However, lessons learned from performing
method discovery against one framework generally teach the attacker how to perform
method discovery against any other framework. An analysis of framework identification
and method discovery against five popular frameworks is provided in the following sections.
Additionally, a step-by-step example is provided to walk through the framework
identification and method discovery process using the free WebScarab utility.
Microsoft ASP.NET AJAX (Microsoft Atlas)
Formerly called Atlas, ASP.NET AJAX is Microsoft??™s official AJAX framework. It integrates
with Visual Studio to allow developers to create new AJAX web applications.
Method discovery against an application using the Atlas framework requires analyzing
several files. Every instance of the WebResource.axd file should be analyzed for potential
methods, as well as any JavaScript file that is sent to the client upon the initial connection.
Methods seen in WebResource.axd are in a human readable format, while methods
defined in any other JavaScript file will vary on a site-by-site basis.
Microsoft ASP.NET AJAX is a proxy style AJAX framework. To identify its use, the
client is served WebResource.
Pages:
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296