Finding Basic Authtoken in JAVASCRIPT file BY Full Automation

Hi, everyone

My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to Find the production and staging access token leaked by android application and takeover the whole infrastructure .

TIP For looking for android bug :

Tools Requried:

  1. grep
  2. wget
  3. gau(Corben) — https://github.com/lc/gau
  4. waybackurls(tomnomnom) — https://github.com/tomnomnom/waybackurls
  5. subjs(Corben) — https://github.com/lc/subjs

Takeaway

I’m sure that a lot of security researcher had already seen this process but this how I approach for find secret in js file , and i have reported many in HackerOne using this process, .I hope this will help to find more leaked credential in js file. I don’t think this the correct way but This my process for automation As looking each and js file more 1000 line of code is impossible.

Like to hack and break security code and denfense |Security Researcher |pentester | Bugbounty hunter | Pentration tester | CTF player | BUGBOUNTY

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store