For more penetration courses, you can click on my avatar to watch my video , You can also click on the link below

web The most complete practical course of penetration testing -- Penetration testing video tutorial - Information security -CSDN Programmer Institute

JavaScript Introduce

JavaScript（ abbreviation “JS”） It is a kind of lightweight with function priority , Interpreted or just in time compiled programming languages . That's the scripting language .

JavaScript and Java What's the difference ？JavaScript and Java It doesn't matter , Two different languages .

JavaScript effect

JavaScript Widely used Web application development , Used to add various dynamic functions to web pages , Provide users with more smooth and beautiful browsing effect .

Embed dynamic text in HTML page .

Respond to browser Events .

Reading and writing HTML Elements .

Validate data before it is submitted to the server .

Check the browser information of visitors .

control cookies, Including creation and modification .

View... In the web site JavaScript

browser --> development tool （F12）

take Js Turn into html Format , Look at the above. Js Very nonstandard , Click... In the lower left corner of the middle box {} You can standardize its format

JavaScript The code analysis

1、 Find more attack surfaces （URL、 domain name 、 Path, etc ）

Test station 、 Backstage path 、 Unpublished path 、api Address, etc.

2、 Discover sensitive information （ Hard coded account password 、API secret key 、 Annotations, etc. ）

Hard coded account can log in 、 The test account can be logged in 、 Key disclosure 、 Development information in comments, etc

3、 Find dangerous code （eval、dangerouslySetInnerHTML wait ）

XSS Loophole 、 Template Injection

4、 Understand the functions of the website

Analysis method

Search keywords ：

$.ajax(

$.get(

$.post(

method:"get

http.get(“

path:"

route:"

For the current page js Do a global search ：

firefox -->F12--> The debugger -->Ctrl+Shift+F

Webpack Pack the front end js

webpack It is currently the most popular front-end resource modular management and packaging tool .

There is .map file

• Use reverse-sourcemap Tools

•reverse-sourcemap -v app.3c8aa9676f686b3a7caf.js.map -o sourcecode

Analysis after restore , Test data found ：

Log in and access with test data , Successfully logged in

dynamic analysis

The debugger of the developer tools of each browser is assisted by the package capture tool at the same time

Found website packet encryption , Then look for the logic to submit the login , Go to the next breakpoint , Then step through the debugging

Trace encryption function ：

Search encryption function call method aesUtil.encryptAES()

Guess the packet decryption method aesUtil.decryptAES()

Encrypt and decrypt the data packet through the console , structure sql Injection of statements , Find a place SQLServer Of SQL Inject

Further, the data is directly output through encryption and decryption