Abstract
Discovering server HTTP endpoints – essentially, enumerating the server’s attack surface – is an important step of every black-box web security scanner. One of the main methods of doing that is inferring server endpoints from the client side, determining what HTTP requests can be sent from client to server. This is trivial for requests triggered by HTML markup elements, such as links and forms, but is much harder for requests sent by JavaScript. Existing approaches to determining requests sent from JavaScript are based on a technique known as dynamic crawling - automated interaction with user interface elements using a headless browser. Dynamic crawling fails when the code that sends a request is impossible or very difficult to trigger with interface interaction. We propose a different approach for finding HTTP requests sent by JS code, which uses static code analysis. While analyzing JavaScript statically is known to be hard and applying existing analyzers to real-world web pages usually does not work, we propose a new lightweight analysis algorithm that can work on pages of real websites and can discover server endpoints that dynamic crawlers cannot. Evaluation results show that augmenting a black-box scanner with the proposed static analysis may significantly improve server-side endpoint coverage.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
