1

I'm using Google Chrome developer tools.

Let's say I'm performing a bug bounty activity. I found an obfuscated JS. I know user data goes into this JS and goes out encrypted. I found a few files called cryptoJS.js, aes-json-format.js, etc...

Now what I'm asking is how it would be possible to follow step by step all JavaScript calls in all functions triggered directly (or indirectly) by a click event.

As a result, for instance, I could say

  • After clicking button A, I saw variables V1, V2, V3 instantiated with values X, Y Z
  • Then a method in file cryptoJS.js was called with variables V1, V2, V3 and an output O1 was obtained
  • Then a method in the obfuscated JS was called with the output O1
  • etc....

I want to be able to modify any variable before it gets encrypted or obfuscated

How could I have such a granularity of debugging of JavaScript?

The problem is that when I put a breakpoint on XHR (any XHR breakpoint) I only get the XHR called after all JavaScript processing.

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
michel32
  • 11
  • 2
  • Find the element in the Elements tab. On the right side, change the tab to Event Listeners. Find the "click". There will be a lot of listeners, so you'll need to find the right one. When you find it, click on the link to the file, pretty print the file, and then set a breakpoint in that function. – Fire Quacker Aug 26 '20 at 13:52

0 Answers0