-
Notifications
You must be signed in to change notification settings - Fork 19
Home
minamo7sen edited this page Oct 29, 2021
·
4 revisions
Welcome to the burp-JS-Miner wiki! (This is still a WIP.)
- A zero-configuration scanner that tries to find interesting stuff in static files.
- The extension reports various issues that might be interesting, which should be followed by manual analysis.
- It is also possible to dump static files from a target site (e.g.: from the sitemap) locally for further analysis.
| Scanner Name | Target Files | Scan Type | Note |
|---|---|---|---|
| Secrets | JS, JSON | Passive | Uses a generic complex regex (which can yield false positives). Adding regexes for known keys format might be included in a future release. |
| Dependency Confusion (1) | JS, JSON | Passive but connects to NPM website to verify potential issues | Runs a regex to identify potentially disclosed NPM packages |
| Dependency Confusion (2) | JS,JSON, CSS | Passive but connects to NPM website to verify potential issues | Tries to find disclosures such as "/node_modules/<pkg_name>" |
| SubDomains | JS, JSON | Passive | |
| Cloud URLs | JS, JSON | Passive | |
| Inline B64 JS Source Mapper | JS | Passive | |
| Active JS Source Mapper | JS | Active | |
| Static Files Dumper | JS, JSON, CSS, MAP | Passive |
- Secrets
- Dependency Confusion
- SubDomains
- Cloud URLs
- Inline B64 JS Source Mapper
Note: Starting from JS Miner v1.13, it is possible to disable these scans. They can still be launched on-demand (from the context menu).
- This extensions does not do JS/JSON files crawling, so it is recommended to either navigate the target website or to run Burp Suite's crawler in order to fetch all static files from your target website. (The extension can then grab a copy of those static files from the site map history or scan them automatically - with the default Burp's passive scan)
- The source map files are more common to be found in web applications that their front-end was built using JS frameworks (such as React, Next.JS, Vue.JS). As some of them generates the ".map" files by default, and some developers do not pay so much attention to that.
- For the source mapper (active scan), watch the
logger/logger++tab to verify / troubleshoot the results. To manually verify that source maps are there, check out this Mozilla reference link. Note that some web applications do require cookies (in the HTTP request) to get the.mapfiles, if this is the case, then enable extensions to issue HTTP requests using cookies. This can be done fromProject optionstab ->Sessionstab -> From theSession Handling Rules, make sureUse cookies from Burp's cookie jaris selected, then clickEdit. A new window shall pop-up, go to theScopetab, then selectExtender. (It is disabled by default)