The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

In the course of describing various common vulnerabilities and attack tech-

niques, we have encountered numerous situations in which the application

employs a name or identifier for some item, and your task as an attacker is to

discover some or all of the valid identifiers in use. Some examples of where

this requirement can arise are:

■■

The application’s login function returns informative messages that dis-

name or incorrect password. By iterating through a list of common

usernames and attempting to log in using each one, you can narrow the

list down to those that you know to be valid. This list can then be used

as the basis for a password guessing attack.

■■

Many applications use identifiers to refer to individual resources that

numbers, employee numbers, and log entries. Often, the application

will expose some means of confirming whether a specific identifier is

valid. By iterating through the syntactic range of identifiers in use, you

can obtain a comprehensive list of all these resources.

■■

If the session tokens generated by the application can be predicted, you

a series of tokens issued to you. Depending on the reliability of this

process, you may need to test a large number of candidate tokens for

each valid value that is confirmed.