The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

each directory or path known to exist within the application. Use Burp

Download 5,76 Mb.

Pdf ko'rish

bet	126/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 122 123 124 125 126 127 128 129 ... 875

Bog'liq
3794 1008 4334

Perform the exercise recursively as new content is discovered.

each directory or path known to exist within the application. Use Burp

Intruder or a custom script, together with wordlists of common files and

directories, to quickly generate large numbers of requests. If you have

identified a particular way in which the application handles requests for

invalid resources (e.g., a customized “file not found” page), configure

Intruder or your script to highlight these results so they can be ignored.

■

Capture the responses received from the server, and manually review

these to identify valid resources.

■

Perform the exercise recursively as new content is discovered.

Inference from Published Content

Most applications employ some kind of naming scheme for their content and

functionality. By inferring from the resources already identified within the

application, it is possible to fine-tune your automated enumeration exercise to

increase the likelihood of discovering further hidden content.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 122 123 124 125 126 127 128 129 ... 875