WALKING AN APPLICATION

Walking an application is the process of exploring an application for information or vulnerabilities whilst only using tools available within the browser. Whilst it may not be as quick or sophisticated as using tools, it can be beneficial for picking up on information that may be missed by automated tools.

Before using the in browser tools, it is a good idea to navigate the web app and take notes of any pages/areas and features of a site. For example, it could be a good idea to make note of a log in page and its URL or a feature for uploading files.

Once the web app has been navigated and documented, in browser tools can be used for exploration:

  • View Source - Used to view the source code for a web app.
  • Inspector - Used to inspect page elements.
  • Debugger - View and control a pages Javascript.
  • Network - See the network requests a page makes.

View Source.
Viewing the source code of a page can be a great way for searching for comments left by developers, information on frameworks used or links to pages that are not viewable when visiting a web app normally. 

For example, in the below image a comment was left by the developers for a work in progress page "/new-home-beta".



Inspector.
Inspector is normally used to get a better understanding of how a pages CSS elements are working together. The source code may not tell the full story of what's happening in a page as it doesn't show how a user may have interacted with the page. 

In this example, the CSS was poorly implemented to serve as a pay wall. I was able to get around a pay wall by removing appropriate element and view unintended content.

Debugger.
Debugger is a tool used for debugging JavaScript. It is useful for testing the security of a website because I am able to add breakpoints, pause the running of JavaScript and edit the values of variables. Debugger can give a much better idea of how the functionality of a web application works.

Network.
The network tab allows me to keep track of every network request that make up each web page. This can be useful because I can monitor methods, status's and responses from the web app. 

For example, the flag for this room was hidden in the response after making an attempt to log in to the web app.










Comments

Post a Comment

Popular posts from this blog

BURPSUITE IN-DEPTH

Image
NOTE: This post will be a much deeper and in-depth dive in to some of the functionality of Burp Suite. If you need a quicker overview, please visit my  Burp Suite Basics  post.  Repeater The repeater function of Burp Suite allows us to take a request captured by Proxy, edit it and send the same request repetitively. This makes repeater ideal for any manual poking around at an endpoint. Basic Usage: The repeater interface can be split in the 6 main sections. Refer to the image above: List of requests that are going through Repeater. Controls for the current request, these allow us to send/cancel a hanging request and go forwards/backwards in a request history. Request/Response view. Requests are edited in the Request view and Responses will show up in the Response view. Allows us to change the layout for the Request and Response view. The inspector allows us to break requests apart and analyse and edit them in a more intuitive way than the raw editor. The IP address o...
Read more

CROSS-SITE SCRIPTING

Image
Cross-Site Scripting (XSS) is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users.  XSS Payloads In XSS the payload is the JavaScript code we wish to be executed on the targets machine. The payload is comprised of two parts, the intention and the modification. The intention is what the attacker intends the JavaScript to execute and the modification is the changes the attacker needs to do on the code to make it execute in each specific scenario.  Proof of Concept This is a simple payload in order to prove that an attacker can actually achieve XSS on a website: <script>alert('XSS');</script> Session Stealing Details of a users session, such as log in tokens are often kept in cookies on the targets machine. The below JavaScript takes the target's cookie, base64 encodes it to ensure successful transmission and then posts it to a website under the attackers control <script>fet...
Read more

NMAP ADVANCED SCANS

Image
In this post we will be covering techniques to evade firewalls and IDS systems ad well as more advanced scans and scan options, such as: Null Scan FIN Scan Xmas Scan Maimon Scan Ack Scan Window Scan Custom Scan We will also cover the following: Spoofing IP Spoofing MAC Decoy Scan Fragmented Packets Idle/Zombie Scan Null, FIN and XMAS Scans These scans can be efficient when scanning a target behind a stateless (non-stateful) firewall. A stateless firewall will check if the incoming packet has the SYN flag to detect a connecting attempt. Using a flag combination that does not match the SYN packets could make it possible to deceive a firewall and reach the system behind it. However, a stateful firewall will practically block all such crafted packed and render this kind of scan useless. Null Scan Null scan does not set any flag at all; all six flag bits are set to zero. We can use this option with -sN . A TCP Packet with no flags set will not trigger a response when it ...
Read more