# Web

- [API](https://x7331.gitbook.io/boxes/tl-dr/web/api.md)
- [What is an API?](https://x7331.gitbook.io/boxes/tl-dr/web/api/what-is-an-api.md)
- [Useful Terms](https://x7331.gitbook.io/boxes/tl-dr/web/api/useful-terms.md)
- [Collection Creation](https://x7331.gitbook.io/boxes/tl-dr/web/api/collection-creation.md)
- [Enumeration](https://x7331.gitbook.io/boxes/tl-dr/web/api/enumeration.md)
- [Tests](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests.md)
- [General](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/general.md)
- [Security Headers](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/security-headers.md)
- [Security Misconfigurations](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/security-misconfigurations.md)
- [Authorization](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authorization.md)
- [BOLA](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authorization/bola.md)
- [BFLA](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authorization/bfla.md)
- [Authentication](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication.md)
- [BFAs](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/bfas.md)
- [Tokens](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/tokens.md)
- [JWTs](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/jwts.md)
- [Entropy Analysis](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/jwts/entropy-analysis.md)
- [Signature Validation](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/jwts/signature-validation.md)
- [Weak Signature](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/jwts/weak-signature.md)
- [Header Injection](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/jwts/header-injection.md)
- [Algorithm Confusion](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/authentication/jwts/algorithm-confusion.md)
- [Excessive Data Exposure](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/excessive-data-exposure.md)
- [HTTP Verb Tampering](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/http-verb-tampering.md)
- [Content Type Tampering](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/content-type-tampering.md)
- [Improper Asset Management](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/improper-asset-management.md)
- [Mass Assignment](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/mass-assignment.md)
- [SSRF](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/ssrf.md)
- [Unrestriced Resource Consumption](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/unrestriced-resource-consumption.md)
- [Unrestricted Access to Sensitive Business Flows](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/unrestricted-access-to-sensitive-business-flows.md)
- [Unsafe API Consumption](https://x7331.gitbook.io/boxes/tl-dr/web/api/tests/unsafe-api-consumption.md)
- [Tools](https://x7331.gitbook.io/boxes/tl-dr/web/api/tools.md)
- [mitmweb](https://x7331.gitbook.io/boxes/tl-dr/web/api/tools/mitmweb.md)
- [KiteRunner](https://x7331.gitbook.io/boxes/tl-dr/web/api/tools/kiterunner.md)
- [Arjun](https://x7331.gitbook.io/boxes/tl-dr/web/api/tools/arjun.md)
- [jwt\_tool](https://x7331.gitbook.io/boxes/tl-dr/web/api/tools/jwt_tool.md)
- [Applications](https://x7331.gitbook.io/boxes/tl-dr/web/applications.md)
- [Atlassian Confluence](https://x7331.gitbook.io/boxes/tl-dr/web/applications/atlassian-confluence.md)
- [BoxBilling](https://x7331.gitbook.io/boxes/tl-dr/web/applications/boxbilling.md)
- [Cassandra Web](https://x7331.gitbook.io/boxes/tl-dr/web/applications/cassandra-web.md)
- [Gerapy](https://x7331.gitbook.io/boxes/tl-dr/web/applications/gerapy.md)
- [Grafana](https://x7331.gitbook.io/boxes/tl-dr/web/applications/grafana.md)
