axd. This file can contain JavaScript (and often still includes
the source code comments), indicating that it contains the required files Atlas.js or
MicrosoftAtlas.js. Here??™s an example:
// Atlas.js
// Atlas Framework.
You can download ASP.NET AJAX at http://ajax.asp.net/Default.aspx
154 Hacking Exposed Web 2.0
Google Web Toolkit
Google Web Toolkit (GWT) is a unique sort of proxy framework. Instead of acting as a
proxy between an existing application and the client, GWT compiles an existing Java
application into JavaScript. It is because of this compilation process that method discovery
in GWT applications is uniquely difficult. Methods are sent to the client with a filename
in this format: 32 letters/numbers.cache.html. Here??™s an example filename:
9B5996A7A61FA7AB0B780C54253DE830.cache.html.
This file is composed entirely of JavaScript that GWT compiled from the Java application.
Methods are often named a series of two- to three-character obfuscated names
such as qe, xrb, and the like. Methods can thus be discovered by analyzing the data
contained in a .cache.htm; however, method discovery against an application using GWT
remains significantly more challenging than discovery against any other framework.
Pages:
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297