Posts

How to use any browser to search the DOM (all associated scripts as well) for any keyword

Image
How to enumerate your web app (target) easily for certain keywords - Load target - any browser pretty much right click inspect Once opened goto Sources tab -> On the left make sure "Page" is selected (not content scripts) -> right click "top" (right under the page icon you picked) -> Type in API for instance and hit ENTER You should see output like you see in the picture below, the browser will search all relevant scripts and info in the source that matches and tell you where it matched those keywords. Hackertips today
Post a Comment
Read more

Use Archive.org to find hidden links, APIs, tokens, JWTs, all sorts of other interesting info on your target

Image
Using https://archive.org (and https://archive.is) are great ways to enumerate your target hackertips.today
Post a Comment
Read more

Leet Browser Store Viewer - Paste into inspect console / View lots of hard to notice data on your target

"Leet Browser Store Viewer" - next level elite I have been working on a script we can paste into Inspect / Console (on the target) which will bring up a menu on z-index: 9999 (so it wont affect or get in the way of the page) .. it will allow you to view the browser store, cookie store, doc properties and all sorts of other "hidden" info Once pasted in on the target you will see a menu like this: Collapse / Stealth Mode Log Document Log LocalStorage Log Cookies Log Navigator Log Window Log IndexedDB ( You can collapse it, or make it nearly impossible to see, but it is still there) All the output shows in console. You will love this. (I promise) Enjoy! Leet-Store-JS-code https://hackertips.today/cmd/leet-Store-Viewer.js Hackertips.Today
Post a Comment
Read more

Analyze Object - Attempt prototype pollution - console / inspect .js code

 // Usage examples: // analyzeObject(window.ga, { name: 'ga' }); // analyzeObject(appState, { name: 'appState', maxDepth: 3, tryPollute: true }); (function () { const SUSPICIOUS_NAME_RE = /(csrf|xsrf|token|auth|secret|session|jwt|apikey|api[-_]?key|bearer|cookie|hdr|header)/i; function analyzeObject(target, { name = '(anonymous)', maxDepth = 2, tryPollute = false, // off by default; if true, adds & removes a probe on the prototype showValues = false // keep false to avoid dumping sensitive values to the console } = {}) { if (target == null || (typeof target !== 'object' && typeof target !== 'function')) { console.warn(`[X] Target '${name}' is not an object/function or is null/undefined.`); return; } console.group(`[?] Analyzing '${name}'`); const ownProps = Object.getOwnPropertyNames(target); console.log(`[^] Own properties (${ownProps.length}):`, ownProps); // Classify const types = ownProps.reduce((ac...
Post a Comment
Location: Tucson, AZ, USA
Read more