渗透测试之Webpack打包Vue源码还原

  • A+
所属分类:WEB安全

1. 找到源码的map文件,然后下载

2. 使用npm 安装reverse-sourcemap

npm install --global reverse-sourcemap

3. 进行还原操作

╰─ reverse-sourcemap --help
reverse-sourcemap - Reverse engineering JavaScript and CSS sources from sourcemaps
Usage: reverse-sourcemap [options] <file|directory>

-h, --help Help and usage instructions
-V, --version Version number
-v, --verbose Verbose output, will print which file is currently being processed
-o, --output-dir String Output directory - default: .
-M, --match String Regular expression for matching and filtering files - default: \.map$
-r, --recursive Recursively search matching files

╰─ reverse-sourcemap --output-dir ./xxx  app.1c489f3ee0a84d6f8c46.js.map
reverse-sourcemap - Reverse engineering JavaScript and CSS sources from sourcemaps

 分析源码,找到利用的接口

渗透测试之Webpack打包Vue源码还原

 

 

参考:

https://www.npmjs.com/package/reverse-sourcemap

https://yukaii.tw/blog/2017/02/21/restore-source-code-from-sourcemap-file/

https://yukaii.tw/blog/2017/02/21/restore-source-code-from-sourcemap-file/

https://www.npmjs.com/package/restore-source-tree

https://www.npmjs.com/package/reverse-sourcemap

FROM https://www.cnblogs.com/hack404/p/12509359.html

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: