[japaw]

> The part that confused me is when they claim to have obtained MethBot source code, but never mention how.

>

On page 19 in the The Methbot Operation report they state that ‘White Ops detection technology was able to use a JavaScript language feature called “reflection” to gather extensive, detailed information about its inner workings.’

I have personally never heard about JavaScript reflection before, but it appear to be a debug method for one object to dump information or data about another object.

Maybe the White Ops software loaded some JavaScript that was able to dump much of its environment and send it back to White Ops?

[untog]

I don't know more than anyone else about this particular situation, but I can imagine how JS reflection works. Something like:

    let test = function() { return "hello";}
    test.toString()

returns

    "function() { return "hello";}" 

It's not too difficult to imagine that pairing that with some JS parsing would allow you to slowly crawl your way around an app and gather the app structure. Crazy, and fascinating idea.

[geocar]

If WhiteOps did that, they didn't need to. A nodejs vm escape was sufficient to get process.mainModule.require and from there, it's game over.