Exploring a Web application with the web browser

When we first encounter a web application, we can do some little things what could help us only using the browser.

Source code of a page.

We can see a the code of a page by only doing a left click and pressing 'View page source'

The browser will display something like this:

Try to read it and see if something is useful.

Robots.txt

In some apps you can access robots.txt.

Robots.txt is a text file webmasters create to instruct web robots (typically search engine robots) how to crawl pages on their website. more info...

You can do this by only adding to the home url 'robots.txt'

Then you can visit those sites to see if something is useful just add the path you found to the home url.

Scripts or CSS files

You can also look for scripts or css files in the browser. Go to any page and open your debugger and you'll have access to some scripts and style files. (Most of the new browser have this functionality)

You might find something interesting in these files, so take a look at them occasionally.

Modifying HTML code

I just want you to know that everything that is on the client side is yours so you can modify it. With the inspector in your browser you can add or delete things that you don't want from the HTML code.

Look for hidden, disabled or editable elements and enable everything that may help you.

Weak credentials

When you encounter a login the first thing you can do is try some common credentials like:

username: admin, password: admin
username: admin, password: 12345
username: administrator, password: 12345
username: administrator, password: admin
username: user1, password: admin
username: user1, password: 12345
username: user1, password: user1

There are lots of common users and passwords, but for now you can try some of these or other that you may imagine.

Cookies

We can also modify the cookies that the site has. In the Storage tab.

"A computer “cookie” is more formally known as an HTTP cookie, a web cookie, an Internet cookie, or a browser cookie. The name is a shorter version of “magic cookie,” which is a term for a packet of data that a computer receives, then sends back without changing or altering it. No matter what it’s called, a computer cookie consists of information. When you visit a website, the website sends the cookie to your computer. Your computer stores it in a file located inside your web browser. " Source: Norton - Cookies

Now that we now this we can see the cookies in search of sensible information, flags, values or id. We can modify those values or create new ones to see if something happens.

Other interesting things

You could also look the other tabs, you may see what's happening in the network, cookies or other interesting things that may help.

There are lots of things that we can do and will learn it later on, but for now that's enough as an introduction.

Challenge Section Intro >>

LFGA Web