Exploring Sensitive Data in JavaScript Files

Manual and Automated Techniques

JavaScript files, often overlooked, can serve as a significant source of sensitive data, such as API keys, credentials, and other secrets. For ethical hackers and bug bounty hunters, mastering the techniques to explore these files can drastically improve their ability to identify vulnerabilities. This article outlines both manual and automated approaches to uncover secrets hidden in JavaScript files.

Why JavaScript Files?

JavaScript files are commonly embedded in web applications to enable interactivity and functionality. However, they may also contain:

• API keys
• Configuration details
• Hardcoded credentials
• Sensitive endpoints

By learning how to analyze these files, you can identify potential security issues and better secure applications.

Manual Techniques for Exploring JavaScript Files

1. Endpoint Classification

Objective: Identify API endpoints or hidden routes within the JavaScript files.

• API Endpoints: Look for URLs interacting with external services.
• Hidden Routes: Find URLs that aren’t directly exposed in the application but are still accessible.

Tools: Use browser developer tools or command-line utilities like curl and grep to manually search the files.

2. Keyword Search

Search for common keywords related to secrets or credentials in JavaScript files. For example:

grep -E "(key|token|auth|password|secret)" *.js

This search can reveal sensitive information buried within the code.

3. Analyzing Comments

Objective: Look for developer comments that may inadvertently expose secrets.

Developers often leave comments for debugging or documentation purposes. Searching for specific patterns can help uncover:

• Deprecated API keys
• Hardcoded credentials

Use regular expressions (regex) or simple text search to find these comments.

4. Focus on Variable Names

Objective: Identify variable names likely to store sensitive data, such as:

• config
• secret
• authToken
• apiKey

These variables might store values like API keys, tokens, or other critical credentials.

Automated Techniques for JavaScript Analysis

1. Tools for Endpoint Discovery

Automated tools can simplify the process of finding sensitive data in JavaScript files.

• LinkFinder: Extracts endpoints and URLs from JavaScript files.
• JSParser: Parses JavaScript files for endpoints and parameters.

Example:

python linkfinder.py -i https://example.com/script.js -o cli

2. Unique URL Extraction

Use tools like waybackurls or gau to gather historical URLs associated with JavaScript files. This can help uncover endpoints that are no longer active but still accessible.

Example:

gau example.com | grep ".js"

3. Sensitive Data Discovery

Tools like SecretFinder can automatically scan JavaScript files for sensitive information such as API keys or tokens.

Example

python SecretFinder.py -i https://example.com/script.js -o cli

4. Custom Templates for Data Extraction

For more precise searching, combine tools like GF (Grep Patterns) and custom scripts. Create templates for keywords such as API_KEY or AUTH_SECRET to quickly locate sensitive data.

Efficient Bug Hunting Strategies

1. Subdomain Enumeration

Objective: Find subdomains that might host JavaScript files containing sensitive information.

Tools like SubFinder can help you identify subdomains linked to a main domain and uncover additional potential attack vectors.

Example:

subfinder -d example.com

2. Origin IP Discovery

Objective: Identify the origin IP addresses tied to the application. This can provide insights into private servers or staging environments.

3. Data Management

To streamline the process of analyzing results, categorize and save findings from tools like LinkFinder, gau, and SecretFinder. Organize and prioritize the results using basic shell scripting or automation.

Additional Techniques and Tools

1. Content Delivery Network (CDN) and External Scripts

Why it matters: Sometimes JavaScript files might be hosted on external services or CDNs. These external files might contain hardcoded secrets or endpoints that are not immediately visible on the main site.

Technique: Review external JS file sources in the HTML <script> tags or network requests in developer tools.

Tools: Use network monitoring tools like Burp Suite or browser developer tools to inspect external requests and responses. Look for API calls or external resources that may expose sensitive data.

2. Cross-Site Scripting (XSS) Vulnerabilities in JavaScript

Why it matters: Sometimes JavaScript files are used to dynamically inject content into web pages, potentially opening doors for XSS attacks if untrusted data is rendered without proper sanitization.

Technique: Look for instances where data is dynamically inserted into HTML using methods like innerHTML, document.write(), or eval(), especially when handling user input.

Tools: Automate XSS detection with tools like XSSer or XSStrike to identify potential vectors where malicious scripts can be injected.

3. Deobfuscating JavaScript Code

Why it matters: JavaScript code may be obfuscated to hide sensitive information or make the analysis more difficult.

Technique: Use online deobfuscators or tools like JSNice or Prettier to make obfuscated JavaScript code more readable and easier to analyze.

Tools: JSBeautifier can also be useful to format and deobfuscate minified or obfuscated code.

Practical Example

Let’s walk through a real-world workflow combining manual and automated techniques:

Scenario: Testing https://example.com for vulnerabilities

1. Gather JavaScript URLs:

gau example.com | grep ".js" > js-urls.txt

2. Extract endpoints:

python linkfinder.py -i js-urls.txt -o cli

3. Search for sensitive data:

python SecretFinder.py -i js-urls.txt -o cli

Analyze results: Review the output for critical vulnerabilities and sensitive information.

Conclusion

Exploring JavaScript files for sensitive data requires a balance of manual expertise and automated tools. By applying both techniques, ethical hackers and bug bounty hunters can uncover vulnerabilities that may otherwise remain hidden. Mastering JavaScript file analysis is an essential skill for anyone involved in securing web applications.