JS RECON
A complete guide to uncovering hidden secrets, API keys, and credentials inside JavaScript files
Press enter or click to view image in full size
Manual Inspection of JavaScript Files
The first step in identifying sensitive data is to manually inspect the JavaScript files loaded by a web page. Here’s how to do this:
- Open the Target Webpage press Ctrl+U to open the source page of website.
- Press Ctrl+F and search for .js to see all the js files present on the website
- Look at the JavaScript files Click on the URLs for some of the JavaScript files. You’ll notice that they contain a lot of data some of which is potentially sensitive.
- Now you can search keyword like api, token, password, jwt or secrets if these present in the js file you can report it to there program by showing further impact.
Press enter or click to view image in full size