forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 2
Lab 02 Reconnaissance
Tomas Rosenqvist edited this page Oct 31, 2018
·
10 revisions
Now that your Juice Shop is up and running, take a few minutes to get to know it better. Judging from the name alone, it's probably a web shop that sells fruit beverages. But is that all there is?
- Open the web shop (e.g. https://
johndoe-juice.herokuapp.com) in your favorite web browser. - Play around.
- What does the shop (allow the user to) do?
- What do you need to do to be able to buy from the store?
- Can you do anything after ordering?
- What categories of users do you think the site has? Are there more than one type of Customer? Are there other roles?
- What do you need to do to become a user?
- How does the system seem to authenticate you as a user?
- How is the site constructed?
- Does the site seem to have any identifiable integrations to other systems?
- Does the site seem to have any identifiable subsystems?
- What components/libraries/techniques does it appear to be using?
- Imagine you're the owner of the business itself. What risks to the web shop would you be worried about?
What you're doing now is called footprinting or reconnaissance, and is an important step in order to plan and execute a successful attack on any system. In a real-world situation, an attacker could spend very long time in this phase, extracting and combining information from multiple sources (LinkedIn, Facebook, yellow pages, financial reports, court rulings, public websites, competitor websites, Domain registrar records, the dumpster outside the office etc.).