Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BSides Jaipur

Sahil Dari
October 06, 2023
Technology
0
12

BSides Jaipur

Sahil Dari

October 06, 2023
Tweet

More Decks by Sahil Dari

See All by Sahil Dari
Open-Source_Security.pdf
sahildari
0
6

Other Decks in Technology

See All in Technology
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
32k
.NET 9 のパフォーマンス改善
nenonaninu
0
1.3k
pg_bigmをRustで実装する(第50回PostgreSQLアンカンファレンス@オンライン 発表資料)
shinyakato_
0
110
2024年にチャレンジしたことを振り返るぞ
mitchan
0
150
Amazon Kendra GenAI Index 登場でどう変わる? 評価から学ぶ最適なRAG構成
naoki_0531
0
130
プロダクト開発を加速させるためのQA文化の築き方 / How to build QA culture to accelerate product development
mii3king
1
290
PHP ユーザのための OpenTelemetry 入門 / phpcon2024-opentelemetry
shin1x1
3
1.5k
[トレノケ雲の会 mod.13] 3回目のre:Inventで気づいたこと -CloudOperationsを添えて-
shintaro_fukatsu
0
110
新機能VPCリソースエンドポイント機能検証から得られた考察
duelist2020jp
0
230
KnowledgeBaseDocuments APIでベクトルインデックス管理を自動化する
iidaxs
1
280
スタートアップで取り組んでいるAzureとMicrosoft 365のセキュリティ対策/How to Improve Azure and Microsoft 365 Security at Startup
yuj1osm
0
240
20241218_今年はSLI/SLOの導入を頑張ってました!
zepprix
0
100

Featured

See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
The Cost Of JavaScript in 2023
addyosmani
46
7k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
4 Signs Your Business is Dying
shpigford
182
21k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Six Lessons from altMBA
skipperchong
27
3.5k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
49k
Rails Girls Zürich Keynote
gr2m
94
13k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
17
2.3k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
3
170
Learning to Love Humans: Emotional Interface Design
aarron
274
40k

Transcript

  1. Client-Side JavaScript Analysis Sahil Dari Senior Associate Information Security eSecForte

    Technologies Pvt. Ltd.
  2. None

  3. topics we will cover… JavaScript Analysis WHAT? WHY? HOW?

  4. what is JavaScript analysis?  Add-on to your regular Web

    Application Assessment.  Static part of the DAST.  Widen your scope of Web Application Assessment.

  5. why perform JavaScript analysis?  Your scope of testing widens

    and the probability to find bugs increases.  You can find Hardcoded Sensitive Data, Hidden parameters, Hidden Functions, Hidden Endpoints, Encryption/Decryption keys, etc.

  6. how to get JavaScript files?  By Using gau, waybackurls

    or other command line tools.  Output all the URLs from gau/waybackurls in a file URLs.txt  Open URLs.txt in Sublime-text  Find all URLs with .js and copy these URLs.  Open the copied URLs in your browser running BurpSuite Proxy.
  7. None
  8. None
  9. None

  10. how to get JavaScript files? contd…  By using BurpSuite

    Professional  Always turn on your BurpSuite proxy while navigating to your Web Application.  Do your normal Manual Testing and after you are done, Navigate to Targets > The URL in scope > Right Click > Engagement Tools > Find Scripts > Export Scripts > Save to a file.  Save all the JavaScript of the application in scope to Scipts.js.
  11. None
  12. None

  13. how to perform JavaScript Analysis  Now we have all

    the JavaScript “code” curated in a single file (Scripts.js)  Open Scripts.js in Sublime-text.

  14. keywords for Hardcoded Secrets  secret  password  token

     key  private  pass  user  code

  15. keywords for Hidden Endpoints  api  v1  v2

     json  post  get  localhost  data  content

  16. keywords for Hidden/Interesting Functions  reset  password  forgot

     forget  admin  super  verify  encrypt/decrypt  encode/decode

  17. tools for JavaScript Analysis

  18. bugs I found via JavaScript Analysis  Account Take Over

     AES Encryption/Decryption Keys  AWS secrets  PII Information Leaks  Hidden Endpoints

  19. example (Account Take Over)

  20. example (Account Take Over) contd…

  21. motivation Bounty: JavaScript Analysis to XSS

  22. None