We will be at OWASP APPSEC EUROPE 2017 - Belfast! Let’s talk!MORE INFO

Help Center

Get to know more about our API, Code Annotations and Code Transformations

Regex Obfuscation

Potency
1 / 3
Resilience
1 / 5
Cost
0 / 5

Tags: regex

Description

Regular expressions are used for matching text with a pattern. The
transformation obfuscates regular expression literals to make them harder to
understand by a human without changing their original pattern.

The regular expression becomes harder to read because each character and
special-character (e.g., character classes, character sets, quantifiers) is
replaced with a more verbose (but equivalent) representation.

Also the same regular expression will look different each time you obfuscate
it because the character replacements are randomly generated, making the
obfuscated output look polymorphic.

Example

Consider the following regular expression to match old IE user agents:

1
/sMSIEs[6-9]./.test(navigator.userAgent)

The transformation produces random results so the following example is a possible
output:

1
/[\u202f\u1680\t​\u00a0 ​\u180e\f\u205f\n​\u2028\v\u2029​\u3000\u2000-\u200a\r​]\u004dS\111E[\u3000\u2028\r\t\u2029​\u202f\u1680​\u180e\u2000-\u200a\v \f\n​ ​\u205f​][96-78]./.test(navigator.userAgent)

To obfuscate test and navigator.userAgent consider, for instance, combining
this transformation with Dot to Bracket Notation and Duplicate Literals Removal.

API Parameters

Example:

1
2
3
4
5
6
7
8
9
10
11
12
{
"keys": {
"accessKey": "XXXXXX",
"secretKey": "YYYYYY"
},
"applicationId": "ZZZZZZ",
"params": [
{
"name": "regexObfuscation"
}
]
}