{"id":20716890,"url":"https://github.com/blacktop/docker-webkit","last_synced_at":"2025-04-23T13:30:53.810Z","repository":{"id":71729922,"uuid":"192021984","full_name":"blacktop/docker-webkit","owner":"blacktop","description":"Dockerized WebKit Dev/Research Environment","archived":false,"fork":false,"pushed_at":"2020-03-07T16:00:08.000Z","size":178,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-30T00:05:32.168Z","etag":null,"topics":["docker","gdb","javascript","jsc","minibrowser","pwndbg","vulnerability-research","webkit","webkitgtk"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blacktop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"patreon":"blacktop_"}},"created_at":"2019-06-15T01:06:32.000Z","updated_at":"2024-03-21T01:58:02.000Z","dependencies_parsed_at":null,"dependency_job_id":"e3d5ded8-bd82-46d7-8e2a-523127541557","html_url":"https://github.com/blacktop/docker-webkit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacktop%2Fdocker-webkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacktop%2Fdocker-webkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacktop%2Fdocker-webkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blacktop%2Fdocker-webkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blacktop","download_url":"https://codeload.github.com/blacktop/docker-webkit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250440086,"owners_count":21430949,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","gdb","javascript","jsc","minibrowser","pwndbg","vulnerability-research","webkit","webkitgtk"],"created_at":"2024-11-17T03:07:05.190Z","updated_at":"2025-04-23T13:30:53.794Z","avatar_url":"https://github.com/blacktop.png","language":"Python","funding_links":["https://patreon.com/blacktop_"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/blacktop/docker-webkit\"\u003e\u003cimg alt=\"Logo\" src=\"https://github.com/blacktop/docker-webkit/raw/master/docs/logo.png\" height=\"140\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/blacktop/docker-webkit\"\u003e\u003ch3 align=\"center\"\u003edocker-webkit\u003c/h3\u003e\u003c/a\u003e\n  \u003cp align=\"center\"\u003eDockerized WebKit Dev/Research Environment\u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://hub.docker.com/r/blacktop/webkit/\" alt=\"Docker Stars\"\u003e\n          \u003cimg src=\"https://img.shields.io/docker/stars/blacktop/webkit.svg\" /\u003e\u003c/a\u003e\n    \u003ca href=\"https://hub.docker.com/r/blacktop/webkit/\" alt=\"Docker Pulls\"\u003e\n          \u003cimg src=\"https://img.shields.io/docker/pulls/blacktop/webkit.svg\" /\u003e\u003c/a\u003e\n    \u003ca href=\"https://hub.docker.com/r/blacktop/webkit/\" alt=\"Docker Image\"\u003e\n          \u003cimg src=\"https://img.shields.io/badge/docker%20image-946MB-blue.svg\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## Dependencies\n\n- [ubuntu:bionic](https://hub.docker.com/_/ubuntu/)\n\n## Image Tags\n\n```bash\n$ docker images\n\nREPOSITORY           TAG               SIZE\nblacktop/webkit      latest            946MB\nblacktop/webkit      jsc               946MB\nblacktop/webkit      minibrowser       946MB\nblacktop/webkit      snapshot          946MB\nblacktop/webkit      CVE-2018-4262     946MB\n```\n\n## Getting Started\n\n```bash\n$ docker run --init -it --rm blacktop/webkit:snapshot\n\n\u003e\u003e\u003e print(\"HALP!\");\nHALP!\n```\n\n### Run a javascript file\n\n```bash\n$ cat test.js\nprint(1+1);\n```\n\n```bash\n$ docker run --init -it --rm -v `pwd`:/data blacktop/webkit:snapshot /data/test.js\n2\n```\n\n### Debugging\n\n```bash\n$ docker run --init -it --rm blacktop/webkit:snapshot gdb\n\npwndbg\u003e r\nStarting program: /webkit/WebKitBuild/Debug/bin/jsc\nwarning: Error disabling address space randomization: Operation not permitted\n[Thread debugging using libthread_db enabled]\nUsing host libthread_db library \"/lib/x86_64-linux-gnu/libthread_db.so.1\".\n[New Thread 0x7ff0edf52700 (LWP 18)]\n\u003e\u003e\u003e describe([1,2,3,4])\nObject: \"0x7ff0acec01b0\" with butterfly \"0x7fe806be4010\"\n(Structure 0x7ff0acefe370:\n      [Array, {}, CopyOnWriteArrayWithInt32, Proto:0x7ff0acec0010, Leaf]), StructureID: 64910\n\u003e\u003e\u003e ^C\n```\n\n\u003e **NOTE:** You might need to add `--cap-add=SYS_PTRACE` or `--security-opt seccomp:unconfined` to debug the kernel\n\n#### Telescope the `Object`\n\n```bash\npwndbg\u003e tele 0x7ff0acec01b0\n00:0000│   0x7ff0acec01b0 ◂— 0x10822150000fd8e\n01:0008│   0x7ff0acec01b8 —▸ 0x7fe806be4010 ◂— 0xffff000000000001 \u003c--------- 🦋\n02:0010│   0x7ff0acec01c0 ◂— 0xbadbeef0\n... ↓\n```\n\n#### Telescope the `butterfly` *(minus 8 to see the length)*\n\n```bash\npwndbg\u003e tele 0x7fe806be4010-8\n00:0000│   0x7fe806be4008 ◂— 0x400000004         \u003c--------- LENGTH\n01:0008│   0x7fe806be4010 ◂— 0xffff000000000001  \u003c--------- array values\n02:0010│   0x7fe806be4018 ◂— 0xffff000000000002\n03:0018│   0x7fe806be4020 ◂— 0xffff000000000003\n04:0020│   0x7fe806be4028 ◂— 0xffff000000000004\n05:0028│   0x7fe806be4030 ◂— 0xbadbeef0\n```\n\n### `CVE-2018-4262`\n\n```bash\n$ wget https://raw.githubusercontent.com/blacktop/docker-webkit/master/CVE-2018-4262/test.js\n$ docker run --init -it --rm -v `pwd`:/data blacktop/webkit:CVE-2018-4262 /data/test.js\n\nObject: \"0x7f5843db4340\" 👈 with butterfly 0x7f48000e4008\n      (Structure 0x7f5843df2ae0:[Array, {}, ArrayWithContiguous, Proto:0x7f5843dc80a0]),\n            StructureID: 99\nLeaked Address: 6.91776252510795e-310\n```\n\n#### Convert `double` to address\n\n```bash\n$ python -c 'import struct\nprint(hex(struct.unpack(\"Q\", struct.pack(\"d\", 6.91776252510795e-310))[0]))'\n\n0x7f5843db4340 👍😎👍\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblacktop%2Fdocker-webkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblacktop%2Fdocker-webkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblacktop%2Fdocker-webkit/lists"}