I'm using Google Chrome developer tools.
Let's say I'm performing a bug bounty activity. I found an obfuscated JS. I know user data goes into this JS and goes out encrypted. I found a few files called cryptoJS.js, aes-json-format.js, etc...
Now what I'm asking is how it would be possible to follow step by step all JavaScript calls in all functions triggered directly (or indirectly) by a click event.
As a result, for instance, I could say
- After clicking button A, I saw variables V1, V2, V3 instantiated with values X, Y Z
- Then a method in file cryptoJS.js was called with variables V1, V2, V3 and an output O1 was obtained
- Then a method in the obfuscated JS was called with the output O1
- etc....
I want to be able to modify any variable before it gets encrypted or obfuscated
How could I have such a granularity of debugging of JavaScript?
The problem is that when I put a breakpoint on XHR (any XHR breakpoint) I only get the XHR called after all JavaScript processing.