Many times I find myself removing ~98% LOC from JS assets due to them being bundled dependencies. Analyzing them from Chrome's debugger works but doesn't seem to be the best approach to me. What's your approach when hunting on JS-heavy apps?
Initially, I start by praying that the target has Webpack source map enabled. If that fails, know the type of JavaScript application you are targeting. This means I like to know what JavaScript framework a target is running and familiarise myself with the target‘s coding practices. This is where my motto “Learn to build it then break it” comes from. I set up a very bare-bones application locally using my JavaScript framework of choice and familiarise myself with the technology. While this won’t necessarily always result in more findings, it helps in getting past that initial first step of feeling lost when faced with a wall of code.
I also recommend searching for keywords that are more likely to be application-specific such as “auth”.
Another sneaky trick is to look for code comments that might indicate the code following the comment is written by the target.
Tools such as LinkFinder and gf can make this process easier.
Illustration of me praying for source maps
I am sure I am missing something but if we ever collaborate together I will make sure to show you my process.