1

I'm using Google Chrome developer tools.

Let's say I'm performing a bug bounty activity. I found an obfuscated JS. I know user data goes into this JS and goes out encrypted. I found a few files called cryptoJS.js, aes-json-format.js, etc...

Now what I'm asking is how it would be possible to follow step by step all JavaScript calls in all functions triggered directly (or indirectly) by a click event.

As a result, for instance, I could say

  • After clicking button A, I saw variables V1, V2, V3 instantiated with values X, Y Z
  • Then a method in file cryptoJS.js was called with variables V1, V2, V3 and an output O1 was obtained
  • Then a method in the obfuscated JS was called with the output O1
  • etc....

I want to be able to modify any variable before it gets encrypted or obfuscated

How could I have such a granularity of debugging of JavaScript?

The problem is that when I put a breakpoint on XHR (any XHR breakpoint) I only get the XHR called after all JavaScript processing.

Improve this question
1
  • Find the element in the Elements tab. On the right side, change the tab to Event Listeners. Find the "click". There will be a lot of listeners, so you'll need to find the right one. When you find it, click on the link to the file, pretty print the file, and then set a breakpoint in that function. Commented Aug 26, 2020 at 13:52

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.