By Romain Thursday, November 30 2006 - 14:04 UTC - Tools - Permalink
One of the biggest issue with Grabber and AJAX stuffs is to get the script names, parameters etc. The best solution is of course to emulate/plug a JavaScript interpreter in the scanner thus you can see what calls are running etc.
But it's hard to do (even if I plan to plug spidermonkey with Grabber...)! Then, I've made a very small JavaScript scanner that try to get the URL and the parameters of the scripts.
It seems to work well even if the list of theses "dumb_parameters" is, in my tests, not twice bigger as the real list; but it catch everything.
I should be able to say that it will run every callable servers scripts.
This will be in the next version of Grabber.
Comments