Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BSides Jaipur

Avatar for Sahil Dari Sahil Dari
October 06, 2023
Technology
0
17

BSides Jaipur

Avatar for Sahil Dari

Sahil Dari

October 06, 2023
Tweet

More Decks by Sahil Dari

See All by Sahil Dari
Open-Source_Security.pdf
Avatar for Sahil Dari sahildari
0
22

Other Decks in Technology

See All in Technology
SEQUENCE object comparison - db tech showcase 2025 LT2
Avatar for Noriyoshi Shinoda nori_shinoda
0
270
Delegating the chores of authenticating users to Keycloak
Avatar for Alexander Schwartz ahus1
0
170
ポストコロナ時代の SaaS におけるコスト削減の意義
Avatar for izzii izzii
1
190
[ JAWS-UG千葉支部 x 彩の国埼玉支部 ]ムダ遣い卒業!FinOpsで始めるAWSコスト最適化の第一歩
Avatar for sh_fk2 sh_fk2
2
150
ロールが細分化された組織でSREは何をするか?
Avatar for norimichi.osanai tgidgd
1
160
Contributing to Rails? Start with the Gems You Already Use
Avatar for Yasuo Honda yahonda
2
120
LLM時代の検索
Avatar for shibuiwilliam shibuiwilliam
2
620
モニタリング統一への道のり - 分散モニタリングツール統合のためのオブザーバビリティプロジェクト
Avatar for ニフティ株式会社 niftycorp
PRO
1
220
Delta airlines®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for ape1422 airtravelguide
0
350
ABEMAの本番環境負荷試験への挑戦
Avatar for Miyazaki Taiga mk2taiga
5
620
american airlines®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for cassowary3740 supportflight
1
120
Operating Operator
Avatar for Jun Kokatsu shhnjk
1
640

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
Building an army of robots
Avatar for Kyle Neath kneath
306
45k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
5.9k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
The Straight Up "How To Draw Better" Workshop
Avatar for Dennis Kardys denniskardys
235
140k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.3k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
86
4.7k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.7k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
20
1.3k
Navigating Team Friction
Avatar for Lara Hogan lara
187
15k

Transcript

  1. Client-Side JavaScript Analysis Sahil Dari Senior Associate Information Security eSecForte

    Technologies Pvt. Ltd.
  2. None

  3. topics we will cover… JavaScript Analysis WHAT? WHY? HOW?

  4. what is JavaScript analysis?  Add-on to your regular Web

    Application Assessment.  Static part of the DAST.  Widen your scope of Web Application Assessment.

  5. why perform JavaScript analysis?  Your scope of testing widens

    and the probability to find bugs increases.  You can find Hardcoded Sensitive Data, Hidden parameters, Hidden Functions, Hidden Endpoints, Encryption/Decryption keys, etc.

  6. how to get JavaScript files?  By Using gau, waybackurls

    or other command line tools.  Output all the URLs from gau/waybackurls in a file URLs.txt  Open URLs.txt in Sublime-text  Find all URLs with .js and copy these URLs.  Open the copied URLs in your browser running BurpSuite Proxy.
  7. None
  8. None
  9. None

  10. how to get JavaScript files? contd…  By using BurpSuite

    Professional  Always turn on your BurpSuite proxy while navigating to your Web Application.  Do your normal Manual Testing and after you are done, Navigate to Targets > The URL in scope > Right Click > Engagement Tools > Find Scripts > Export Scripts > Save to a file.  Save all the JavaScript of the application in scope to Scipts.js.
  11. None
  12. None

  13. how to perform JavaScript Analysis  Now we have all

    the JavaScript “code” curated in a single file (Scripts.js)  Open Scripts.js in Sublime-text.

  14. keywords for Hardcoded Secrets  secret  password  token

     key  private  pass  user  code

  15. keywords for Hidden Endpoints  api  v1  v2

     json  post  get  localhost  data  content

  16. keywords for Hidden/Interesting Functions  reset  password  forgot

     forget  admin  super  verify  encrypt/decrypt  encode/decode

  17. tools for JavaScript Analysis

  18. bugs I found via JavaScript Analysis  Account Take Over

     AES Encryption/Decryption Keys  AWS secrets  PII Information Leaks  Hidden Endpoints

  19. example (Account Take Over)

  20. example (Account Take Over) contd…

  21. motivation Bounty: JavaScript Analysis to XSS

  22. None