Member-only story
How to Identify Sensitive Data in JavaScript Files (JSRecon)
Hello everyone! Today I will show you my technique for finding secret credentials in js files. This is my first article on Medium but I hope it will help you in bug hunting. Lets get started!
Published in
7 min readDec 24, 2024
Manual Inspection of JavaScript Files
The first step in identifying sensitive data is to manually inspect the JavaScript files loaded by a web page. Here’s how to do this:
- Open the Target Webpage press Ctrl+U to open the source page of website.
- Press Ctrl+F and search for .js to see all the js files present on the website
- Look at the JavaScript files Click on the URLs for some of the JavaScript files. You’ll notice that they contain a lot of data some of which is potentially sensitive.
- Now you can search keyword like api, token, password, jwt or secrets if these present in the js file you can report it to there program by showing further impact.
