Page mapping

Mapping web application resources can reveal important information about the tree and directory structure of your application, thereby revealing information about the software used, its version, or the programming language used in the construction. It consists in building a systematic view, which usually hierarchically shows what data the WEB application is built from. You can build a web app resource map in several ways:

  • by reference to a txt file containing often entries to hidden paths to which they do not have to look at all kinds of crawlers and spiders. In the graphic below you can see a sample robots.txt file that reveals information about the programming language used – php, or the location of the administrator module – /admin/.

Sample robots file.txt

Figure. Sample robots.txt. Source: [robots]

  • using tools called"spiders",which find references to various resources (graphics, scripts, links) in the page code and on this basis form the structure of the application resource tree. An example of such a tool is a module in Burp called Spider. In the example below, Burp Spider built an application map. This allowed, among other things, to know the location of the administration panel, the libraries used, or the programming language.

App map built by Burp Spider

Figure. Application map built by Burp Spider. Source: [Own study]


Chcesz wiedzieć więcej?

Zapisz się i bądź informowany o nowych postach (zero spamu!). Dodatkowo otrzymasz, moją prywatną listę 15 najbardziej przydatnych narzędzi (wraz z krótkim opisem), których używam przy testach penetracyjnych.

Nigdy nie podam, nie wymienię ani nie sprzedam Twojego adresu e-mail. W każdej chwili możesz zrezygnować z subskrypcji.

Bookmark the permalink.

Share your opinion about the article.