This is a follow up to https://medium.com/@bitthebyte/javascript-for-bug-bounty-hunters-part-2-f82164917e7 Chapter 7: Attacking Meteor.JS Chapter 7–1: Information gathering MeteorJS is not only a frontend library it also has its own backend engine to manage the communications. Running the following commands at Chrome’s Devtools will help us to extract some useful information about the server and the working environment

This is a follow up to https://medium.com/@bitthebyte/javascript-for-bug-bounty-hunters-part-1-dd08ed34b5a8 Chapter 4: Attacking React.js Chapter 4–3: Bundle Splitting Bundle splitting is pretty simple. If you have one giant file, it would take a long time to download rather than sending the whole file at once we will just send the part which the browser needs thus reducing the downloading time. …

Server Side Request Forgery “ Server Side Request Forgery (SSRF) is a type of attack that can be carried out to compromise a server. The exploitation of a SSRF vulnerability enables attackers to send requests made by the web application, often targeting internal systems behind a firewall.” — Detectify 1) DNS Rebinding This is my favorite type…

As of today, I’ll start a series of articles targeting javascript files and it’s importance from a bug hunter perspective I’ll discuss the available attack vectors and problems Chapter 1: The Technologies In modern days no one directly uses javascript instead they use a framework especially if you are a company and want to…