渗透测试之Webpack打包Vue源码还原

 

1. 找到源码的map文件,然后下载

2. 使用npm 安装reverse-sourcemap

npm install --global reverse-sourcemap

3. 进行还原操作

╰─ reverse-sourcemap --help
reverse-sourcemap - Reverse engineering JavaScript and CSS sources from sourcemaps
Usage: reverse-sourcemap [options] <file|directory>

-h, --help Help and usage instructions
-V, --version Version number
-v, --verbose Verbose output, will print which file is currently being processed
-o, --output-dir String Output directory - default: .
-M, --match String Regular expression for matching and filtering files - default: \.map$
-r, --recursive Recursively search matching files

╰─ reverse-sourcemap --output-dir ./xxx  app.1c489f3ee0a84d6f8c46.js.map
reverse-sourcemap - Reverse engineering JavaScript and CSS sources from sourcemaps

 分析源码,找到利用的接口

 

 

参考:

https://www.npmjs.com/package/reverse-sourcemap

https://yukaii.tw/blog/2017/02/21/restore-source-code-from-sourcemap-file/

https://yukaii.tw/blog/2017/02/21/restore-source-code-from-sourcemap-file/

https://www.npmjs.com/package/restore-source-tree

https://www.npmjs.com/package/reverse-sourcemap

posted @ 2020-03-17 11:08  APT-101  阅读(7825)  评论(0编辑  收藏  举报