- [LimeSurvey](https://x7331.gitbook.io/boxes/tl-dr/web/applications/limesurvey.md)
- [Mantis BT](https://x7331.gitbook.io/boxes/tl-dr/web/applications/mantis-bt.md)
- [OMRS](https://x7331.gitbook.io/boxes/tl-dr/web/applications/omrs.md)
- [Online Discussion Forum](https://x7331.gitbook.io/boxes/tl-dr/web/applications/online-discussion-forum.md)
- [OpenEMR](https://x7331.gitbook.io/boxes/tl-dr/web/applications/openemr.md)
- [Prison Management System](https://x7331.gitbook.io/boxes/tl-dr/web/applications/prison-management-system.md)
- [RaspAP](https://x7331.gitbook.io/boxes/tl-dr/web/applications/raspap.md)
- [rConfig](https://x7331.gitbook.io/boxes/tl-dr/web/applications/rconfig.md)
- [Responsive Filemanager](https://x7331.gitbook.io/boxes/tl-dr/web/applications/responsive-filemanager.md)
- [SimplePHPGal](https://x7331.gitbook.io/boxes/tl-dr/web/applications/simplephpgal.md)
- [SO Planning](https://x7331.gitbook.io/boxes/tl-dr/web/applications/so-planning.md)
- [Sonatype Nexus](https://x7331.gitbook.io/boxes/tl-dr/web/applications/sonatype-nexus.md)
- [SynaMan](https://x7331.gitbook.io/boxes/tl-dr/web/applications/synaman.md)
- [TeamCity](https://x7331.gitbook.io/boxes/tl-dr/web/applications/teamcity.md)
- [Tiny File Manager](https://x7331.gitbook.io/boxes/tl-dr/web/applications/tiny-file-manager.md)
- [Vesta Control Panel](https://x7331.gitbook.io/boxes/tl-dr/web/applications/vesta-control-panel.md)
- [ZoneMinder](https://x7331.gitbook.io/boxes/tl-dr/web/applications/zoneminder.md)
- [Common Findings](https://x7331.gitbook.io/boxes/tl-dr/web/common-findings.md)
- [Security Headers](https://x7331.gitbook.io/boxes/tl-dr/web/common-findings/security-headers.md)
- [Content Security Policy](https://x7331.gitbook.io/boxes/tl-dr/web/common-findings/security-headers/content-security-policy.md)
- [Cookie Flags](https://x7331.gitbook.io/boxes/tl-dr/web/common-findings/cookie-flags.md)
- [SSL/TLS](https://x7331.gitbook.io/boxes/tl-dr/web/common-findings/ssl-tls.md)
- [Authentication](https://x7331.gitbook.io/boxes/tl-dr/web/authentication.md)
- [Broken Reset Logic](https://x7331.gitbook.io/boxes/tl-dr/web/authentication/broken-reset-logic.md)
- [Brute Force Attacks](https://x7331.gitbook.io/boxes/tl-dr/web/authentication/brute-force-attacks.md)
- [PHP strcmp](https://x7331.gitbook.io/boxes/tl-dr/web/authentication/php-strcmp.md)
- [Rate Limiting](https://x7331.gitbook.io/boxes/tl-dr/web/authentication/rate-limiting.md)
- [Session Tokens](https://x7331.gitbook.io/boxes/tl-dr/web/authentication/session-tokens.md)
- [MFA](https://x7331.gitbook.io/boxes/tl-dr/web/authentication/mfa.md)
- [JWTs](https://x7331.gitbook.io/boxes/tl-dr/web/authentication/jwts.md)
- [Authorization](https://x7331.gitbook.io/boxes/tl-dr/web/authorization.md)
- [IDOR / BOLA](https://x7331.gitbook.io/boxes/tl-dr/web/authorization/idor-bola.md)
- [IDOR / BFLA](https://x7331.gitbook.io/boxes/tl-dr/web/authorization/idor-bfla.md)
- [Weak Access Controls](https://x7331.gitbook.io/boxes/tl-dr/web/authorization/weak-access-controls.md)
- [Automated A-B Testing](https://x7331.gitbook.io/boxes/tl-dr/web/authorization/automated-a-b-testing.md)
- [CMS](https://x7331.gitbook.io/boxes/tl-dr/web/cms.md): Content Management System Testing
- [BarracudaDrive/FuguHub](https://x7331.gitbook.io/boxes/tl-dr/web/cms/barracudadrive-fuguhub.md)
- [CS-Cart](https://x7331.gitbook.io/boxes/tl-dr/web/cms/cs-cart.md)
- [CuteNews](https://x7331.gitbook.io/boxes/tl-dr/web/cms/cutenews.md)
- [DNN](https://x7331.gitbook.io/boxes/tl-dr/web/cms/dnn.md)
- [eXtplorer](https://x7331.gitbook.io/boxes/tl-dr/web/cms/extplorer.md)
