Information Gathering ***This blog is connected with one of my YouTube videos. There I have explained about OWASP and this list of OWASP. I'm recommending you to watch it before you read this Blog*** Link - https://www.youtube.com/watch?v=BNg1KLjgl9I&t=12s&ab_channel=InuraKatulanda Here, we are understanding the deployed configuration of the server hosting the web application OTG-INFO-001 : Conduct Search Engine Discovery/ Reconnaissance for Information Leakage There are direct and indirect elements for search engine discovery. Direct Methods related to searching in indexes and the associated content from caches while Indirect Methods related to collecting sensitive design and configuration info by searching forums, newsgroups and tendering websites. There are crawlers in search engines. Once these crawlers are completed crawling, it starts indexing the web page based on the tags and associated attributes. Such as <title>, <head> and so on. C...
Note : This blog gives a walkthrough to install Burp-suite professional. So, I'm recommending to follow all the steps and the Screenshots given below. Downloading and configuring Java We need Java SE 15.0.2 for the installation. This does does not work with version 16 and up. Go to the above provided link and download the java installer. It may tell you to create a free account. Then Just create it and download. Java SE 15.0.2 - https://www.oracle.com/java/technologies/javase/jdk15-archive-downloads.html I recommend to download installer directly. Then install it with default configurations(Do not change anything just press next button) After installing Java open command prompt. Then type 'java -version ' and press enter. As you can see my java version is 16.0.2. Note : This does not gonna work with burp suite we are gonna install. So we have 2 options. We can either change the environment variables or we can remove the java version 16.0.2. In some cases c...