Crawling AJAX applications
In an AJAX-based application, the links that the crawler can identify depend on the application's logic flow. In this section, we will talk about three tools that can be used to crawl AJAX applications:
- The AJAX Crawling Tool
- Sprajax
- AJAX Spider OWASP ZAP
Note
As with any automated task, crawling AJAX applications must be carefully configured, logged, and monitored, as they may cause calls to unexpected functions and trigger undesired effects on the application, affecting the contents of the database, for example.
AJAX Crawling Tool
AJAX Crawling Tool (ACT) is used to enumerate AJAX applications. It can be integrated with web application proxies. Once crawled, the links are visible in the proxy interface. From there, you can test the application for vulnerabilities. To set up and use ACT, follow these instructions:
- Download the ACT from the following URL:
https://code.google.com/p/fuzzops-ng/downloads/list
- After downloading ACT, start it from the bash shell using the following...
