Web application security - the fast guide 1.1 | Page 71

Chapter 4 - Be the attacker
P a g e | 71
As part of mapping infrastructure it is important to identify any mediators like
virtual servers, load balancer, proxies or firewalls because the existence of such
components in the targeted victim environment might derive totally different
attack approach.
The following examples explain main practices used to identify such
intermediaries:
Detecting load balancers:
- Surrounding IP scan
- Detecting unsynchronized time stamp
- detecting different (last modified or Etag) header for the same resource
- Existence of unusual cookies.
- Different SSL certificate
Detecting Proxies:
- Using Trace command that echo the exact request and detect changes.
- Standard connect test
- Standard proxy request
4.8 Mapping Application
F1
F2
F3
F4
Application
To Map the application functionality, contents and workflow attacker can use
many methods and apply it through different tools.
4.8.1 Mapping functionalities and contents:
Web application crawling:
using special software that automate the generation of http requests
attacker can capture the returned results and recursively auto extract