Modeling the HTML DOM and browser API in static analysis of JavaScript web applications, 2011 ESEC/FSE

🤷 JSFlow: Tracking Information Flow in JavaScript and its APIs, 2014 SAC

run JS in JS. track user data flow, decide if sent

Online Tracking: A 1-million-site Measurement and Analysis, 2016 CCS

⭐ Browser Feature Usage on the Modern Web, 2016 IMC

browser add feature but not remove. browser feature: n:1 map to web standard; found in Firefox WebIDL file. browser extension for instrumentation and enough 5-round user interaction. HTML&DOM API most prominent; Beacon for tracking; hardware access, storage. dataset: Web API usage in the Alexa 10k

🙅 JSgraph: Enabling Reconstruction of Web Attacks via Efficient Tracking of Live In-Browser JavaScript Executions, 2018 NDSS

instrument Blink&V8 via hook. record DOM change+navigation. reconstruct web attack, flowchart viz

⭐ VisibleV8: In-browser Monitoring of JavaScript in the Wild, 2019 IMC

VisibleV8, maintained, instrument V8. Tracking JS w/ JS can be spotted.

Hiding in Plain Site: Detecting JavaScript Obfuscation through Concealed Browser API Usage, 2020 IMC

Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript, 2013 ESEC/FSE

👎 UXJs: Tracking and Analyzing Web Usage Information With a Javascript Oriented Approach, 2020 IEEE Access

track user to analyze UX. poorly written.

Steven Hé (Sīchàng)

Literature around JS Monitoring

A Symbolic Execution Framework for JavaScript, 2010 S&P

An empirical study of privacy-violating information flows in JavaScript web applications, 2010 CCS