Description
This plugin searches for various Rich Internet Application files. It currently searches for: Google gears manifests These files are used to determine which files are locally cached by google gears. They do not get cleared when the browser cache is cleared and may contain sensitive information. Flex crossdomain.xml This file stores domains which are allowed to make cross domain requests to the server. Silverlight clientaccesspolicy.xml This file determines which clients can access the server in place of the crossdomain.xml. Two configurable parameters exists:
- wordlist: The wordlist to be used in the gears bruteforce process.
- manifestExtensions: File extensions to use during manifest bruteforcing.
Plugin type
Options
| Name | Type | Default Value | Description | Help |
| wordlist | string | plugins/crawl/ria_enumerator/common_filenames.db | Wordlist to use in the manifest file name bruteforcing process. | No detailed help available |
| manifestExtensions | list | [”, ‘.php’, ‘.json’, ‘.txt’, ‘.gears’] | File extensions to use when brute forcing Gears Manifest files | No detailed help available |
Source
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
Dependencies
This plugin has no dependencies.
