A simple tool to spot and remove Bidi characters that could lead to an invisible backdoor
Project description
Invisible Backdoor Detector
Invisible Backdoor Detector is a little Python script that allows you to spot and remove Bidi characters that could lead to an invisible backdoor. If you don't know what that is you should check the related paragraph.
Table of Contents
What is an Invisbile Backdoor
An Invisible Backdoor is exactly what you think: a backdoor that you cannot see! It was described by Wolfgang Ettlinger at Certitude in this blog post. It leverages the presence of Unicode characters (Bidi characters) which behaves like normal spaces. In conjunction with the Javascript object destructuring those characters may allow an attacker to introduce a backdoor into an open-source project without anyone noticing it. Check out the blog post for more info.
Install
You can easily install it by running:
pip install invisible-backdoor-detector
Usage
invisible-backdoor-detector -h
Usage: invisible-backdoor-detector [OPTIONS] PATH
╭─ Arguments ──────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ * path TEXT Path of the folder to check [default: None] [required] │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Options ────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ --remove -r Remove the Bidi characters found │
│ --help -h Show this message and exit. │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
Example
The example folder provides a working example of an invisible backdoor in Node.js, you may test the script on that folder. If you want to try out the backdoor you can add the following parameter to the query string:
%E3%85%A4=<any command>
Contributions
Everyone is invited to contribute! If you are a user of the tool and have a suggestion for a new feature or a bug to report, please do so through the issue tracker.
Credits
Developed by Angelo Delicato @SecSI
License
invisible-backdoor-detector is released under the MIT LICENSE
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for invisible_backdoor_detector-0.1.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2887d101f678587b91013f6d4f8ed92126b38fc91ad9a21ced92f295ad7f6556 |
|
| MD5 | a4d4a2b38da57331dace41203c99b94f |
|
| BLAKE2b-256 | 914203b696af6ab072aed4afe5a1e46972d91e36bc328a53dab0b3ec3b5650ee |
Hashes for invisible_backdoor_detector-0.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 22037fa7e229c3ac73ab91dc148eeef3d209bee994302041e770a9718d4e9c2c |
|
| MD5 | a3d2b9e225e45e28049d7b370960c3cd |
|
| BLAKE2b-256 | d7d45f20646032a999cd34dc6afc302147d836d05c056d2a82ab2565a8cb201e |
