forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 2
Lab 02 Reconnaissance
Tomas Rosenqvist edited this page Aug 15, 2018
·
10 revisions
Now that your Juice Shop is up and running, take a few minutes to get to know it better. Judging from the name alone, it's probably a web shop that sells fruit beverages. But is that all there is?
- Open the web shop (e.g. https://
johndoe-juice.herokuapp.com) in your favorite web browser. - Play around.
- What does the shop (allow the user to) do?
- What do you need to do to be able to buy from the store?
- Can you do anything after ordering?
- Is the site for customers only or does it cater to other types of users as well?
- What do you need to do to become a user?
- How does the system seem to authenticate you as a user?
- How is the site constructed?
- Does the site seem to have any identifiable integrations to other systems?
- Does the site seem to have any identifiable subsystems?
- What components/libraries/techniques does it appear to be using?
- Imagine you're the owner of the business itself. What risks to the web shop would you be worried about?
What you're doing now is called footprinting or reconnaissance, and is an important step in order to plan and execute a successful attack on any system. In a real situation, an attacker could spend very long time in this phase, extracting and combining information from multiple sources (LinkedIn, Facebook, yellow pages, financial reports, court rulings, public websites, competitor websites, Domain registrar records etc.).