Web Application Security
Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/Instructor do not support/promote hacking. For more details, head to our t&c page.
Information gathering of target web app
Information gathering is an act of finding as much as possible information about the target system. This is a most important step in hacking a web app.
The information could be:
Web Application layout
HTML and other scripts
Software, Server, OS information
Internal IP addresses
Services and ports
DNS & other public records
Other sensitive information
Google hacking, also named Google dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using.
Some of the google dorks are shown below. Tap on the image below.
Whois a query to the registrar database to get information about:
Website owner, Contact info, Registrar, DNS info, IP addresses & etc
To find whois information, navigate to following website and enter the domain name
A traceroute is a network tool used to show the route taken by packets across an IP network.
The Traceroute tool will show you each hop sequentially, and total hops required. For each hop, it will display the hop #, roundtrip times, best time (ms), IP address, TTL, and country.
Seeing the traceroute information can help you determine why your connections to a given server might be poor and can help you identify problems. It also shows you how systems are connected to each other, letting you see how your ISP connects to the Internet as well as how the target system is connected.
In windows system, Open CMD and type "tracert" command followed by domain name for trace information.
website copier - HTTrack
Website Copier - HTTrack
It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer.
HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online.
HTTrack can also update an existing mirrored site, and resume interrupted downloads.
HTTrack is fully configurable, and has an integrated help system.
You can download the software from here: https://www.httrack.com/page/2/en/index.html
The Internet Archive, a non-profit, is building a digital library of Internet sites and other cultural artifacts in digital form.
As our web archive grew, so did our commitment to providing digital versions of other published works. Today our archive contains:
330 billion web pages, 20 million books and texts, 4.5 million audio recordings (including 180,000 live concerts), 4 million videos (including 1.6 million Television News programs), 3 million images, 200,000 software programs
Follow the link here: https://archive.org/
information through social media platforms
Nowdays, companies are using social media platforms to promote their products and it can give some information.
Facebook | Linkedin | Twitter | Instagram | Youtube
Job searching platform, company review websites also can be helpful to get the information.
browser add-ons: Flagfox
Displays a country flag depicting the location of the current website's server and provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening, and more...
Add Flagfox in Mozilla firefox from here :
Add extension in firefox and visit any website. Click on the extension icon(top-right on window) and it will display all the information.
A simple login through web
How login functionality works with three tier model.
That's all for this module!
Click below to get to the Next Module - Network hacking & Security
“Life is not fair, get used to it”
-BILL GATES <Microsoft founder>
Usage of these information/Data/Tools/Techniques for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. The Computer Joker/Instructor/Owner assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purpose. The Computer Joker/owner/Instructor do not support/promote hacking. For more details, head to our t&c page.
want a training?
Please contact us by filling the form on the right side for:
--> Live One to One Training
--> Course materials (pdf, tools & videos)
--> For any queries/feedback & suggestions.
© copyrighted 2021. All Rights Reserved.