- [Grav](https://x7331.gitbook.io/boxes/tl-dr/web/cms/grav.md)
- [Joomla](https://x7331.gitbook.io/boxes/tl-dr/web/cms/joomla.md)
- [Monstra](https://x7331.gitbook.io/boxes/tl-dr/web/cms/monstra.md)
- [Responsive Online Blog](https://x7331.gitbook.io/boxes/tl-dr/web/cms/responsive-online-blog.md)
- [RiteCMS](https://x7331.gitbook.io/boxes/tl-dr/web/cms/ritecms.md)
- [Subrion](https://x7331.gitbook.io/boxes/tl-dr/web/cms/subrion.md)
- [Umbraco](https://x7331.gitbook.io/boxes/tl-dr/web/cms/umbraco.md)
- [WordPress](https://x7331.gitbook.io/boxes/tl-dr/web/cms/wordpress.md)
- [Cross-Origin](https://x7331.gitbook.io/boxes/tl-dr/web/cross-origin.md)
- [Cross-Origin 101](https://x7331.gitbook.io/boxes/tl-dr/web/cross-origin/cross-origin-101.md)
- [CSRF](https://x7331.gitbook.io/boxes/tl-dr/web/cross-origin/csrf.md)
- [CORS](https://x7331.gitbook.io/boxes/tl-dr/web/cross-origin/cors.md)
- [DevOps](https://x7331.gitbook.io/boxes/tl-dr/web/devops.md)
- [APM Tools](https://x7331.gitbook.io/boxes/tl-dr/web/devops/apm-tools.md)
- [php-spx](https://x7331.gitbook.io/boxes/tl-dr/web/devops/apm-tools/php-spx.md)
- [Gitea](https://x7331.gitbook.io/boxes/tl-dr/web/devops/gitea.md)
- [GitLab](https://x7331.gitbook.io/boxes/tl-dr/web/devops/gitlab.md)
- [Git Tools](https://x7331.gitbook.io/boxes/tl-dr/web/devops/git-tools.md)
- [Jenkins](https://x7331.gitbook.io/boxes/tl-dr/web/devops/jenkins.md)
- [Dirbusting](https://x7331.gitbook.io/boxes/tl-dr/web/dirbusting.md)
- [File Inclusion](https://x7331.gitbook.io/boxes/tl-dr/web/file-inclusion.md)
- [LFI & RFI](https://x7331.gitbook.io/boxes/tl-dr/web/file-inclusion/lfi-and-rfi.md)
- [RCE](https://x7331.gitbook.io/boxes/tl-dr/web/file-inclusion/rce.md)
- [File Uploads](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads.md)
- [Attacks](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/attacks.md)
- [File Types](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/file-types.md)
- [GIF](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/file-types/gif.md)
- [LibreOffice](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/file-types/libreoffice.md)
- [PDF](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/file-types/pdf.md)
- [PHAR](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/file-types/phar.md)
- [SVG](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/file-types/svg.md)
- [ZIP](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/file-types/zip.md)
- [Filters](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/filters.md)
- [.htaccess](https://x7331.gitbook.io/boxes/tl-dr/web/file-uploads/.htaccess.md)
- [Frameworks](https://x7331.gitbook.io/boxes/tl-dr/web/frameworks.md)
- [Laravel](https://x7331.gitbook.io/boxes/tl-dr/web/frameworks/laravel.md)
- [Spring](https://x7331.gitbook.io/boxes/tl-dr/web/frameworks/spring.md)
- [Vaadin](https://x7331.gitbook.io/boxes/tl-dr/web/frameworks/vaadin.md)
- [Injections](https://x7331.gitbook.io/boxes/tl-dr/web/injections.md)
- [SQLi](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli.md)
- [SQLi 101](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli/sqli-101.md)
- [In Band](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli/in-band.md)
- [Blind](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli/blind.md)
- [NoSQLi](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli/nosqli.md)
- [Second Order](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli/second-order.md)
- [Other](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli/other.md)
- [SQLMap](https://x7331.gitbook.io/boxes/tl-dr/web/injections/sqli/sqlmap.md)
- [XSS](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xss.md)
- [XSS 101](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xss/xss-101.md)
- [Reflected](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xss/reflected.md)
- [Stored](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xss/stored.md)
- [DOM-Based](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xss/dom-based.md)
- [Exploitation](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xss/exploitation.md)
- [Payloads](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xss/payloads.md)
- [CI](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ci.md)
- [CI](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ci/ci.md)
- [Examples](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ci/examples.md)
- [Filters](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ci/filters.md)
- [happy-dom](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ci/happy-dom.md)
- [SSTI](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti.md)
- [SSTI 101](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/ssti-101.md)
- [Twig](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/twig.md)
- [Freemarker](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/freemarker.md)
- [Pug](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/pug.md)
- [Jinja](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/jinja.md)
- [Mustache](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/mustache.md)
- [Handlebars](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/handlebars.md)
- [Mako](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/mako.md)
- [Case Study: Craft CMS](https://x7331.gitbook.io/boxes/tl-dr/web/injections/ssti/case-study-craft-cms.md)
- [XXEI](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xxei.md)
- [XML 101](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xxei/xml-101.md)
- [XXEI](https://x7331.gitbook.io/boxes/tl-dr/web/injections/xxei/xxei.md)
- [Mass Assignment](https://x7331.gitbook.io/boxes/tl-dr/web/mass-assignment.md)
- [Open Redirects](https://x7331.gitbook.io/boxes/tl-dr/web/open-redirects.md)
- [OpenFire](https://x7331.gitbook.io/boxes/tl-dr/web/openfire.md)
- [Race Conditions](https://x7331.gitbook.io/boxes/tl-dr/web/race-conditions.md)
- [SSRF](https://x7331.gitbook.io/boxes/tl-dr/web/ssrf.md)
- [Exploitation](https://x7331.gitbook.io/boxes/tl-dr/web/ssrf/exploitation.md)
- [Examples](https://x7331.gitbook.io/boxes/tl-dr/web/ssrf/examples.md)
- [WAFs](https://x7331.gitbook.io/boxes/tl-dr/web/wafs.md)
- [WebDAV](https://x7331.gitbook.io/boxes/tl-dr/web/webdav.md)
- [Web Servers](https://x7331.gitbook.io/boxes/tl-dr/web/web-servers.md)
- [Apache](https://x7331.gitbook.io/boxes/tl-dr/web/web-servers/apache.md)
- [IIS](https://x7331.gitbook.io/boxes/tl-dr/web/web-servers/iis.md)
- [Nginx](https://x7331.gitbook.io/boxes/tl-dr/web/web-servers/nginx.md)
- [Tomcat](https://x7331.gitbook.io/boxes/tl-dr/web/web-servers/tomcat.md)
- [XAMPP](https://x7331.gitbook.io/boxes/tl-dr/web/web-servers/xampp.md)
- [WebSockets](https://x7331.gitbook.io/boxes/tl-dr/web/websockets.md)
- [Web Tools](https://x7331.gitbook.io/boxes/tl-dr/web/web-tools.md)
- [amass](https://x7331.gitbook.io/boxes/tl-dr/web/web-tools/amass.md)
- [BurpSuite](https://x7331.gitbook.io/boxes/tl-dr/web/web-tools/burpsuite.md)
- [cURL](https://x7331.gitbook.io/boxes/tl-dr/web/web-tools/curl.md)
- [GoWitness](https://x7331.gitbook.io/boxes/tl-dr/web/web-tools/gowitness.md)
- [Hakrawler](https://x7331.gitbook.io/boxes/tl-dr/web/web-tools/hakrawler.md)
- [WhatWeb](https://x7331.gitbook.io/boxes/tl-dr/web/web-tools/whatweb.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://x7331.gitbook.io/boxes/tl-dr/web.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.