The Art of Exploitation: JavaScript Hacks for Ethical Web Hackers

Welcome to “The Art of Exploitation: JavaScript Functions for Ethical Web Hackers.” In this article, we explore a collection of powerful JavaScript functions I’ve tailored to assist ethical web hackers in obtaining valuable insights and achieving improved results during penetration testing. While not intended as malicious hacks, these functions serve as essential tools that help ethical hackers navigate complex web architectures, uncover hidden data, and identify potential security flaws.

By harnessing these JavaScript functions, ethical hackers can gain a deeper understanding of target web applications, discover entry points, and extract critical information that may not be immediately visible. Whether it’s extracting URLs from JavaScript files, uncovering hidden input fields, or identifying email addresses, these functions empower ethical hackers to unearth valuable intelligence, playing a vital role in enhancing the security posture of web applications.

Javascript: Ultimate power

Auto-execute functions

To harness the full potential of JavaScript functions, we can leverage their power by embedding these commands into a bookmark.

You can use any javascript code in a bookmark, just make sure you add it to an auto-executing function as pictured below.

Auto-execute Javascript function

Creating a bookmark

1. Open your web browser and navigate to a webpage of your choice.
2. Right-click on the browser’s bookmark toolbar or menu and select the option to add a new bookmark. Alternatively, you can use the keyboard shortcut specific to your browser.
3. In the bookmark creation dialog, enter a name for the bookmark, in this example “Extract Emails” or any other descriptive title that resonates with you.
4. In the “URL” or “Location” field, copy and paste the JavaScript code snippet for the desired function. For example:

javascript:(function(){ #CODE here# })() })();

5. Save the bookmark by clicking the “Save” or “Add” button, depending on your browser.

Once the bookmark is added, you can visit any web page and simply click on the bookmark to execute the embedded JavaScript code. This allows you to perform various actions, extract information, or uncover potential vulnerabilities within the context of the visited webpage.

Hacker Javascript Functions

Here is a list of common js functions I use to help while penetration testing. Add these as bookmarks

Get all Javascript endpoints in javascript files

javascript:(function(){var scripts=document.getElementsByTagName("script"),regex=/(?<=(\"|\%27|\`))\/[a-zA-Z0-9_?&=\/\-\#\.]*(?=(\"|\'|\%60))/g;const%20results=new%20Set;for(var%20i=0;i<scripts.length;i++){var%20t=scripts[i].src;""!=t&&fetch(t).then(function(t){return%20t.text()}).then(function(t){var%20e=t.matchAll(regex);for(let%20r%20of%20e)results.add(r[0])}).catch(function(t){console.log("An%20error%20occurred:%20",t)})}var%20pageContent=document.documentElement.outerHTML,matches=pageContent.matchAll(regex);for(const%20match%20of%20matches)results.add(match[0]);function%20writeResults(){results.forEach(function(t){document.write(t+"<br>")})}setTimeout(writeResults,3e3);})();

Show all unhidden fields

javascript:(function(){const hiddenInputs = document.querySelectorAll('input[type="hidden"]'); hiddenInputs.forEach((input) => {   const propName = input.getAttribute('name'); input.style.display = 'block';   input.removeAttribute('type');   input.style.visibility = 'visible';   input.style.border = '2px solid red';    const table = document.createElement('table');   table.style.borderCollapse = 'collapse';   table.style.width = '100%';   const labelRow = table.insertRow();   const valueRow = table.insertRow();   const labelCell = labelRow.insertCell();   const valueCell = valueRow.insertCell();   labelCell.textContent = 'Name:';   valueCell.textContent = propName;   labelCell.style.border = 'none';   labelCell.style.padding = '5px';   labelCell.style.verticalAlign = 'middle';   valueCell.style.border = 'none';   valueCell.style.padding = '5px';   valueCell.style.verticalAlign = 'middle';   valueCell.style.borderLeft = '2px solid red';    const separator = document.createElement('hr');   separator.style.borderTop = '2px solid red';   separator.style.marginTop = '10px';   separator.style.marginBottom = '10px';    input.parentNode.insertBefore(separator, input);   input.parentNode.insertBefore(table, input); })})();

Enumerate cookies

javascript:(function enumerateCookies() {  var cookies = document.cookie.split("; ");  var cookieData = {};  for (var i = 0; i < cookies.length; i++) {    var cookie = cookies[i].split("=");    var name = cookie[0];    var value = cookie[1];    cookieData[name] = value;  }  return cookieData;})()

Extract Javascript functions

javascript:(function extractJavaScriptFunctions() {  var scripts = document.getElementsByTagName("script");  var functions = [];  for (var i = 0; i < scripts.length; i++) {    var scriptContent = scripts[i].innerHTML;    var functionMatches = scriptContent.match(/function\s+([^\s\(]+)/g);    if (functionMatches) {      for (var j = 0; j < functionMatches.length; j++) {        var functionName = functionMatches[j].replace("function ", "");        functions.push(functionName);      }    }  }  return functions;})()

Extract emails

javascript:(function(){var doc = document.body.innerHTML;var re = /([a-zA-Z0-9._+-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+)/gi;doc.match(re).forEach(function(email) {  console.log(email);});})()

Thank you for taking the time to read. Stay safe and secure, fellow hackers!