Here's another "meta" long-form hacking tip that has paid its weight in gold.
== Don't rely on TOO much automation ==
A thread π§΅
π¨follow, retweet, & like for more π¨
Some examples:
π
1/x
== Don't rely on TOO much automation ==
A thread π§΅
π¨follow, retweet, & like for more π¨
Some examples:
π
1/x
In Recon:
Let's start with subdomain enumeration techniques.
Tools like Amass & Subfinder are just tools using web API's & scraping to pull subdomains from datasets on the internet...
2/x
π
Let's start with subdomain enumeration techniques.
Tools like Amass & Subfinder are just tools using web API's & scraping to pull subdomains from datasets on the internet...
2/x
π
Another example in recon, Screenshotting:
Using a screenshot tool on live web servers can miss things due to timing, complex redirects, cert issues, cloud/CDN configs, etc.
Many testers notice this right away if they ever switch to just opening URLs in browser.
4/x
π
Using a screenshot tool on live web servers can miss things due to timing, complex redirects, cert issues, cloud/CDN configs, etc.
Many testers notice this right away if they ever switch to just opening URLs in browser.
4/x
π
JavaScript parsing is another example. LinkFinder or derivatives give:
Full URLs
Absolute URLs or dotted URLs
Relative URLs with at least one slash
Relative URLs without a slash
But will not give you anything for minified or obfuscated js
6/x
π
Full URLs
Absolute URLs or dotted URLs
Relative URLs with at least one slash
Relative URLs without a slash
But will not give you anything for minified or obfuscated js
6/x
π
Finally, and known by most: Vuln Scanners.
Even dynamic ones are just throwing injection strings against parameters and routes. They then parse the page returned looking for a set of conditions and if X condition(s) are met (usually a regex) then they alert you...
7/x
π
Even dynamic ones are just throwing injection strings against parameters and routes. They then parse the page returned looking for a set of conditions and if X condition(s) are met (usually a regex) then they alert you...
7/x
π
What you miss out on is the context around the fuzzing:
the error codes/text
the return time
the content size
etc
It's all invisible to you in most cmdline tools and each of those could lead you to a juicy bug.
8/x
π
the error codes/text
the return time
the content size
etc
It's all invisible to you in most cmdline tools and each of those could lead you to a juicy bug.
8/x
π
So, throw your automation out the window right?!
No π
Use your intuition/judgment when testing. Know what your tools are doing & what they can miss. Learn to love manual testing, slow & deep testing can yield great returns.
π¨follow, retweet, & like for hacker tipsπ¨
9/x
No π
Use your intuition/judgment when testing. Know what your tools are doing & what they can miss. Learn to love manual testing, slow & deep testing can yield great returns.
π¨follow, retweet, & like for hacker tipsπ¨
9/x
Loading suggestions...