Day 62/100 Hack and Improvement
Day 62 comes with some basic understanding about Javascript in web apps
From a noob for noobs on what to do with Javascript in web apps
Learning lately to read certain Javascript files in order to understand security flaws, I found myself asking many questions about the topic and basically why it is implemented in web applications. From a noob myself, this is aimed to noob audience who might be interested in the topic. All the information has been gathered from this article.
Simplified Explanation on Why Javascript is used
Javascript is used in the client-side and the server-side which allows you to make web pages interactive. Saying that, we can say that Javascript is helping to the users to have a better engaging, dynamic, and interactive experience.
Using Javascript at the time to hunt
We are going to be touching here certain things to do which allows a better gathering and understading of the target according its JS files.
1. Get JSfiles links from a target
This step can be totally automated by some bash scripting, there are plenty of tools out there which will help to gather the information need it.
The tools are:
Script gathered from this article
2. Finding endpoints in JS files
Alos, ther are several tools which can gather endpoints from JS files. In order to do this you can use linkfinder.
Script gathered from this article
One of the reasons why some hunters collect endpoints gathered from JS files is due to there might be endpoints that might not be available in a simple view.
3. Find secrets with SecretFinder
In some cases, different kind of API keys might be stored in JS files, that’s why secretfinder comes useful at this time.
Script gathered from this article
Leave a comment