![]() If you view further down the page source, there is a hidden link to a page starting with "secr", view this link to get another flag. Links to different pages in HTML are written in anchor tags ( these are HTML elements that start with page source is the human-readable code returned to our browser/client from the web server each time we make a request. We will start taking a deeper look into some of the pages we have discovered in the next task. This link logs the user out of the customer area. This page allows the user to edit their username, email, and password. This page contains a form with a textbox for entering the IT issue and a file upload option to create an IT support ticket. This page contains a list of the user's tickets submitted to the IT support company and a "Create Ticket" button. Password reset form with an email address input field. This page contains a user-signup form that consists of a username, email, password, and password confirmation input fields.
This page contains a login form with username and password fields. It contains name, email, and message input fields and a send button. This page contains a form for customers to contact the company. ![]() Some articles seem to be blocked and reserved for premium customers only. This page contains a list of recently published news articles by the company, and each news article has a link with an id number, ie /news/article?id=1ĭisplays the individual news article. This page contains a summary of what Acme IT Support does with a company photo of their staff. An excellent place to start is just with your browser exploring the website and noting down the individual pages/areas/features with a summary for each one.Īn example site review for the Acme IT Support website would look something like this: Feature These features are usually parts of the website that require some interactivity with the user.įinding interactive portions of the website can be as easy as spotting a login form to manually reviewing the website's JavaScript. Start the virtual machine on this task, wait 2 minutes, and visit the following URL: Īs a penetration tester, your role when reviewing a website or web application is to discover features that could potentially be vulnerable and attempt to exploit them to assess whether or not they are. Network - See all the network requests a page makes.Debugger - Inspect and control the flow of a page's JavaScript.Inspector - Learn how to inspect page elements and make changes to view usually blocked content.View Source - Use your browser to view the human-readable source code of a website.
Here is a short breakdown of the in-built browser tools you will use throughout this room: More often than not, automated security tools and scripts will miss many potential vulnerabilities and useful information. In this room, you will learn how to manually review a web application for security issues using only the in-built tools in your browser.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |