electron pentesting

What is Electron?

The Electron Framework is used to develop multi-platform desktop applications with nothing more than HTML, JavaScript and CSS. It was initially developed for GitHub’s Atom editor and since then it was used to create applications like Discord, Ghost, GitHub, Skype, Slack, Wire and a lot more.

What We Need Before Testing?

Before we start testing we need to intsall Node JS and some another tools.

+ Tools needed

- winrar

- npm install -g asar

- npm install -g source-map-unpack

+ Testing Step

1. extract app.exe with winrar

- Then we will get app folder source files.

- Go to folder that extracted you will see app.asar here : folder/resources/

2. Open terminal in app.asar path and follow this command:

- npm install -g asar

- asar extract app.asar destfolder

we will get full source code in folder you have extracted.

3. Deobfuscate

If all file.js got obfuscate we need to file file.js.map to unpack the code

To deobfuscate

Usage:

npm install -g source-map-unpack
unpack <project-folder> <path-to-sourcemap>

electron pentesting

Usage:

Posted by KIRA

Post a Comment

0 Comments

About Me

Comments

Search This Blog

Popular Posts

intercept android app request with frida + burpsuite

Menu Footer Widget

Contact form

electron pentesting

Usage:

Posted by KIRA

You may like these posts

Post a Comment

0 Comments

About Me

Comments

Search This Blog

Social Plugin

Popular Posts

intercept android app request with frida + burpsuite

Menu Footer Widget

Contact form