As is usually the case with sketchy pirate sites, they're covered in ads and really hard to use. The site I found had a really annoying player, so I decided to open the browser inspector to try and find an MP4 or HLS URL to play directly. Immediately when I opened the inspector, the browser got paused by a JavaScript
debugger call. I didn't think much of it and clicked the continue button, but then I was punted to the site's homepage.
After going back and trying again a couple times, I realized that this was a measure to prevent me from using the inspector to do anything with the site. I had never seen debugger used in this way before, and it got me interested in the implementation.
As far as I can tell, the easiest way to use
debugger to prevent tampering is like this:
setInterval(function () {
const start = Date.now()
// Call it in eval so the browser's source viewer doesn't show the entire code fragment,
// therefore making it harder to track down the source of the `debugger` statement.
eval('debugger')
// If it took longer than 100ms to run this, the debugger was definitely opened
if (Date.now() - start > 100) {
window.location.assign('https://example.com/')
}
}, 100)
The above code will have no effect if the browser's inspector isn't open, but as soon as it is, it will pause everything and queue a redirect away from the page. Unless you want to go track down and modify the site's script in the source viewer, this can be pretty effective. In my case, I was too annoyed to bother with it and went to find another site instead.