Mapping the Application - Eduguru

Tutorial Web Hosting Website

Identifying Server-Side Functionality

April 23, 2020 Krishna ASP.NET application, database, Dissecting Requests, Extrapolating Application Behavior, Identifying Server-Side Functionality, Mapping the Application, Mapping the Attack Surface, PHP language, SQL injection payload, sql query

It is often possible to infer a great deal about server-side functionality and structure, or at least make an educated

Tutorial Web Hosting Website

Identifying Server-Side Technologies

April 23, 2020April 23, 2020 Krishna ASP.NET framework, Banner Grabbing, Directory Names, HTTP Fingerprinting, Identifying Server-Side Technologies, Java Server Pages, Mapping the Application, Microsoft IIS server, PHP, Session Tokens, The Java Platform, Third-Party Code Components, WebSphere

It is normally possible to fingerprint the technologies employed on the server via various clues and indicators. Banner Grabbing Many

Tutorial Web Hosting Website

Analyzing the Application

April 17, 2020April 17, 2020 Krishna Analyzing the Application, Cookie, HTTP traffic, Identifying Entry Points for User Input, intrusion detection, Mapping the Application, SMTP, SSL, VULNERABILITIES

Enumerating as much of the application’s content as possible is only one element of the mapping process. Equally important is

Tutorial Web Hosting Website

Application Pages vs. Functional Paths

April 17, 2020 Krishna Application Pages vs. Functional Paths, Discovering Hidden Parameters, html, Mapping, Mapping the Application, URL, URL-based map, World Wide Web

The enumeration techniques described so far have been implicitly driven by one particular picture of how web application content may

Tutorial Web Hosting Website

Discovering Hidden Content

April 17, 2020 Krishna Brute-Force Techniques, Burp Intruder, DIRECTORIES, Discovering Hidden Content, GOOGLE, Inference from Published Content, Leveraging the Web Server, mapping techniques, Mapping the Application, MSN, Search engines, Web archives, Yahoo

It is very common for applications to contain content and functionality which is not directly linked or reachable from the

Tutorial Web Hosting Website

User-Directed Spidering

April 17, 2020April 17, 2020 Krishna Burp Suite, html, http, HTTP and HTML analysis, Mapping the Application, proxy/spider tool, URL, User-Directed Spidering, WebScarab

This is a more sophisticated and controlled technique, which is usually preferable to automated spidering. Here, the user walks through

Tutorial Web Hosting Website

Enumerating Content and Functionality

April 17, 2020 Krishna application uses, Burp Spider, Enumerating Content and Functionality, Mapping, Mapping the Application, Paros, spiders, URL, Web Spidering, WebScarab

In a typical application, the majority of the content and functionality can be identified via manual browsing. The basic approach

Tutorial Web Hosting Website

Mapping the Application

April 17, 2020 Krishna application, application mapping, attacking an application, Mapping the Application, VULNERABILITIES

The first step in the process of attacking an application is to gather and examine some key information about it,