imagejs

Small tool to package javascript into a valid image file.
Currently supported are gif and bmp.

Building:

To build this tool, build-essential and cmake are required (this is for Debian and Ubuntu based systems, for any other system please refer to its documentation). After installing the dependencies, run the following commands:

$ git clone https://github.com/jklmnn/imagejs.git
$ cd imagejs
$ mkdir build
$ cd build
$ cmake ..
$ make

Usage:

Run imagejs option jsfile.js. The outcoming image file will be named like the input file + the image ending.. Options are currently bmp, gif, webp, pnm and pgf.

If you add -l as flag you your image is written to the file so that you can open it and view your code as a line of pixels.
This is currently only supported for bmp files.

Example:

$ ./imagejs bmp code.js -l
will return a file named code.js.bmp that is viewable.

Code can now be embedded into existing gif files by using the flag -i with a gif file as argument.
Example:
$ ./imagejs gif code.js -i giffile.gif

This is currently available for gif, bmp, webp, where webp is still beta.

Supported output files are: gif, bmp, webp, pnm, pgf

Background:

This tool allows you to create a picture file that is able to run javascript code. A file like this is able to extend XSS vulnerabilities. For example, if you are able to put a script tag on a website but cant run the script because it only runs scripts from this website, you can just upload e.g. a profile picture containing the code you want to run. The idea came from Ajin Abraham and I put it in C code and also added the ability to do the same thing also with bitmap files.