Unravel: Rapid Web Application Reverse Engineering via Interaction Recording, Source Tracing, and Library Detection

Proceedings of the 28th Annual ACM Symposium on User Interface Software & Technology Pub Date : 2015-11-05 DOI:10.1145/2807442.2807468

Joshua Hibschman, Haoqi Zhang

{"title":"Unravel: Rapid Web Application Reverse Engineering via Interaction Recording, Source Tracing, and Library Detection","authors":"Joshua Hibschman, Haoqi Zhang","doi":"10.1145/2807442.2807468","DOIUrl":null,"url":null,"abstract":"Professional websites with complex UI features provide real world examples for developers to learn from. Yet despite the availability of source code, it is still difficult to understand how these features are implemented. Existing tools such as the Chrome Developer Tools and Firebug offer debugging and inspection, but reverse engineering is still a time consuming task. We thus present Unravel, an extension of the Chrome Developer Tools for quickly tracking and visualizing HTML changes, JavaScript method calls, and JavaScript libraries. Unravel injects an observation agent into websites to monitor DOM interactions in real-time without functional interference or external dependencies. To manage potentially large observations of events, the Unravel UI provides affordances to reduce, sort, and scope observations. Testing Unravel with 13 web developers on 5 large-scale websites, we found a 53% decrease in time to discovering the first key source behind a UI feature and a 32% decrease in time to understanding how to fully recreate a feature.","PeriodicalId":103668,"journal":{"name":"Proceedings of the 28th Annual ACM Symposium on User Interface Software & Technology","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"32","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 28th Annual ACM Symposium on User Interface Software & Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2807442.2807468","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 32

Abstract

Professional websites with complex UI features provide real world examples for developers to learn from. Yet despite the availability of source code, it is still difficult to understand how these features are implemented. Existing tools such as the Chrome Developer Tools and Firebug offer debugging and inspection, but reverse engineering is still a time consuming task. We thus present Unravel, an extension of the Chrome Developer Tools for quickly tracking and visualizing HTML changes, JavaScript method calls, and JavaScript libraries. Unravel injects an observation agent into websites to monitor DOM interactions in real-time without functional interference or external dependencies. To manage potentially large observations of events, the Unravel UI provides affordances to reduce, sort, and scope observations. Testing Unravel with 13 web developers on 5 large-scale websites, we found a 53% decrease in time to discovering the first key source behind a UI feature and a 32% decrease in time to understanding how to fully recreate a feature.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

解开:通过交互记录，源跟踪和库检测的快速Web应用程序逆向工程

具有复杂UI功能的专业网站为开发人员提供了可供学习的真实示例。然而，尽管源代码是可用的，要理解这些特性是如何实现的仍然很困难。现有的工具，如Chrome开发者工具和Firebug提供调试和检查，但逆向工程仍然是一项耗时的任务。因此，我们提出了解开，Chrome开发者工具的扩展，用于快速跟踪和可视化HTML更改，JavaScript方法调用和JavaScript库。unwind将一个观察代理注入到网站中，在没有功能干扰或外部依赖的情况下实时监控DOM交互。为了管理潜在的大型事件观察，解开UI提供了减少、排序和范围观察的功能。我们在5个大型网站上与13名web开发人员一起测试了《Unravel》，发现发现UI功能背后的第一个关键来源的时间减少了53%，理解如何完全重建功能的时间减少了32%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 28th Annual ACM Symposium on User Interface Software & Technology

自引率

0.00%

发文量