The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Using lists of common debug parameter names (debug, test, hide, source

Download 5,76 Mb.

Pdf ko'rish

bet	146/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 142 143 144 145 146 147 148 149 ... 875

Bog'liq
3794 1008 4334

Using lists of common debug parameter names (debug, test, hide, source,

etc.) and common values (true, yes, on, 1, etc.), make a large number of

requests to a known application page or function, iterating through all

permutations of name and value. For

POST

requests, insert the added

parameter both into the URL query string and into the message body.

■

Burp Intruder can be used to perform this test using multiple payload

sets and the “cluster bomb” attack type (see Chapter 13 for more

details).

■

Monitor all responses received to identify any anomalies that may indi-

cate that the added parameter has had an effect on the application’s

processing.

■

Depending on the time available, target a number of different pages or

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 142 143 144 145 146 147 148 149 ... 875