Xiaopei's DokuWiki
These are the good times in your life,
so put on a smile and it'll be alright
User Tools
Sidebar
it:secure:owasp:test_guide
Table of Contents
OTG
Information Gathering
Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)
- 除了传统搜索引擎,还可以对公司、成员的 github 做搜索
Fingerprint Web Server (OTG-INFO-002)
- 访问任一错误页,可能能从错误信息中看出 HTTP 服务器型号
- 云服务的负载均衡一般会由于注入 Cookie、保持回话暴露出有几台服务器
Set-Cookie: QINGCLOUDELB=d334b8ab0a713149235f07da34c40471ab7e48fb3972913efd95d72fe838c4fb|WbeHH|WbeHH; path=/ Set-Cookie: QINGCLOUDELB=165e4274d6090771b096025ed82d52a1ab7e48fb3972913efd95d72fe838c4fb|WbeHG|WbeHG; path=/
- 在线工具 Netcraft Site Report 可以看出来一些信息
Review Webserver Metafiles for Information Leakage (OTG-INFO-003)
- robots.txt 可能暴露网页敏感路径的信息
- 如果建议禁止所有搜索,可以
User-agent: * Disallow: /
Enumerate Applications on Webserver (OTG-INFO-004)
- 遍历端口可用 nmap
nmap –PN –sT –sV –p0-65535 192.168.1.100
- 遍历域名理论上可以用 host -l,但一般不会开 AXFR 协议(应该是管理权限下使用)
- 可以用 http://whois.webhosting.info/8.8.8.8 查,但打不开
Review webpage comments and metadata for information leakage (OTG-INFO-005)
要注意线上前端代码压缩时去除 注释、console.log
Identify application entry points (OTG-INFO-006)
就是抓包,观察的意思
Map execution paths through application (OTG-INFO-007)
可以用 zaproxy/zaproxy 扫一遍
Fingerprint Web Application Framework (OTG-INFO-008) / Fingerprint Web Application (OTG-INFO-009)
类似 OTG-INFO-002。可以根据以下方法测试:
- HTTP headers
- Cookies
- HTML source code
- Specific files and folders
- File Extensions
- Error Message
工具的话 chrome 的 Wappalyzer - Identify technologies on websites 好用
查到框架后,查框架的漏洞可以用:CVE security vulnerability database. Security vulnerabilities, exploits, references and more
it/secure/owasp/test_guide.txt · Last modified: 2017/09/13 10:27 by admin
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
