Hi all, assuming you guys are learning new things and improving yourself. As we all are packed in our homes, it’s better to share some ideas to community. Planning further on it, this blog will describe some techeniques to find hardcoded data in a website i.e:- API keys, tokens, login credentials etc. So, let’s start!!

Image for post

Before going deep into it, let’s understand what is hardcoding. Hardcoding is a process of embedding data directly into the source code of a progrma or other executable object, as opposed to obtaining the data from external sources or generating it at runtime. Hard-coded data typically can only be modified by editing the source code and recompiling the executable, although it can be changed in memory or on disk using a debugger or any hex editor. Data that are hard-coded usually represent unchanging pieces of information, such as physical contents, version numbers and static text elements.

Well, now I assume you have an idea about hardcoding. In bug bounty programs, once we look for hardcoded data, we read JS files along with Json files usually. Chrome and firefox Developer tools are the best way to do it manually. What we need to do is, simply go to **inspect element(CTRL+SHIFT+I) > network tab. **You will see a lot of .js files and json files as well. For json files, go to the **XHR **section. Read those files carefully. Doing it manually might take some times if there are a lot of js files, but it will be worth it if you’re looking for some cool data around there:). It looks something like this:-

#bugcrowd #infosec #appsec #cybersecurity #bug-bounty #big data

Mining the web: Redefining the art of hardcoded data finds
1.05 GEEK