Monday, December 12, 2005

Article on web application footprinting [HITB E-zine]



Any search engine database is a very powerful source of information for web applications. The Search Engine’s spiders are well-powered to run frequently on sites and capture all possible links. As an end user, however, we are more interested in the searching interface and criteria these engines provide. By using their search options, end users can craft intelligent queries against a database and fetch critical information. There are several tools out there that query the Google database and fetch this sort of security-related information about web applications.

This paper describes some of the queries that can be run against SEARCH.MSN in order to fetch important information that would eventually help in web application assessment. SEARCH.MSN provides web services APIs to build applications using their search interface.

More information can be gathered from http://search.msn.com/developer/ To be able to use SEARCH.MSN, you will require an Application ID. This can be obtained using MSN passport. Queries are limited to 10,000 a day and allow a total of 50 results for each query. This provides great flexibility to the application. As a security tool, substantial information can be queried from MSN search, making it a handy tool to have in your toolkit. For the examples outlined in this paper, some of the information is retrieved using this interface, with a sample application called wapawn.

Read Here