Tutorial - Eduguru - Page 39

Tutorial Web Hosting Website

Capturing User Data: Thick-Client Components

April 23, 2020 Krishna Bypassing Client-Side Controls, Capturing User Data: Thick-Client Components, Coping with Bytecode Obfuscation, Decompiling Java Bytecode, HTML forms, HTML source, Java, Java applets, JavaScript, web hacking, website hacking

Besides HTML forms, the other main method for capturing, validating, and submitting user data is to use a thick-client component.

Tutorial Web Hosting Website

Capturing User Data: HTML Forms

April 23, 2020 Krishna Bypassing Client-Side Controls, Capturing User Data: HTML Forms, Disabled Elements, HTML forms, JavaScript, Length Limits, Script-Based Validation, website hacking

The other principal way in which applications use client-side controls to restrict data submitted by clients occurs with data that

Tutorial Web Hosting Website

Bypassing Client-Side Controls

April 23, 2020 Krishna Bypassing Client-Side Controls, Hidden Form Fields, HTTP cookies, Opaque Data, The ASP.NET ViewState, The Referer Header, Transmitting Data via the Client, URL Parameters

Transmitting Data via the Client It is very common to see an application passing data to the client in a

Tutorial Web Hosting Website

Identifying Server-Side Functionality

April 23, 2020 Krishna ASP.NET application, database, Dissecting Requests, Extrapolating Application Behavior, Identifying Server-Side Functionality, Mapping the Application, Mapping the Attack Surface, PHP language, SQL injection payload, sql query

It is often possible to infer a great deal about server-side functionality and structure, or at least make an educated

Tutorial Web Hosting Website

Identifying Server-Side Technologies

April 23, 2020April 23, 2020 Krishna ASP.NET framework, Banner Grabbing, Directory Names, HTTP Fingerprinting, Identifying Server-Side Technologies, Java Server Pages, Mapping the Application, Microsoft IIS server, PHP, Session Tokens, The Java Platform, Third-Party Code Components, WebSphere

It is normally possible to fingerprint the technologies employed on the server via various clues and indicators. Banner Grabbing Many

Tutorial Web Hosting Website

Analyzing the Application

April 17, 2020April 17, 2020 Krishna Analyzing the Application, Cookie, HTTP traffic, Identifying Entry Points for User Input, intrusion detection, Mapping the Application, SMTP, SSL, VULNERABILITIES

Enumerating as much of the application’s content as possible is only one element of the mapping process. Equally important is

Tutorial Web Hosting Website

Application Pages vs. Functional Paths

April 17, 2020 Krishna Application Pages vs. Functional Paths, Discovering Hidden Parameters, html, Mapping, Mapping the Application, URL, URL-based map, World Wide Web

The enumeration techniques described so far have been implicitly driven by one particular picture of how web application content may

Tutorial Web Hosting Website

Discovering Hidden Content

April 17, 2020 Krishna Brute-Force Techniques, Burp Intruder, DIRECTORIES, Discovering Hidden Content, GOOGLE, Inference from Published Content, Leveraging the Web Server, mapping techniques, Mapping the Application, MSN, Search engines, Web archives, Yahoo

It is very common for applications to contain content and functionality which is not directly linked or reachable from the

Tutorial Web Hosting Website

User-Directed Spidering

April 17, 2020April 17, 2020 Krishna Burp Suite, html, http, HTTP and HTML analysis, Mapping the Application, proxy/spider tool, URL, User-Directed Spidering, WebScarab

This is a more sophisticated and controlled technique, which is usually preferable to automated spidering. Here, the user walks through

Tutorial Web Hosting Website

Enumerating Content and Functionality

April 17, 2020 Krishna application uses, Burp Spider, Enumerating Content and Functionality, Mapping, Mapping the Application, Paros, spiders, URL, Web Spidering, WebScarab

In a typical application, the majority of the content and functionality can be identified via manual browsing. The basic approach