Analyzing javascript files(Part -2)

Before reading the second part, go and read part 1 https://medium.com/@indhumathi19973/analyzing-javascript-files-part-1-9b07eb8cfb8e

Attack Strategy:

Using waybackurls

Install waybackurls, using this tool we can also grep for any JS files that might not be linked anymore but still online.

go get github.com/tomnomnom/waybackurls

waybackurls google.com | grep "\.js" | uniq | sort

Defense mechanisms

Developers use a range of defense mechanisms to hold us off but that’s okay. We can get around those by being dilligent and making sure that we take our time.

1. JS Obfuscation

• This is where developers will make it intenionally hard to read the code for humans but machines don’t have any problem reading this code. This is harder to decipher but with some dilligence it can be done.
• https://stackoverflow.com/questions/194397/how-can-i-obfuscate-protectjavascript
• https://www.dcode.fr/javascript-unobfuscator (doesn’t seem to work well)

2. JS Chunking

• This is where the developers chops up the JS into little pieces that all reference eachother. Very annoying to get arround and it’s just hard work puzzling together the code.

If we are trying to defeat these mechanisms it might help to set up a replica of you targets environment and to run the code statically

Analysing JS files

So now that we have a ton of JS files, we can analyse them manually or we can run some tools on them. The cool thing is that these tools don’t always need to have the JS files downloaded. It is possible for tools like linkfinder to crawl a domain for JS files. We basically have a few tools in our toolbelt but today i want to focus on linkfinder and secretfinder.

1. Linkfinder

GitHub — GerbenJavado/LinkFinder: A python script that finds endpoints in JavaScript files

Installing linkfinder is super simple

git clone https://github.com/GerbenJavado/LinkFinder.git cd LinkFinder