Using API Gateway
JS Recon uses AWS API gateway to change the IP address of the client as an additional feature to avoid rate limiting. This feature requires the tokens to be properly configured. To know how to configure the credentials for API Gateway, please refer to the Installation page.
Note that the configuration that will be generated by using the api-gateway module will be used by the lazyload module to make HTTP requests. The sole purpose of the api-gateway module of to generate configuration and manage the API gateways created.
Generating config file
To send HTTP requests through the AWS API Gateway, the API gateway configuration file must be created. Before running the given command, make sure that you have the environment variables set or have the keys with proper configurations to pass to the tool.
To create a new configuration file, run the following command:
js-recon api-gateway -i -r <region>
Or, if the API keys are not set in the environment variables,
js-recon api-gateway -i -r <region> -a <access-key> -s <secret-key>
This will create a config file called .api_gateway_config.json in the current working directory. Now, this configuration can be used to rotate IP addresses.
You can list the API gateways created by running the following command:
js-recon api-gateway -l
You can run this command as many times as you like. It is recommended to have just one API gateway in a particular region, and to use as many regions as possible.
Creating multiple API gateways in the same region will not be beneficial, because when requesting an API gateway, it uses a random IP address from the AWS IP pool in the specified region.
Create API gateways in multiple regions, through the -r flag, to send the traffic through different parts of the globe
If you get an error stating The security token included in the request is invalid., then make sure that you are using the correct region. If the -r flag is not provided, the tool will select a random region, which is likely to cause an error
The config file, that is .api_gateway_config.json, has the access and secret key hardcoded in it. Make sure to keep it safe - just like your passwords
Deleting the config file doesn't mean deleting the API gateways. If it is deleted, the API gateways and the resources created by it will stay as it is until manually deleted.
Running the lazyload and run module
The configuration file generated in the previous step can be only used by the lazyload module, as this is the only module in the tool, which directly interacts with the target by making HTTP requests to download the JS files (yes, all the other processes are done locally, except those requiring external API like the AI features)
To use the configuration generated, you can pass the --api-gateway flag. For example:
js-recon lazyload -u <url/file> --api-gateway-config
When doing so, the tool will make all the HTTP requests to the target through the API gateway.
This can also be done with the run module, which automates the execution of all the other modules. However, you have to make sure you have generated a config file by following the steps above:
js-recon run -u <url> --api-gateway
Cleaning up
To destroy the API gateways, you can refer to the following pages: