Web application security - the fast guide 1.1 | Page 72

Chapter 4 - Be the attacker
P a g e | 72
included links, forms and even included client side script in the purpose
of building a Skelton for the web site functionalities and contents.
An example about a tool that help to spidering a site is Burp suite, the
fully automated approach might not be the best solution to get a good
picture about the functionalities and contents of the application due to the
fact that automated solutions might not be able to capture links included
in complicated Java Scripts or compiled client code like flash or java
applet.
From the other hand the multilevel input validation techniques used by
modern application prevent spidering applications from bypassing
successive levels with randomly generated contents.
Another issue also is related to URL based seeding used by the spidering
application as the later tend to remove repeated successive URL to
prevent an infinite loop like when having a single URL usage for multiple
action http://myBank/manage.php or conversely being locked in with
same URL that uses a time stamp as parameters.
User Guided spidering:
An alternative (or complementary) to the usage of auto crawling is the
usage of user driven spidering where user manually explore the different
application functionalities including the entry of forms information.
In that type of spidering the spidering software logs user input and result
returned by the explored application.
the used tool work as a Proxy/spider that intercept all requests and
responses. In this approach the user can guarantee that session is active
and all the entered information fulfill the expected human interaction
rules.
4.8.2 Hidden content spidering:
Accessing the main stream contents mainly does not provide fast and
delicious bite of information, accessing archived contents, backups, test
files, source files, comments gives lot of information and maybe some easy
to exploit vulnerabilities.
This type of content can be discovered by inferencing from published
contents or using a brute force approach that test destinations based on
directory of common words like common folders and service names, an
example about that will be:
If a published destination content were found on address like:
http://theSiteName.com/stable/en/about
It will be a good idea to test addresses like
http://theSiteName.com/archived/en/about
http://theSiteName.com/development/en/about