更新时间:2021-06-25 20:54:30
封面
版权信息
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Building a Vulnerable Web Application Lab
Downloading Mutillidae
Installing Mutillidae on Windows
Downloading and installing XAMPP
Mutillidae installation
Installing Mutillidae on Linux
Using Mutillidae
User registration
Showing hints and setting security levels
Application reset
OWASP Top 10
Summary
Kali Linux Installation
Introducing Kali Linux
Installing Kali Linux from scratch
Installing Kali on VMware
Installing Kali on VirtualBox
Bridged versus NAT versus Internal Network
Updating Kali Linux
Delving Deep into the Usage of Kali Linux
The Kali filesystem structure
Handling applications and packages
The Advanced Packaging Tool
Debian's package management system
Using dpkg commands
Handling the filesystem in Kali
File compression commands
Security management
Secure shell protocol
Configuring network services in Kali
Setting a static IP on Kali
Checking active connections in Kali
Process management commands
Htop utility
Popular commands for process management
System info commands
All About Using Burp Suite
An introduction to Burp Suite
A quick example
Visualizing the application structure using Burp Target
Intercepting the requests/responses using Burp Proxy
Setting the proxy in your browser
BURP SSL certificate
Burp Proxy options
Crawling the web application using Burp Spider
Manually crawling by using the Intruder tool
Automated crawling and finding hidden spots
Looking for web vulnerabilities using the scanner
Replaying web requests using the Repeater tab
Fuzzing web requests using the Intruder tab
Intruder attack types
Practical examples
Installing third-party apps using Burp Extender
Understanding Web Application Vulnerabilities
File Inclusion
Local File Inclusion
Remote File Inclusion
Cross-Site Scripting
Reflected XSS
Stored XSS
Exploiting stored XSS using the header
DOM XSS
JavaScript validation
Cross-Site Request Forgery
Step 01 – victim
Step 02 – attacker
Results
SQL Injection
Authentication bypass
Extracting the data from the database
Error-based SQLi enumeration
Blind SQLi
Command Injection
1 – Injection
2 – Broken Authentication
