Am I chasing a rabbit? (JS in plain text)

Comments Off on Am I chasing a rabbit? (JS in plain text)

Hello,

I’m fairly new to pen testing ~ 6 months of working through junior pentester on THM and about 90% done. Have a basic understanding of networking yadda yadda.

I don’t expect to find anything, but ever since learning Burp Suite, I thought it would be important to see real world examples and to get out of the CTF style picture perfect set ups.

Long story short, Company X offers free range for bug bounties and the thing I was testing was in scope and I figured great practice for me with Burp Suite. So I trimmed down to 50 promising sub domains and begin kinda just going through and researching along the way what some of the HTLM meant and tinkering with altering the packets etc

Didn’t find anything for like 6 hours but my last session of tinkering I found something I hadn’t seen all day…

When I captured a request that worked with a widget, I got this pretty bulky JavaScript code in the packet in plaintext.

The programmers added a bunch of comments too it and it looks like a bunch of mumbo jumbo to me since I’m a novice programmer but I noticed that there were references to GitHub with usernames source code links and even tables of hashes.

Is this normal? Should I keep investigating this? Is it worth even mentioning to the company or will I get laughed at?

submitted by /u/CptCuddleCakes
[link] [comments]

Read More >>

Ukraine war live updates: Zelenskyy demands more sanctions as Ukraine reels from Russian bombardment; explosions heard near nuclear power plant – CNBC

Comments Off on Ukraine war live updates: Zelenskyy demands more sanctions as Ukraine reels from Russian bombardment; explosions heard near nuclear power plant – CNBC

Ukraine war live updates: Zelenskyy demands more sanctions as Ukraine reels from Russian bombardment; explosions heard near nuclear power plant  CNBCView Full Coverage on Google News

Read More >>