Skip to content

Active Reconnaissance

Web Browser Tools

These tools enhance your browser's capabilities for web application testing and analysis.

  • Developer Tools: Built into most modern browsers (accessible by pressing F12). They provide a window into the inner workings of a website. Key features include:

    • Elements Inspector: View and modify the HTML structure of a page in real-time. Useful for understanding how a page is built and for testing changes.
    • Network Tab: See all the HTTP requests and responses made by the browser. This is crucial for analyzing how a website communicates with the server, including headers, status codes, cookies, and data transfer.
    • Debugger: Step through JavaScript code to understand its behavior. Essential for finding vulnerabilities in client-side scripts.
    • Storage: Inspect cookies, local storage, and other client-side storage mechanisms. Helps understand how a website stores data and manage user sessions.
    • Console: View error messages, log output from JavaScript, and execute JavaScript commands.
    • FoxyProxy: A browser extension that simplifies switching between different proxy servers. This is incredibly useful when using tools like Burp Suite, which intercepts web traffic for security testing. FoxyProxy allows you to quickly route your browser's traffic through Burp Suite or other proxies.

  • User-Agent Switcher and Manager: Allows you to change the User-Agent header sent by your browser. The User-Agent identifies your browser and operating system to the web server. Spoofing the User-Agent can be useful for testing how a website responds to different browsers or devices (e.g., mobile vs. desktop) or for bypassing User-Agent-based restrictions.

  • Wappalyzer: Identifies the technologies used to build a website. This includes content management systems (CMSs), frameworks, programming languages, web servers, analytics tools, and more. Wappalyzer provides a quick overview of the website's tech stack, which is valuable information for penetration testing and reconnaissance.

Ping

Ping is a basic but essential network diagnostic tool.

  • ICMP (Internet Control Message Protocol): Ping uses ICMP Echo Request and Echo Reply messages. ICMP is a separate protocol from TCP and UDP.

  • How it Works: You send an ICMP Echo Request to a target IP address. If the target is reachable and allows ICMP traffic, it responds with an ICMP Echo Reply. Ping measures the round-trip time (RTT) between sending the request and receiving the reply.

  • Uses:

    • Check if a host is online.
    • Measure network latency.
    • Basic network troubleshooting.
    • ICMP Header Size: 8 bytes.

  • Setting Data Size: The -s option in ping allows you to specify the size of the data payload in the ICMP Echo Request. This can be useful for testing network capacity or for certain types of denial-of-service attacks (though using ping for DoS is generally ineffective today).

Traceroute

Traceroute (tracert on Windows) maps the network path to a target host.

  • TTL (Time To Live): Traceroute exploits the TTL field in IP packets. TTL is a hop limit, not a time limit. Each router decrements the TTL. When TTL reaches 0, the packet is dropped, and the router sends an ICMP Time-to-Live Exceeded message back to the sender.

  • How it Works: Traceroute sends a series of packets with incrementally increasing TTL values. The first packet has TTL=1, so it expires at the first router. The router sends an ICMP Time-to-Live Exceeded message, revealing its IP address. The next packet has TTL=2, expiring at the second router, and so on.

  • Uses:

    • Map network paths.
    • Identify network bottlenecks.
    • Troubleshoot routing problems.

  • Linux/macOS: traceroute 10.10.154.75

  • Windows: tracert 10.10.154.75

Telnet

Telnet is a simple protocol for remote terminal access. It's rarely used for interactive logins today due to its lack of encryption, but it can be useful for banner grabbing and basic service interaction.

  • TCP: Telnet operates over TCP.

  • Banner Grabbing: Connecting to a service with Telnet often displays a banner, which provides information about the service (version, etc.). This is useful for reconnaissance.

  • HTTP Interaction: You can use Telnet to manually send HTTP requests to a web server. This can be helpful for understanding the HTTP protocol or for testing specific requests. You would type GET / HTTP/1.1, then Host: example.com, and press Enter twice. ![[Pasted image 20250104111603.png]]

Netcat (NC)

Netcat is a versatile networking utility that can read and write data across network connections using TCP or UDP. It's often called the "Swiss Army knife" of networking.

  • TCP and UDP: Netcat supports both protocols.

  • Client and Server Modes: Netcat can act as a client (connecting to a server) or a server (listening for connections).

  • Common Uses:

    • Port scanning.
    • Banner grabbing.
    • File transfer.
    • Creating backdoors (though this is unethical and illegal without permission).
    • Setting up chat servers.
    • Relaying network traffic.

  • Server Mode: nc -lvp 1234 (listen on port 1234, verbose output) or nc -vnplp 1234 (no dns lookups)

  • Client Mode: nc 10.10.154.75 80 (connect to 10.10.154.75 on port 80)

  • -n: Disables DNS lookups, which can speed up scans and avoid revealing your DNS queries.

  • Privileges: Ports below 1024 often require root privileges to listen on. ![[Pasted image 20250104113407.png]]