackoverflow.com/questions/14003126/minify-and-obfuscate-javascript-code-in-java) – Thomas Sablik Sep 27 '20 at 21:38
  • @ThomasSablik unfortunately not, because there is only how to minify javascript and that's not secure enough for me. – Marcin Frąckiewicz Sep 27 '20 at 21:59
  • There are several options.. You can perform minify with obsfuscation during your build or use tools like wro4j to return minified js/css https://github.com/wro4j/wro4j. There's even a spring boot starter https://github.com/michael-simons/wro4j-spring-boot-starter if you are doing spring boot stuff – gtiwari333 Sep 27 '20 at 23:57
  • Also, what do you mean by `not secure enough for me`? You are publishing the .js file to the public but don't expect anyone to read? Note that even the obsfucated code can be analyzed to read it back. I think the goal should be to - not put anything that you don't want other to see in JS file, secure your backend to the fullest and still use minify to reduce the response size of payload – gtiwari333 Sep 28 '20 at 00:02
  • I just pushed a commit to my test project to show how you can use wro4j in a spring-boot web app https://github.com/gtiwari333/spring-boot-blog-app/commit/59cbd7fc7f69616ef9af7d34c740f2b8baa84608 – gtiwari333 Sep 28 '20 at 00:05
  • @gtiwari333 I know, that always someone could read it back, but I need to obfuscate it. Minyfing is not what I'm looking for, because it's not any secure. – Marcin Frąckiewicz Sep 28 '20 at 08:02
  • I noticed you already tried yuicompressor and still not satisfied with the outcome. How about adding `exec-maven-plugin` plugin that executes your `JavaScriptObfuscator` and use the output files from target into the jar/war? – gtiwari333 Sep 28 '20 at 14:00
  • Also can you clarify this: `I've got Java web app and I want to obfuscate some JS code on server.Now I've got site, where I can paste my JS code and obfuscate it manually` It sound like you want to receive a javascript text in a HTML form and do the obfuscation/minification in backend and return the response back to the browser to download.. I was thinking that you want to minify/obsfuscate .js files used by the your client? – gtiwari333 Sep 28 '20 at 14:05
  • @gtiwari333 exactly. I want to obfuscate js code in backend then return it to browser to download. – Marcin Frąckiewicz Sep 28 '20 at 20:44
  • Ok. Here are your options AFAICU, 1) run the js obsfuscator right in the client side so that you don't need to do the backend call to do the same thing. 2) execute the js in backend using JS engine such as Rhino, or with native nodejs process using Java's Process utility 3) use the pure Java minifiy/obfuscator utility such as YUI – gtiwari333 Sep 28 '20 at 21:37

0 Answers0