-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add functionality to extract JS strings as links in a javascript blob #1121
Comments
@liquidsec what do you think about this? We would essentially be implementing js link extractor. |
This is my command: bbot -t react.dev -m httpx -c web_spider_distance=3 web_spider_depth=3 web_spider_links_per_page=500 omit_event_types=[] And bbot can't detect any of these JS as links For example this link not exists in output file: |
Added support for extracting URLs from |
@amiremami thanks for testing. Did bbot fail to extract these? It always finds full URLs regardless of whether they're embedded in js blobs, so it definitely should have gotten the atlassian one. |
bbot -t https://www.atlassian.com/software -m httpx -c web_spider_distance=2 web_spider_depth=2 web_spider_links_per_page=500 omit_event_types=[] I have it like this tens of times on the output file, but it's not as "url": "https://atl-global.atlassian.com/js/atl-global.min.js" |
I think you're forgetting a config option ;) (The reason this config option exists is because most everyone wants to search javascript files for secrets etc., but if it didn't contain anything interesting, they usually don't want to see it in the output.) |
Thanks 馃檹 I also used that config, but still same : ( |
For this one, I just upgraded bbot to v1.1.7.2998rc and this JS only exists as URL UNVERIFIED, but shouldn't it exist as URL too? https://react.dev/_next/static/chunks/webpack-a1ff329830897a9a.js My command: |
@amiremami that specific file is 4 levels deep. The reason it's not showing up is because the spider is set to a depth of 2 ( If you enable
|
Still couldn't get the atlassian neither in URL nor in URL_UNVERIFIED , if this problem is different than JS blob, please check, thanks a lot 馃檹 |
@amiremami keep in mind that
|
Couldn't get JS strings as links to able to grep
My command:
bbot -t trickest.com -m httpx -c web_spider_distance=2 web_spider_depth=3 web_spider_links_per_page=1000 omit_event_types=[] url_extension_httpx_only=[]
馃檹
The text was updated successfully, but these errors were encountered: