Unpacking js.map files

#ethicalhacking #hacking #cybersecurity #javascript

Why?

You want to review JavaScript for vulnerabilities outside of the browser.

When?

This can be done when .js.map files are available. The hint will be unofusicated code in the browser debugger, and //# sourceMappingURL= lines on the end of obfusicated .js files.

How?

unpack failed on some content for me and consumed the first character of filenames. source-map-unpacker worked well:

npm install source-map-unpacker
node ./node_modules/source-map-unpacker/unmap.js \
  -p code.js.map -o code

Art licensed under Creative Commons by gforsythe

Top comments (0)

Autenticação com JWT no Frontend e Backend: Implementando com Node.js e ReactJS (em TypeScript)

Lucas Pereira de Souza - Oct 27

TC39 JavaScript Updates, TypeScript 5.7 Beta, Node.js v20.18.0 and more

James - Oct 13

🦸 OSS Heroes: Pilcrow, a student who built Lucia - auth library with 9.5k stars on GitHub ⭐ 🇯🇵

Milica Maksimovic - Oct 30

Exploring JavaScript's Modern Primitives: BigInt and Symbol

Joan Peramás Ceras - Oct 14

DEV Community