Screenshots

• gowitness

Inspection

Leave Burp on and browse the app

• Screenshots: abnormalities/errors
• Technologies used and their versions
• User roles and capabilities
• Inputs/Entry points and services, e.g. file uploads/ information update

Discovery

• Directories
  • Technology in-/depended
• Endpoints
  • gau
  • waybackurls
  • hakrawler
  • gf
  • Google dorks with specific inurl parameters and file extensions
• js files
  • Secrets, new endpoints
• Information disclosure
  • Using search engines for fun and bounties

Vulns

• XSS
  • manual
  • dalfox
  • xsshunter
• Open Redirection
  • Guide
• CSRF
  • Token from another session
  • No token
  • Parameter pollution
  • POST request to GET
  • Bypass Referrer header
    • Ommit with <meta name="referer" content="never">
    • Bypass like Open Redirection (https://attacker.com/test?target.com or https://target.attacker.com/)
• CRLF
  • crlf-injector
• Unrestricted File Upload
  • Magic bytes
  • File extention
  • Content-type
  • Null byte
• IDOR

  • ID/UUID leaks

  • Bruteforcing

  • Change HTTP methods (e.g. from POST for deletion to DELETE, from POST to GET, etc.)

  • Add/Change the requested filetype