# Useful Tips

Here are some tips to help you get the most out of web exploitation concepts, tools, and utilities:

* Check the URL for user information and queries, as well as the protocol being used
* Make a map of routes to understand the flow of a website
* Check general details and standard files such as the favicon, the *robots.txt* file, the *sitemap.xml* file, and the *security.txt* file, among others
* Check HTTP requests and responses, taking a view of specific details such as headers and their values
* Check the page source code, we can use left click or go to the *view-source:$URL* direction on the browser
  * Check the code commentaries (`<!--`), anchors to other routes (`<a`), framework information, *CSS* scripts, and *JS* scripts
  * Check the buttons and the files related to their actions
* Check if URL parameters are displayed directly on the screen. This will tell us that a code injection can be done
* Check if a site displays different types of errors when filling out a form
  * If the username field of a login form shows a different error with specific entries, it could mean that it is an existing user
* Check if the token parameters are sent in the petitions
* Modify the *HTML* code to change the limit of characters for filling out a form. This can be done using the *Inspect* option of the browser
* Check *the Inspect>Sources* tab on the browser to see the source files of the site. One of the most common is the *main.js* file, which normally contains the logic for the front-end, and in some cases, how the framework handles some important options like routing and configuration
* When testing a registration form, try to add a `"role": "admin"` field on the POST request to see if we can create a high-privilege account
* Check if it's possible to get information about a user or do actions without the *Authorization* header (normally requested on API endpoints)
* When checking requests with numeric parameters, check how they react to negative inputs
* Add breakpoints on the JavaScript of client-side apps to check the flow of the variables and actions, and even manipulate them
* Modify GET requests to APIs to make  PUT requests instead, by using the `Content-Type` header
* Changing PUT requests to PATCH requests could help make changes to an app
* When having access to the list of modules from the frameworks of the app, search for any related vulnerability on the versions being used
* Check certificates to look for weak certificates or the use of outdated security protocols
* Check the *allow\_url\_include* and *allow\_url\_fopen* parameters in the *ini.php* files to know if a remote file inclusion could be made via FTP, SMB, or HTTP
* When reviewing source code, search for *hidden* values in the HTML
* When a response is very plain, it suggests that it may have originated from a front-end system, which is useful for access control vulnerabilities
* When we note a possible IDOR vulnerable point, we should check for intermediate petitions that make redirections and can leak information


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kryptocoder.gitbook.io/hacking-knowledge/web-exploitation/useful-tips.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.