Climbing Mount WebAppSec – Discovering Directories & Files with ZAP

This is the second part of my mini-series on “Domain Discovery”. The first part is here. Following Jason Haddix’s Bug Hunters Methodology I’m at phase three: Mapping Discovering the domain falls into two parts. The first to the left of the domain (subdomains) and the second to the right of the domain (Directories/Files). In this post I will cover directories/files. As with subdomains the premise in discovering directories/files is to firstly enlarge the attack surface and in the process find some easier wins. Directories and files may be forgotten in the mists of time, or may be part of the website admin/functionality the Read More

Climbing Mount WebAppSec – ZAP Directory Traversal

Whilst reading OWASP Testing Guide v4 I came across the section on testing for directory travseral and noted the “tools” at the bottom. Wfuzz and Dirbuster (the latter now incorporated into ZAP) I know about and will be dealing with in an upcoming “Discovering directories/files”. This left DotDotPwn and ZAP (Zed Attack Proxy) itself. Interestingly, DotDotPwn is incorporated into TrustedSec’s Penetrations Testers Toolkit (blogged about here) under “vulnerability-analysis“. So, quick and easy for me to fire up the tool and unleash it – however – I immediately hit a brick wall with URL’s not responding? It transpires this tool cannot easily handle HTTPS without a fair Read More