Re: How to list all the URLs on a web server

[PCSage Information Services <info () pcsage biz>]

I need some clarification of your environment to properly be of help...

Is the application not using https?

If not just sit a client on the same subnet and watch normal traffic to 
the webserver with a tool like ethereal or etherpeek... your client 
will soon see that there are plenty of ways to skin a cat...
It's all about networking after all...

njoy the looks on their faces.

Sean Swayze
swayze AT pcsage DOT biz

On 7-Jan-05, at 11:35 AM, Lists wrote:

> Hi Everyone,
>
> I am auditing a system where files are stored on a web server and 
> accessed without authentication directly by an application that knows 
> each file URL.  I don't like it but the app owner wants me to 
> demonstrate that someone could guess the URLs.  I have tried a number 
> of spider tools but they are based on links so they don't pull up 
> anything.
>
> I am wondering if there is a tool or another method where I could find 
> out all the URLs on the web site.   The funny thing is I saw this same 
> kind of system with the same explanation just the other week at 
> another company.  Maybe its a new trend...
>
> Regards,
> sakaba