Tracing JavaScript Value Origins in Modern SPAs: Breakpoint-Driven Heap Search (BDHS)

I’ve been experimenting with a CDP-based technique for tracing the origin of JavaScript values inside modern, framework-heavy SPAs. The method, called Breakpoint-Driven Heap Search (BDHS), performs step-out-based debugger pauses, captures a heap snapshot at each pause, and searches each snapshot for a target value (object, string, primitive, nested structure, or similarity signature). It identifies the user-land function where the value first appears, avoiding framework and vendor noise via heuristics. Alongside BDHS, I also implemented a Live Object Search that inspects the live heap (not just snapshots), matches objects by regex or structure, and allows runtime patching of matched objects. This is useful for analyzing bot-detection logic, state machines, tainted values, or any internal object that never surfaces in the global scope. Potential use cases: SPA reverse engineering, DOM XSS investigations, taint analysis, anti-bot logic tracing, debugging minified/obfuscated flows, and correlating network payloads with memory structures. submitted by /u/filippo_cavallarin [link] [comments]Technical Information Security Content & DiscussionRead More