Day 62/100 Hack and Improvement

1 minute read

Day 62 comes with some basic understanding about Javascript in web apps

From a noob for noobs on what to do with Javascript in web apps

Learning lately to read certain Javascript files in order to understand security flaws, I found myself asking many questions about the topic and basically why it is implemented in web applications. From a noob myself, this is aimed to noob audience who might be interested in the topic. All the information has been gathered from this article.

Simplified Explanation on Why Javascript is used

Javascript is used in the client-side and the server-side which allows you to make web pages interactive. Saying that, we can say that Javascript is helping to the users to have a better engaging, dynamic, and interactive experience.

Using Javascript at the time to hunt

We are going to be touching here certain things to do which allows a better gathering and understading of the target according its JS files.

This step can be totally automated by some bash scripting, there are plenty of tools out there which will help to gather the information need it.

The tools are:

nmap scan

Script gathered from this article

2. Finding endpoints in JS files

Alos, ther are several tools which can gather endpoints from JS files. In order to do this you can use linkfinder.

nmap scan

Script gathered from this article

One of the reasons why some hunters collect endpoints gathered from JS files is due to there might be endpoints that might not be available in a simple view.

3. Find secrets with SecretFinder

In some cases, different kind of API keys might be stored in JS files, that’s why secretfinder comes useful at this time.

nmap scan

Script gathered from this article

Leave a comment