2

What is the importance of identifying our target's web platform?

I have recently watched the video 'DEF CON 23 - Jason Haddix - How to Shot Web: Web and mobile hacking in 2015' from youtube and he highlighted the importance of platform identification using Chrome extensions such as Wapplyzer, Builtwith and etc. How will this help me in detecting vulnerability in my target's web?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Emanuel Beni
  • 133
  • 8
  • If you knew the target was Wordpress or Drupal, would that help you discover new vulnerabilities? Not in the code, but in the infrastructure? – schroeder Aug 27 '19 at 06:45

1 Answers1

3

If you do not know what you are attacking, you have no choice but try out all the tools you have in your arsenal. If you know more about your target, your attacks can be better targeted and tailored to whatever you want to achive.

For example, if you only know that there is some database behind that login form, you have to try all the possible SQLi's - but if you know the exact version of the webapp, database etc you can skip everything that is not fitting on that.

In addition, you might learn that there is a trivial to exploit vulnerability available and can go straight to the core, without having to probe around.

mhr
  • 329
  • 3
  • 10