-
Notifications
You must be signed in to change notification settings - Fork 0
/
1.Map Web Application 1.txt
62 lines (47 loc) · 2.25 KB
/
1.Map Web Application 1.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Map the Application
1.Explore Visible Content
Configure your browser to use your favorite
integrated proxy/spidering tool.
EX:Burp and WebScarab
if you find it useful, configure your browser to
use an extension such as IEWatch to monitor and
analyze the HTTP and HTML content being processed
by the browser.
visiting every link and URL, submitting every
form, and proceeding through all multistep
functions to completion.
Try browsing with JavaScript enabled and
disabled, and with cookies enabled and disabled.
If the application uses authentication,
and you have or can create a login account.
------------------------------------------------------------------
2.Consult Public Resources:
Use Internet search engines and archives (such as the Wayback Machine)
to identify what content they have indexed and stored for your target
application.
-------------------------------------------------------
3.Discover Hidden Content:
handles requests for nonexistent items.
Make some manual requests for known valid and invalid resources,
and compare the server responses to establish an easy way to identify
when an item does not exist.
-------------------------------------------------------------------------------------
4.Discover Default Content:
Run Nikto against the web server to detect any
default or well-known content that is present.
Use Nikto options to maximize its effective-ness.
For example, you can use the –root option to specify
a directory
------------------------------------------------------------------
5.Enumerate Identifier-Specified Functions:
Identify any instances where specific application functions
are accessed bypassing an identifier of the function
in a request parameter (for example,
/admin.jsp?action=editUser or /main.php?func=A21 )
---------------------------------------------------------------------------
6.Test for Debug Parameters:
Choose one or more application pages or functions where hidden debug
parameters (such as debug=true ) may be implemented. These are most
likely to appear in key functionality such as login, search, and fi le upload
or download.
----------------------------------------------------------------------------------------------