	US 11,991,202 B2
	Scanning unexposed web applications for vulnerabilities
Jijo John, London (CA); Dmitriy Kashitsyn, Yorba Linda, CA (US); and Andrew Tisdale, Huntington Beach, CA (US)
Assigned to Rapid7, Inc., Boston, MA (US)
Filed by Rapid7, Inc., Boston, MA (US)
Filed on Dec. 8, 2021, as Appl. No. 17/545,022.
Application 17/545,022 is a continuation of application No. 16/545,044, filed on Aug. 20, 2019, granted, now 11,228,611.
Prior Publication US 2022/0159032 A1, May 19, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 21/50 (2013.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01); H04L 9/40 (2022.01)

CPC H04L 63/1433 (2013.01) [G06F 21/50 (2013.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01); H04L 63/10 (2013.01); H04L 63/1408 (2013.01); H04L 63/20 (2013.01)]

20 Claims

1. A computer-implemented method, comprising:

accessing a web application executing on a client computing device, wherein the web application loads elements of a document object model (DOM) at runtime from a virtual DOM utilized by a first web application framework;

determining, based on a DOM polling technique, that elements in the DOM are completely loaded from the virtual DOM;

selecting one or more elements and associated events from the DOM;

generating a list of elements based at least in part on a matching of the one or more elements and associated events selected with a set of common elements and associated events used by the first web application framework; and

transferring the list of elements and associated properties to a web application scanner.