This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files=more paths,parameters->more vulns)
ranlo
/ twitter_SearchTimeline_to_users.sh
Last active
November 16, 2023 15:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| jq -c ".log.entries[].response.content" $1 | grep "application/json" | grep search_by_raw_query| jq .text | sed "s/\\\n/|/g" | while read p; do printf %b "$p\n" >> bots_0_json; done; | |
| LC_ALL=C sed 's/^"//g' bots_0_json | LC_ALL=C sed 's/"$//g' > bots_0_json_noquote | |
| sed "s/\\\\\\\\\\\\//g" bots_0_json_noquote | LC_ALL=C jq -c ".data.search_by_raw_query.search_timeline.timeline.instructions[].entries[]" |grep -v promoted-tweet | jq .content.itemContent.tweet_results.result.core.user_results.result > bots_0_users | |
| jq .legacy bots_0_users | jq -c "[.name,.screen_name,.created_at,.location,.followers_count,.friends_count,.statuses_count,.media_count]" | sort | uniq > uniq_users |