Web technologies terms:

JSON:

(JavaScript Object Notation) is a lightweight and widely used data interchange format that is easy for both humans and machines to read and write. it's based on JavaScript syntax and primarily used for transmitting data between a server and a web application as an alternative to XML.

XML:

(eXtensible Markup Language) is a versatile data interchange format that uses tags to define the structure of the data. It allows users to create their custom tags and define complex hierarchial data structures. XML is commonly used for configuration files, web services, and data exchange between different systems.

REST:

(Representational State Transfer) is a software architectural style that uses standard HTTP methods: (GET, POST, PUT, DELETE) for data interchange. It's widely used for creating web APIs that allow applications to interact and exchange data over the internet

SOPA:

(Simple Object Access Protocol) is a protocol for exchanging structured information in the implementation of web services. It uses XML as the data interchange format and provides a standardized method for communication between different systems.

Techniques:

Crawling(Basically clicking links):

Is the process of navigating around the web app, following links, submitting forms and logging in (where possible) with the objective of mapping out and cataloging the web application and the navigational paths within it.

Crawling is typically passive as engagement with the target is done via what is publicly accessible, we can utilize Burp Suite's passive crawler to help us map out the web app to better understand how its setup and how it works.

Crawling can be done offline by taking a copy of a website using "httrack" in [[Passive Recon]]

Spidering:

  • Is the process of automatically discovering new resources (URLs) on a webapp/site

  • Spidering can be quite LOUD and as a result, it's considered to be active recon.

  • We can use OWASP [[ZAP]] Spider to automate the process of spidering a webapp to map out the webapp and learn more about how the site is laid out and how it works.