BORING BUT MOST IMPORTANT PART IS MAPPING THE APP

First step is to understand the app’s function, content and behavior. Some of these maybe hidden.

1) Enumerating Content and Functionality

Can be done manually but an effective technique is crucial.

User-Directed Spidering :

1.Set your browser to use an intercepting proxy. Set the scope.

2.Browse the app as you normally do, submitting all forms. Browse it with cookies and/or javascript both enabled and disables. The app may put you in different paths this way.

3.Check the site map generated by the proxy.

Discovering Hidden Content :

Content which is forgotten. Maybe for testing and debugging puposes.

PHP, ASP, JSP backup files.

Backup of webroot.

Older versions of PHP, ASP, JSP files.

Config and include files.

Log files.

Brute-Force

Get valid and invalid files. Note returning messages for both.

Auto request common file folder names.

Get responses for valid resources.

When you find new content -> Recurse.

Application Pages Versus Functional Paths :

Discovering Hidden Parameters :