jswzl instantly analyses code to find the most relevant expressions in the code, and highlights them for you. Instantly get an overview of the code, and dig into most important parts.
1
api/users/1
2
3
/scripts/main.js
4
5
rest/v1/admin/info
6
String Expressions
Find paths, secrets, GraphQL queries, and other pertinent text content.
1
const httpOptions = {
2
method: 'POST',
3
headers: {
4
'api-key': 'secret'
5
}
6
}
Object Schemas
Find objects that match specific schemas, for things like HTTP options, route definitions, and other objects.
1
const resp = await fetch(
2
url,
3
httpOptions
4
);
5
6
Call Patterns
Find method calls to things like HTTP/Ajax requests and other relevant sinks.
02
· Integrates with your existing tools
integration_instructions
Fits in with your existing tools
Leverage your existing experience with tools you love.
01. Integrate with Burp Suite
Ingest data from your testing
A simple Burp Suite extension ensures that requests going through the Proxy is sent to jswzl for analysis.
jswzl will optimize the code to undo a lot of code patterns applied by packers, or otherwise makes analysis harder. It also prettifies the code to make it easier to read!
The optimized code is analyzed, extracting descriptors for the code. The static analysis engine finds things like HTTP requests, paths, secrets, routes, and other code relevant to understand the application, assisting your testing efforts.
Tools like Webpack often split code into chunks, and lazy loads them. jswzl will detect and pre-fetch chunks that are dynamically referenced.
loyalty
Unpack packed scripts
Packed scripts can be a pain to work with. But jswzl will unpack packed code into their own logical files, and let you view the original structure of the code.
addchart
Discover & apply source mappings
When a HTTP response contains JavaScript, the jswzl Burp Plugin will attempt to load the `.map` file, if the source map is not in the file directly. It will then apply the source mapping, making the code more readable.
search_off
Prettify code
Most JavaScript served these days is heavily minified, which is impossible to read. But all code analyzed by jswzl is prettified and consistent in formatting.
lock_clock
Optimize code
Transpilers and minifiers often create weird code that makes no sense. Sometimes developers do weird things, that can be greatly simplified. jswzl optimizes certain types of codes to make interpretation easier.
dynamic_form
Resolve code references
The analysis engine in jswzl utilizes static analysis to reference variables, in order to better be able to identify expressions of interest, which may not be easily found without the ability to dereference variables.
loyalty
Framework agnostic
jswzl doesn't care what frameworks the code uses. Thanks to JavaScript being dynamically typed, the analysis engine relies entirely on heuristics. This means it's not tied specific frameworks.
privacy_tip
Supports common frameworks
But we've ALSO enhanced the engine with the ability to understand code patterns from frameworks like Angular, React, Ext JS, and many other frameworks.
I’ve been using https://jswzl.io for the last month. If you reverse engineer JavaScript this is a must have tool. @CharlieEriksen has done an excellent job.
Did the beta testing, one of the best tool I have used so far. Great work @CharlieEriksen! Can't wait to see what more amazing stuffs you'll implement in the area of easy JS analysis via JSWZL.