How Can I Expand the Forced Browsing Attack List?

Category: Product Docs & FAQS - Thu, 01 Jan 2015 - by Robert Abela

Forced Browsing is a security check in which the web vulnerability scanner tries to enumerate and access resources that are not linked from the web application but are still accessible. It is also commonly reffered to as Common Directories check. If such resources such as backup files and admin portals are discovered they could aid an attacker craft an attack against your website.

The Forced Browsing attacks in Netsparker are handled by the Resource Finder module.

Enabling / Disabling the Forced Browsing Security Check

By default the Forced browsing check is enabled and you can disable it by unticking the option Common Directories in the Scan > Security Checks section when configuring your scan policy.

Configuring the forced browsing security check in Netsparker Desktop

From this section you can also specify how many checks

Add Your Own Forced Browsing Keyword List

To add a list of keywords for forced browsing you can either update the existing list that Netsparker has or simply replace it. The list that Netsparker uses can be found in the following file:

My Documents\Netsparker\Resources\Configuration\Folders.txt

Once you update or replace the file restart Netsparker Desktop so it can load the new file.

 


Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

DOWNLOAD DEMO TRY ONLINE SCAN