All your frontend are belong to us - Crawling through Javascript using AST's

Presented at Disobey 2024, Feb. 17, 2024, 7 p.m. (60 minutes).

In this talk we'll be exploring a new Work-in-Progress project codenamed "Lurker", which aims to analyze the minified or unminified javascript of web applications, track calls to external API's, and enumerate the calls and their parameters for use in applications like FFUF and other API pentesting tools.

Presenters:

• Matias Huhta
  Matias is an enthusiastic Software Developer who loves working with developer tooling. He's an active member of Open Source communities focused on Web Components and has worked on projects like the Web Component DevTools and is currently building a Language Server for Custom Elements. Matias aims to ease the day to day development experience of developers around the world while also making the experience as enjoyable and fun as possible. Matias is a huge advocate of using the web platform and the features it provides natively.

Links:

• https://disobey.fi/2024/profile/disobey2024-142-all-your-frontend-are-belong-to-us-crawling-through-javascript-using-ast-s

Similar Presentations:

• REcon 2017 / Bubble Struggle - Call Graph Visualization with Radare2
• Black Hat USA 2013 / Javascript Static Security Analysis Made Easy with JSPrime
• AppSec USA 2014 / Warning Ahead: Security Storms are Brewing in Your JavaScript