Finding Basic Authtoken in JAVASCRIPT file BY Full Automation

Hi, everyone

My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to Find the production and staging access token leaked by android application and takeover the whole infrastructures.

I am now offering 1:1 sessions to share my knowledge and expertise:

topmate.io/santosh_kumar_sha

TIP For looking for android bug :

Tools Requried:

1. gf (tomnomnom) — https://github.com/tomnomnom/gf
2. grep
3. wget
4. gau(Corben) — https://github.com/lc/gau
5. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls
6. subjs(Corben) — https://github.com/lc/subjs

Step 1: Collecting all the js file from wayback machine

Suppose the target domain is example.com here all the subdomain and wild card are in scope.

Scope of the target: *.example.com

gau -subs example.com | grep “.js$” >> jsfile.txt

subfinder -d example.com -silent | waybackurls | grep “.js$” >> jsfile.txt

subfinder -d example.com -silent | httpx -silent | subjs >> jsfile.txt