[crazygringo]

> Once upon a time, whenever you tried to open your devtools on Supreme's website, you found yourself trapped in a pesky debugger loop.

Could somebody here explain what that means, since the article doesn't? What's a debugger loop? What is the actual JavaScript code that somehow prevents debugging, and how does it accomplish that?

[SyrupThinker]

Using a `debugger;` statement allows you to trigger a breakpoint with code.

This only gets activated when the devtools window is opened, so placing this statement in a frequently executed piece code will continuously interrupt whatever you are doing in the devtools when you use them.

I assume in the past the tooling might not have had the necessary configuration options to suppress that, but nowadays you can just disable debugger statement breakpoints to avoid it.

[8chanAnon]

The Javascript statement is simply "debugger". Very easy to abuse. Of course, there are other techniques for breaking devtools. There are JS libraries designed for the purpose of detecting that the dev console is open. The response may be to run the debugger command, freeze the code, reload the web page or, worse, do some serious hanky-panky (it's not hard to crash the web browser; an endless loop can do that).

[matheusmoreira]

> Problem is that the devtools are not available due to the repeated abuse of the debugger and console clear commands.

What methods do they use to detect debugging tools and how do we defeat them?

[IshKebab]

Timing analysis is probably going to be the most reliable and annoying. I've heard they also detect when the window size suddenly changes, but that sounds ridiculously fragile and easy to defeat.

Difficult to imagine any anti-debugging techniques that will work against something that just records an execution trace.

[russelg]

They don't need to detect the devtools being open, debugger is a no-op when the devtools aren't open so you can just run it in a loop forever.

[8chanAnon]

The debugger command abuse can be defeated (as already mentioned in this thread). A devtool detector is used in order to invoke stronger blocking methods such as forcibly reloading the web page until the console is closed.

[8chanAnon]

Search on GitHub. I don't know how to defeat them. I just don't use dev tools.