0

I have a web application running in my browser. It is third party obfuscated javascript. It connects to the server with SSL and it fetches data and then displays it in the browser. I want to get programmatic access to the data, but I cannot figure out how it gets it from the server.

I tried to open Chrome Canary Dev Tools, but it does not show any network access (other than loading some html, js code and images). I ran wireshark and it shows lots of network access (all encrypted, so it is useless). What gives? This javascript app seems to be able to fetch data in a sneaky way, so that Chrome Dev Tools doesn't show it.

Any advice how I can reverse engineer this?

EDIT: I think that the data is fetched by redirecting to a download link, or perhaps with window.navigator.msSaveBlob. Anyway, I found it using postman.

John Henckel
  • 10,274
  • 3
  • 79
  • 79
  • 1
    Doubt it is sneaky, probably websocket which you included as a tag.... – epascarello Mar 13 '18 at 17:25
  • https://stackoverflow.com/questions/5751495/debugging-websocket-in-google-chrome – epascarello Mar 13 '18 at 17:36
  • I think it is not using websocket, because if it were, then the handshake will show up in Canary. I don't see any handshake in Canary. – John Henckel Mar 13 '18 at 17:50
  • If it is not websockets then there are two possibilities. Either the data is included in the first page download. This can be done by encoding the data in a javascript element in the main html page. Or the page is making subsequent http requests. You just have to look in the network tab. – bhspencer Mar 13 '18 at 17:55
  • What web application is this? –  Mar 13 '18 at 17:57
  • @Thebluefish hmm, i'd rather not say :) – John Henckel Mar 13 '18 at 17:58

1 Answers1

0

I was able to capture the API call using POSTMAN (native Win 6.0.9). I enabled a Proxy on port 5555, and then click the button to trigger the action in the web app.

Because the web is using SSL, I get an error "Your connection is not private". However, I can click Advanced / Continue and call the API anyway, which gets captured by POSTMAN.

Advice: In postman, capture to a new folder (called Proxy data). Try it first using a non-SSL site, such as this one.

John Henckel
  • 10,274
  • 3
  • 79
  • 79