Tips on safe debugging from a Proxify developer

Boost your team

Proxify developers are a powerful extension of your team, consistently delivering expert solutions. With a proven track record across 500+ industries, our specialists integrate seamlessly into your projects, helping you fast-track your roadmap and drive lasting success.

Find a developer

As a developer, it's often an easier option to simply copy-paste anything we see, mostly when we only have to work with an IDE – then it's not much of a problem. But if the issue needs us to copy-paste something on the terminal that’s when things, get risky and we must be more careful.

What should I be safe about anyways?

As programmers, we are more cautious than the average users on the web, but we still sometimes can be caught off guard.

While debugging, most programmers would probably search for the error that you have on Google and try to find appropriate solutions. Most of the time you will find some thread on StackOverflow with the solution, but sometimes you will land on some random sketchy website without even noticing it.

Below, I will explain how simply copying a coding solution from a sketchy site can infect and give the attacker full control of your device.

Boost your team

Proxify developers are a powerful extension of your team, consistently delivering expert solutions. With a proven track record across 500+ industries, our specialists integrate seamlessly into your projects, helping you fast-track your roadmap and drive lasting success.

Find a developer

How unsafe is the copy event?

The thing is that the browser lets the programmers listen to copy events and even change the content after the copying is done, so usually this feature is exploited to harm people.

Next time you copy something, check the source of the website for its credibility or paste it into the notepad first.

Here we have an example of carelessly copying and pasting directly to the terminal. This is some scary stuff.

The risks the browser creates

Now imagine instead of “nope actually not” I could have written a reverse shell command and would've had a backdoor on your PC and the freedom to access your PC remotely at any time I want.

The scary thing is you don’t even need to press enter, the attacker can just add “\n” a trailing newline and immediately when you paste it will enter automatically.

How could you recreate this?

Here is the JavaScript that makes this all happen. Please don't misuse it, I'm sharing it just for educational purposes. So basically the browser is letting us listen to the “copy” event so right when the user copies something we can change the clipboard data to anything we want, malware, inappropriate content, etc.

document.getElementById('test').addEventListener(
    'copy', function(e){
        e.clipboardData.setData('text/plain', 
            'malware'
        );
    e.preventDefault();
})

Conclusion

Take your time debugging, don’t copy-paste from random sites, and if you do paste it, do it first in a safe space instead ofyour terminal, for example. Every day we are getting more vulnerable to cyber attacks, that even our own browser might trick us sometimes. It’s always better to be safe than sorry.

__

Guest article by Ardit Xhaferi, an experienced web developer working in this industry since he was 14. Now several years later, he's skilled in PHP, Laravel, and Python, etc.

Ardit Xhaferi

Ardit Xhaferi

Fullstack Developer

4 years of experience

Expert in PHP

Ardit is a fullstack developer with a focus on the frontend. He has hands-on expertise in working with HTML/CSS and JS frameworks. He is also well-skilled in Graphic Design & Web Design.

Verified author

We work exclusively with top-tier professionals.
Our writers and reviewers are carefully vetted industry experts from the Proxify network who ensure every piece of content is precise, relevant, and rooted in deep expertise.

Find your next developer within days, not months

In a short 25-minute call, we would like to:

  • Understand your development needs
  • Explain our process to match you with qualified, vetted developers from our network
  • You are presented the right candidates 2 days in average after we talk

Not sure where to start? Let’s have a chat