Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Anton Lopanitsyn - Initial reconnaissance of web applications.

DC7499
November 10, 2018

Anton Lopanitsyn - Initial reconnaissance of web applications.

Often, everything that is right in front of your eyes is being checked more meticulously than parts inaccessible to the average user. We are looking for hidden functionality of web applications for the subsequent search for vulnerabilities.

DC7499

November 10, 2018
Tweet

More Decks by DC7499

Other Decks in Research

Transcript

  1. Предварительная разведка
    веб-приложений
    Bo0oM

    View full-size slide

  2. subdomain enumeration
    • theharvester
    • recon-ng
    • aquatone
    • Sn1per
    • Massdns
    • Aquatone
    • Amass

    View full-size slide

  3. directory enumeration
    • Dirbuster
    • Dirsearch
    • Wfuzz
    • Hehdirb

    View full-size slide

  4. diff
    Length - 5
    Length - 5

    View full-size slide

  5. Расстояние Левенштейна

    View full-size slide

  6. Дерево DOM
    Document Object Model

    View full-size slide

  7. Обогащение словаря

    View full-size slide

  8. Обогащение словаря

    View full-size slide

  9. Обогащение словаря

    View full-size slide

  10. Обогащение словаря
    PARSE_JS = False:
    python3 ParamPP.py -u "https://vk.com/login"
    ['m', 'b', 'u', 'al’]
    PARSE_JS = True:
    python3 ParamPP.py -u "https://vk.com/login"
    ['b', 'm', 'al', 'async', 'u', 'ad_video']

    View full-size slide

  11. Ограничение веб-серверов

    View full-size slide

  12. Param-Pam-Pam
    https://github.com/Bo0oM/ParamPamPam
    #TODO
    • Json data
    • Keep-alive
    • Ченить-там-еще

    View full-size slide

  13. Q?
    @i_bo0om
    @webpwn

    View full-size slide