It is true that you will eventually, when performing manual dynamic analysis, review the source code of every response. However, in my case, directly after building my site map I simply take a look and annotate the interesting finds and input that I may want to test.
To keep track of these annotations I prefer Dradis 2.3 and if you have any questions on using this tool might I suggest one of three routes. The first is to join the community Here. The second is to contact etd, the creator, on irc at irc.freenode.net on the #dradis channel. Lastly, etd is on twitter twitter.com/etdsoft and I highly suggest following him anyways!
Anyways, on with the tutorial. So, both @jack_mannino and I observed a situation, where a site loaded content from another site they managed via iFrame. Now the trick is directly calling the site being loaded in the iFrame to try and gain unauthenticated access to MAYBE an exposed default directory. We were in luck, there was in fact a default directory exposed. When requesting this resource however we received a 200 but with a redirection occuring in the browser? The page rendered fully in the response. WTF? Well what controls said redirection? Ahhh, JavaScript! So what happens if we strip javascript? Fully functionality! Sweet.....
Okay, so on with viewing the site with JavaScript disabled. Lets use burp to strip the JavaScript!
NOTE: Personally, I recommend always viewing a site with JavaScript disabled AND cookies disabled.
Navigate to Burp > Proxy > Options. Scroll down until you see 'html modifications' and check remove all JavaScript. Its really that simple.
Now in the 'match' field enter in the 'match' field this time and in the 'replace' field just leave this blank. When you are finished it should look like:
Happy hacking!
No comments:
Post a Comment