Identification of entry points

The purpose of identifying entry points to the application is to understand the protocols and methods used to transmit information between the client and the server. See what individual parameters are accepted through HTTP queries, what information cookies are stored and what headers are used. This is shown in the figure below. This allows you to build an image of your application regarding its logic and how the data is processed. Example of a request structure sent to a server

Figure. An example of the structure of a request sent to a server. Source: [Own study]

You can use Burp Spider with form autocomplete. Much better results, however, are achieved by manually checking the structure and refer to all the functionalities of the application and recording this movements using the interceptor proxy – Burp Intercept Proxy.  

Chcesz wiedzieć więcej?

Zapisz się i bądź informowany o nowych postach.

Nigdy nie podam, nie wymienię ani nie sprzedam Twojego adresu e-mail. W każdej chwili możesz zrezygnować z subskrypcji.

Bookmark the permalink.

Podziel się swoją opinią na temat artykułu