Store large data client-side with AMASS

Share this article

The AJAX MAss Storage System
(AMASS) is a clever blend of JavaScript and Flash that doesn’t actually have anything to do with AJAX — except that it will help decrease the amount of AJAX you have to use to produce Web applications with rich user interfaces that behave like desktop apps. AMASS inserts an invisible Flash movie the page in order to borrow a feature from the Flash Plugin, expanding JavaScript’s local data storage capacity (data stored on the end user’s machine, rather than on the Web server) from the 4KB offered by cookies up to 100KB, or even to any arbitrary size if the user grants permission when prompted. Just what is this useful for? Well, with the amount of data users are typing into Web pages these days, features like undo and auto-save are starting to become vital, and AMASS makes them much easier (and less costly) to implement. Gmail recently added auto-save to its offering, saving a draft copy every few minutes as you work on an email, so that you don’t lose your work if your two-year-old runs in and jabs the reset button on your computer again. Gmail implements this by periodically sending a copy of your work-in-progress to the server, but that’s a lot of bandwidth for such a simple feature. The reason for sending it to the server is that, traditionally, JavaScript was limited to 4KB of local data storage. Depending on how you use your email, messages over 4KB could be routine. With the expanded capacity offered by AMASS, this limit need no longer apply. In its initial test version, AMASS supports Internet Explorer 6, Firefox, and other Mozilla-based browsers on Windows only. Linux is untested, and there are known problems on the Mac. Still, it’s an innovative idea that may pan out into a useful tool if the author can solve the compatibility issues.

Frequently Asked Questions (FAQs) about Storing Large Data Client-Side with Amass

How can I install Amass on different operating systems?

Amass can be installed on various operating systems including Linux, Windows, and MacOS. For Linux, you can use the command ‘sudo apt install -y amass’. For Windows, you can download the latest release from the GitHub repository and extract the zip file. For MacOS, you can use Homebrew and run the command ‘brew tap caffix/amass’ followed by ‘brew install amass’.

What are the main features of Amass?

Amass is a powerful tool that offers several features. It can perform DNS enumeration and mapping of attack surfaces. It can also discover subdomains and pull certificate data from SSL certificates. Additionally, it can visualize the network exposure with the help of graph databases.

How can I use Amass for subdomain enumeration?

To use Amass for subdomain enumeration, you can use the command ‘amass enum -d example.com’. This command will start the enumeration process for the domain ‘example.com’. The results will include all the discovered subdomains.

How can I visualize data using Amass?

Amass allows you to visualize data using graph databases. You can use the ‘amass viz -d3 path_to_your_graphdb’ command to generate a D3 v4 force-directed graph. You can then open the generated HTML file in your browser to view the graph.

Can I use Amass for bug bounty hunting?

Yes, Amass is a great tool for bug bounty hunting. It can help you discover subdomains and expose a larger attack surface. This can be particularly useful when looking for vulnerabilities in a target’s infrastructure.

How can I use Amass to pull certificate data?

You can use the ‘amass intel -active -d example.com’ command to pull certificate data. This command will actively query the internet for information about the domain ‘example.com’ and its subdomains.

What is the difference between passive and active data collection in Amass?

Passive data collection in Amass involves gathering data without directly interacting with the target, such as pulling data from public databases and certificate transparency logs. Active data collection, on the other hand, involves direct interaction with the target, such as DNS queries and web requests.

How can I update Amass to the latest version?

You can update Amass by downloading the latest release from the GitHub repository. For Linux, you can also use the command ‘sudo apt update && sudo apt upgrade -y amass’.

Can I use Amass in combination with other tools?

Yes, Amass can be used in combination with other tools. For example, you can use it with Nmap for port scanning, or with Burp Suite for web application testing.

How can I troubleshoot issues with Amass?

If you encounter issues with Amass, you can check the official documentation on GitHub. You can also raise an issue on the GitHub repository, or ask for help in the OWASP Amass Discord community.

Kevin YankKevin Yank
View Author

Kevin Yank is an accomplished web developer, speaker, trainer and author of Build Your Own Database Driven Website Using PHP & MySQL and Co-Author of Simply JavaScript and Everything You Know About CSS is Wrong! Kevin loves to share his wealth of knowledge and it didn't stop at books, he's also the course instructor to 3 online courses in web development. Currently Kevin is the Director of Front End Engineering at Culture Amp.

Share this article
Read Next
Get the freshest news and resources for developers, designers and digital creators in your inbox each week