Question

Before we dive into anything else, it will help to first manually walk through the application to learn more about it. Try to uncover every feature in the application that users can access by browsing through every page and clicking every link. Access the functionalities that you don’t usually use.

在我们深入讨论其他内容之前，首先手动浏览一遍应用程序会有所帮助，以更好地了解它。尝试浏览每一页并点击每个链接，揭示用户可以访问的应用程序中的每个功能。使用通常不用的功能。

For example, if you’re hacking Facebook, try to create an event, play a game, and use the payment functionality if you’ve never done so before. Sign up for an account at every privilege level to reveal all of the application’s features. For example, on Slack, you can create owners, admins, and members of a workspace. Also create users who are members of different channels under the same workspace. This way, you can see what the application looks like to different users.

例如，如果你想要黑客 Facebook，尝试创建一个事件，玩一个游戏，并使用付款功能（如果你以前从未使用过）。在每个特权级别上注册一个帐户，以揭示应用程序的所有功能。例如，在 Slack 上，你可以创建工作区的所有者、管理员和成员。还可以创建不同频道下的成员用户。这样，你就可以看到应用程序对不同用户的外观。

This should give you a rough idea of what the attack surface (all of the different points at which an attacker can attempt to exploit the application) looks like, where the data entry points are, and how different users interact with each other. Then you can start a more in-depth recon process: finding out the technology and structure of an application.

这应该给你一个大致的概念，攻击面（攻击者可以尝试利用应用程序的所有不同点）是什么样子的，数据输入点在哪里，不同用户如何相互交互。然后你就可以开始更深入的侦查过程：了解应用程序的技术和结构。