WebApp Sec mailing list archives
Re: Website "Scanner"
From: Mike Shaw <mshaw () wwisp com>
Date: Thu, 09 Jan 2003 09:39:05 -0600
At 03:22 PM 1/8/2003 -0800, backed.up.by.2048.bit.encryption () hushmail com wrote:
We want to find out what else might be in "new_products" so we plug in say the words "big" "winner" "2003" and let our dictionary spin:biggerwinner2003.html - nothing bigloser2002.html - hit etc.
I know I'm stating the obvious, but keep in mind that the log files on the destination box (or on any firewalls that are set to log) are going to be at least 5 or 6 times the size of your dictionary file, even more if you use combinations of words like you talk about. Any substantial poking and prodding and you could fill up a partition or otherwise become obvious real quick. Webtrends and the like will also flag you.
Don't forget these too: "Copy%20of%20bigwinner2003.html" "bigwinner2003.bak" "bigwinner2003.old" "bigwinner2003.tmp" etc... -Mike
Current thread:
- Re: Website "Scanner", (continued)
- Re: Website "Scanner" sullo (Jan 09)
- Re: Website "Scanner" backed . up . by . 2048 . bit . encryption (Jan 08)
- Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
- Re: Website "Scanner" Chris Wysopal (Jan 09)
- Re: Website "Scanner" Mary Landesman (Jan 21)
- Re: Website "Scanner" Dave Aitel (Jan 09)
- Re: Website "Scanner" Kevin Spett (Jan 11)
- Re: Website "Scanner" Nelson Sampaio Araujo Junior (Jan 09)
- RE: Website "Scanner" glyn (Jan 10)
- Re: Website "Scanner" Todd Charron (Jan 11)
- RE: Website "Scanner" Ian Griffiths (Jan 11)
- Re: Website "Scanner" Mike Shaw (Jan 21)