Information Gathering refers to obtaining as much information about the target site as possible through various methods and using relevant tools. It is the first step to be completed in the testing process, and it is also a very important step. In web testing, information collection is an indispensable part. The quality of information collection determines the effect of post-test to a large extent. Sufficient information collection can often get twice the result with half the effort, and it may also be a factor in later testing. An entrance that plays a key role in ***. This article mainly introduces F12 information collection and related techniques based on actual combat!
F12 Developer Tools is a set of tools that can help developers generate and debug web pages. It mainly includes elements, network, sources, timeliness, Profiles, resources, audits, and console modules, as shown in Figure 1-1 :
##Figure 1-1 Figure 1-1 F12 Developer Tools PageF12 Developer is the most basic information collection in my opinion, and it is also the simplest , the fastest information collection, through F12 we can collect a lot of information that is not on the surface, mainly including annotation information collection, hidden information collection, relative path information collection, webserver information collection and JavaScript function information collection, etc. 1.1.1 Collection of annotation informationThe pages we visit on the front end often have annotation information in the page source code. These annotation information often contain a lot of sensitive information. It may be a download link for a certain file, or it may be some hidden functional modules, or even more likely to be some sensitive information that you did not expect. In the elements module of F12, we can expand nodes step by step to view annotation information, but this is too inefficient, because in this module we cannot use [Ctrl F] to search for annotation information. In addition, we can view the page source The code is used to search for annotation information, but the search results are not continuous, which is not very convenient for us to view. In F12, we can click the show drawer logo () in the upper right corner to search for all characters
The above is the detailed content of How to use F12 information collection. For more information, please follow other related articles on the PHP Chinese website!