js-hooker.js is a JavaScript module designed for reverse engineering and debugging. It provides a straightforward way to monitor and log external calls made within an application, helping you understand function usage and behavior.
Features
- 🚀 Real-Time Function Call Monitoring
- 🔍 Native and Code Call Differentiation
- ⚙️ Customizable Scope
- 📋 Readable Console Output
- 🌐 Flexible Environment Support
Important
The module only tracks existing (already declared) functions. New ones will be ignored. Connect it only after initialization.
-
Load the Module: Include the script in HTML file like this:
<script src=".../js-hooker.js"></script>
Or, inject it using:
- A custom browser extension
- Developer tools console
-
Automatic Hooking: By default, the script hooks into frequently used objects like:
windownavigatorlocalStoragesessionStoragedocumenthistory
-
Custom Hooking: To manually hook specific objects or exclude certain functions:
watchAllFunctions(customObject, ["methodToExclude"]);
-
Console Output: When a hooked function is called, you'll see this in the console:
[N] [CALL CAPTURED]: functionName(arg1, arg2, ...);[N]: Native function call[C]: Code call (custom function defined in the app)
[N] [CALL CAPTURED]: localStorage.getItem("key");
[C] [CALL CAPTURED]: customFunction("test", { "param": true });
Exclude-list: To avoid tracking specific functions, add their names to the exclusion list:
watchAllFunctions(window, ["alert"]);The watchAllFunctions method does not work for non-enumerable functions (e.g., eval). In such cases, you should manually apply the hook like this:
// Replace original 'eval'
eval = getHookedFunction(eval);This script is intentionally simple to modify. You can tweak its behavior, such as the logging format, which objects it tracks, or even extend its functionality to match your requirements.
This tool is for educational purposes, debugging, and lawful reverse engineering only. Ensure compliance with legal and ethical guidelines while using it.