Finding Basic Authtoken in JAVASCRIPT file BY Full Automation

Hi, everyone

My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to Find the production and staging access token leaked by android application and takeover the whole infrastructure .

TIP For looking for android bug :

Tools Requried:

  1. gf (tomnomnom) —
  2. grep
  3. wget
  4. gau(Corben) —
  5. waybackurls(tomnomnom) —
  6. subjs(Corben) —

Step 1: Collecting all the js file from wayback machine

Suppose the target domain is here all the subdomain and wild card are in scope.

Scope of the target: *

gau -subs | grep “.js$” >> jsfile.txt

subfinder -d -silent | waybackurls | grep “.js$” >> jsfile.txt

subfinder -d -silent | httpx -silent | subjs >> jsfile.txt

Noted: Spider the host on burp and copy all the js file link from burp also so that you won’t miss any js file and paste it into jsfile.txt file

Now after extracting all js files from wayback machine and from burp, we will sort the js file url and aslo check if they resolve or not to remove dead link from the file.Just by running simple we can sort and remove dead link.

cat jsfile.txt | sort -u | anew | httpx -silent >> jsfile_totest.txt

Step 2: Now come the automation part.

Case 1# — — Automating using curl and grep command.

I don’t go for complex tool or script for automation. Just using simple tool like curl and grep we can automate it.

cat jsfile_totest.txt | xargs -I % -P 10 curl -sk “%” | grep -E -i -w -n ‘BASIC[\\-|_|A-Z0–9]*(\’|\”)?(:|=)(\’|\”)?[\\-|_|A-Z0–9]{10}’ — color

Case 2# — — Automation using wget and grep command.

So you might be thinking why i have used wget. So, by using wget i will download all the js file in local machine and if can perform your white box testing.

mkdir localpathjs; cd localpathjs

cat jsfile_totest.txt | xargs -I % -P 10 wget -r “%”

Now change the directory where you have download your js file. Suppose mine is localpathjs and open a terminal and the grep command that we have used

cd localpathjs

root@kali:~/localpathjs# grep -E -i -w -n -r -H ‘BASIC[\\-|_|A-Z0–9]*(\’|\”)?(:|=)(\’|\”)?[\\-|_|A-Z0–9]{10}’ — color


I’m sure that a lot of security researcher had already seen this process but this how I approach for find secret in js file , and i have reported many in HackerOne using this process, .I hope this will help to find more leaked credential in js file. I don’t think this the correct way but This my process for automation As looking each and js file more 1000 line of code is impossible.

I hope this will help my fellow bugbounty hunter . If it helps an single person its a win for me. That’s one of the reasons why I wanted to share my experience. also to highlight process of automation

Support me if you like my work! Buy me a coffee and Follow me on Twitter.

Thanks for reading :)
Stay Safe.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Santosh Kumar Sha (@killmongar1996)

Santosh Kumar Sha (@killmongar1996)


Like to hack and break security code and denfense |Security Researcher |pentester | Bugbounty hunter | Pentration tester | CTF player | BUGBOUNTY