Hands-On Application Penetration Testing with Burp Suite : Use Burp Suite and Its Features to Inspect, Detect, and Exploit Security Vulnerabilities in Your Web Applications.
Using Burp Suite, you can quickly build proof of concepts, extract data via an exploit, attack multiple end points in an application and even begin to script complex multi stage attacks. This book will provide a hands-on coverage on how you can get started with executing an application penetration t...
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Otros Autores: | , |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham :
Packt Publishing Ltd,
2019.
|
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Title Page; Copyright and Credits; Contributors; About Packt; Table of Contents; Preface; Chapter 1: Configuring Burp Suite; Getting to know Burp Suite; Setting up proxy listeners; Managing multiple proxy listeners; Working with non-proxy-aware clients; Creating target scopes in Burp Suite; Working with target exclusions; Quick settings before beginning; Summary; Chapter 2: Configuring the Client and Setting Up Mobile Devices; Setting up Firefox to work with Burp Suite (HTTP and HTTPS); Setting up Chrome to work with Burp Suite (HTTP and HTTPS)
- Setting up Chrome proxy options on Linux Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS); Additional browser add-ons that can be used to manage proxy settings; FoxyProxy for Firefox; Proxy SwitchySharp for Google Chrome; Setting system-wide proxy for non-proxy-aware clients; Linux or macOS X; Windows; Setting up Android to work with Burp Suite; Setting up iOS to work with Burp Suite; Summary; Chapter 3: Executing an Application Penetration Test; Differences between a bug bounty and a client-initiated pentest; Initiating a penetration test
- Why Burp Suite? Let's cover some groundwork!Types and features; Crawling; Why Burp Suite Scanner?; Auditor/Scanner; Understanding the insertion points; Summary; Chapter 4: Exploring the Stages of an Application Penetration Test; Stages of an application pentest; Planning and reconnaissance; Client-end code analysis; Manual testing; Various business logic flaws; Second-order SQL injection; Pentesting cryptographic parameters; Privilege escalation; Sensitive information disclosures; Automated testing; Exploiting discovered issues; Digging deep for data exfiltration; Taking shells; Reporting
- Getting to know Burp Suite betterFeatures of Burp Suite; Dashboard; Target ; Proxy; Intruder; Repeater; Comparer; Sequencer; Decoder; Extender; Project options; User options; Summary; Chapter 5: Preparing for an Application Penetration Test; Setup of vulnerable web applications; Setting up Xtreme Vulnerable Web Application; Setting up OWASP Broken Web Application; Reconnaissance and file discovery; Using Burp for content and file discovery; Testing for authentication via Burp; Brute forcing login pages using Burp Intruder; Testing for authentication page for SQL injection; Summary
- Chapter 6: Identifying Vulnerabilities Using Burp SuiteDetecting SQL injection flaws; Manual detection; Scanner detection; CO2 detection; Detecting OS command injection; Manual detection; Detecting XSS vulnerabilities; Detecting XML-related issues, such as XXE; Detecting SSTI; Detecting SSRF; Summary; Chapter 7: Detecting Vulnerabilities Using Burp Suite; Detecting CSRF; Detecting CSRF using Burp Suite; Steps for detecting CSRF using Burp Suite; Detecting Insecure Direct Object References; Detecting security misconfigurations; Unencrypted communications and clear text protocols