Speaking of, are there tools to audit/explore firebase/firestore databases i.e. ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gregsadetsky on Aug 28, 2023 \| parent \| context \| favorite \| on: When your classmates threaten you with felony char... Speaking of, are there tools to audit/explore firebase/firestore databases i.e. see if collections/documents are readable? I imagine a web tool that could take the app id and other api values (that are publicly embedded in frontend apps), optionally support a session id (for those firestore apps that use a lightweight “only visible to logged in users” security rule) and accept names of collections (found in the js code) to explore?

saligrama on Aug 28, 2023 [–]

Baserunner [1] does exactly this. I described using it for Firebase security research in my blog post [2].

[1] https://github.com/iosiro/baserunner

[2] https://saligrama.io/blog/post/firebase-insecure-by-default/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact