AJAX/XML HTTP Requests Node
During the scan, Invicti lists the AJAX/XML HTTP Requests captured in the target application in the Knowledge Base panel. From this node, you can check that Invicti is detecting and simulating all of these requests, especially when scanning a client-side script heavy web application such as a single page application.
This is sometimes referred to as the XML HTTP Requests List.
AJAX (Asynchronous JavaScript and XML) is a client-side technique to communicate with a web server without refreshing the whole web page.
With AJAX, you can load a part of the web page dynamically with the help of XML, HTML, CSS, and JavaScript. JavaScript makes a request to a server, interprets the results, and displays them on the current screen. This whole process takes place in the background while a user continues to use the application.
Once the scan is completed, all AJAX/XML HTTP requests are listed under the AJAX/XML HTTP Requests node in the Knowledge Base, highlighted in red and bold. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.
Invicti forms Knowledge Base Nodes upon its findings. If AJAX/XML HTTP Requests are not listed, it means that Invicti could not capture any.
For further information, see Knowledge Base Nodes.
How to View the AJAX/XML HTTP Requests Node in Invicti Enterprise
- Log in to Invicti Enterprise.
- From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
- Next to the relevant website, click Report.
- From the Technical Report section, click the Knowledge Base tab.
- Click the AJAX/XML HTTP Requests node. The information is displayed in an AJAX/XML HTTP Requests tab.
How to View the AJAX/XML HTTP Requests Node in Invicti Standard
- Open Invicti Standard.
- Start a scan or open a previously saved scan.
- The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)
- Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
- Click the AJAX/XML HTTP Requests node in the Knowledge Base. All detected AJAX/XML HTTP Requests are displayed in the Knowledge Base Viewer.