TL;DR
List of some cool JS snippets which I have created and found while doing research of client side encryption bypass using devtool only.
| Sr. No. | Snippet | Description | Example |
|---|---|---|---|
| 1. | consolesave.js | Used for saving console output in a file. | console.save("data"); |
| 2. | getCurrentURLHeaders.js | Used for fetching the Current URL Headers in console (table format) | - |
| 3. | developers_mindset.js | Just an example of how monitor() works | - |
| 4. | fuzzit.js | fuzzing encrypted parameter using devtools only | - |
| 5. | fuzz_with_websocket.js | fuzzing encrypted parameters using devtools only with ws:// integration | - |
| 6. | JSEncrypt_fuzz.js | snippet for making JSEncrypt automate | - |
-
Open the application in chrome browser.
-
Open inspect element and navigate to source tab -> snippet section.
-
Copy paste the javascript code and execute it.
-
call the snippets methods from console and done.
There is complete series of how to bypass client side encryption and fuzz the encrypted parameters using devtools.
- client-side-encryption-bypass-part-1
- client-side-encryption-bypass-part-2
- client-side-encryption-bypass-part-3
Follow me:
Twitter : @sameer_bhatt
Github : bhattsameer
LinkedIn: bhatt-sameer