You are previewing Kali Linux Web Penetration Testing Cookbook.
O'Reilly logo
Kali Linux Web Penetration Testing Cookbook

Book Description

Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2

About This Book

  • Familiarize yourself with the most common web vulnerabilities a web application faces, and understand how attackers take advantage of them

  • Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits

  • Learn how to prevent vulnerabilities in web applications before an attacker can make the most of it

  • Who This Book Is For

    This book is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. You should know the basics of operating a Linux environment and have some exposure to security technologies and tools.

    What You Will Learn

  • Set up a penetration testing laboratory in a secure way

  • Find out what information is useful to gather when performing penetration tests and where to look for it

  • Use crawlers and spiders to investigate an entire website in minutes

  • Discover security vulnerabilities in web applications in the web browser and using command-line tools

  • Improve your testing efficiency with the use of automated vulnerability scanners

  • Exploit vulnerabilities that require a complex setup, run custom-made exploits, and prepare for extraordinary scenarios

  • Set up Man in the Middle attacks and use them to identify and exploit security flaws within the communication between users and the web server

  • Create a malicious site that will find and exploit vulnerabilities in the user's web browser

  • Repair the most common web vulnerabilities and understand how to prevent them becoming a threat to a site's security

  • In Detail

    Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform and operating system that provides a huge array of testing tools, many of which can be used specifically to execute web penetration testing.

    This book will teach you, in the form step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure, for you and your users.

    Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. Finally, we will put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities.

    Style and approach

    Taking a recipe-based approach to web security, this book has been designed to cover each stage of a penetration test, with descriptions on how tools work and why certain programming or configuration practices can become security vulnerabilities that may put a whole system, or network, at risk. Each topic is presented as a sequence of tasks and contains a proper explanation of why each task is performed and what it accomplishes.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Kali Linux Web Penetration Testing Cookbook
      1. Table of Contents
      2. Kali Linux Web Penetration Testing Cookbook
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Setting Up Kali Linux
        1. Introduction
        2. Updating and upgrading Kali Linux
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Installing and running OWASP Mantra
          1. Getting ready
          2. How to do it...
          3. See also
        4. Setting up the Iceweasel browser
          1. How to do it...
          2. How it works...
          3. There's more...
        5. Installing VirtualBox
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        6. Creating a vulnerable virtual machine
          1. How to do it...
          2. How it works...
          3. See also
        7. Creating a client virtual machine
          1. How to do it...
          2. How it works...
          3. See also
        8. Configuring virtual machines for correct communication
          1. Getting ready
          2. How to do it...
          3. How it works...
        9. Getting to know web applications on a vulnerable VM
          1. Getting ready
          2. How to do it...
          3. How it works...
      9. 2. Reconnaissance
        1. Introduction
        2. Scanning and identifying services with Nmap
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        3. Identifying a web application firewall
          1. How to do it...
          2. How it works...
        4. Watching the source code
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Using Firebug to analyze and alter basic behavior
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Obtaining and modifying cookies
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Taking advantage of robots.txt
          1. How to do it...
          2. How it works...
        8. Finding files and folders with DirBuster
          1. Getting ready
          2. How to do it...
          3. How it works...
        9. Password profiling with CeWL
          1. How to do it...
          2. How it works...
          3. See also
        10. Using John the Ripper to generate a dictionary
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        11. Finding files and folders with ZAP
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
      10. 3. Crawlers and Spiders
        1. Introduction
        2. Downloading a page for offline analysis with Wget
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Downloading the page for offline analysis with HTTrack
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        4. Using ZAP's spider
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        5. Using Burp Suite to crawl a website
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Repeating requests with Burp's repeater
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Using WebScarab
          1. Getting ready
          2. How to do it...
          3. How it works...
        8. Identifying relevant files and directories from crawling results
          1. How to do it...
          2. How it works...
      11. 4. Finding Vulnerabilities
        1. Introduction
        2. Using Hackbar add-on to ease parameter probing
          1. Getting ready
          2. How to do it...
          3. How it works...
        3. Using Tamper Data add-on to intercept and modify requests
          1. How to do it...
          2. How it works...
        4. Using ZAP to view and alter requests
          1. Getting ready
          2. How to do it...
          3. How it works...
        5. Using Burp Suite to view and alter requests
          1. Getting ready
          2. How to do it...
          3. How it works...
        6. Identifying cross-site scripting (XSS) vulnerabilities
          1. How to do it...
          2. How it works...
          3. There's more...
        7. Identifying error based SQL injection
          1. How to do it...
          2. How it works...
          3. There's more...
        8. Identifying a blind SQL Injection
          1. How to do it...
          2. How it works...
          3. See also
        9. Identifying vulnerabilities in cookies
          1. How to do it
          2. How it works...
          3. There's more...
        10. Obtaining SSL and TLS information with SSLScan
          1. How to do it...
          2. How it works...
          3. There's more...
          4. See also
        11. Looking for file inclusions
          1. How to do it...
          2. How it works...
          3. There's more...
        12. Identifying POODLE vulnerability
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
      12. 5. Automated Scanners
        1. Introduction
        2. Scanning with Nikto
          1. How to do it...
          2. How it works...
        3. Finding vulnerabilities with Wapiti
          1. How to do it...
          2. How it works...
        4. Using OWASP ZAP to scan for vulnerabilities
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        5. Scanning with w3af
          1. How to do it...
          2. How it works...
          3. There's more...
        6. Using Vega scanner
          1. How to do it...
          2. How it works...
        7. Finding Web vulnerabilities with Metasploit's Wmap
          1. Getting ready
          2. How to do it...
          3. How it works...
      13. 6. Exploitation – Low Hanging Fruits
        1. Introduction
        2. Abusing file inclusions and uploads
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        3. Exploiting OS Command Injections
          1. How to do it...
          2. How it works...
        4. Exploiting an XML External Entity Injection
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Brute-forcing passwords with THC-Hydra
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Dictionary attacks on login pages with Burp Suite
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        7. Obtaining session cookies through XSS
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        8. Step by step basic SQL Injection
          1. How to do it...
          2. How it works...
        9. Finding and exploiting SQL Injections with SQLMap
          1. How to do it...
          2. How it works...
          3. There's more...
          4. See also
        10. Attacking Tomcat's passwords with Metasploit
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        11. Using Tomcat Manager to execute code
          1. How to do it...
          2. How it works...
      14. 7. Advanced Exploitation
        1. Introduction
        2. Searching Exploit-DB for a web server's vulnerabilities
          1. How to do it...
          2. How it works...
          3. There's more...
          4. See also
        3. Exploiting Heartbleed vulnerability
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Exploiting XSS with BeEF
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        5. Exploiting a Blind SQLi
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
        6. Using SQLMap to get database information
          1. How to do it...
          2. How it works...
        7. Performing a cross-site request forgery attack
          1. Getting ready
          2. How to do it...
        8. Executing commands with Shellshock
          1. How to do it...
          2. How it works...
          3. There's more...
        9. Cracking password hashes with John the Ripper by using a dictionary
          1. How to do it...
          2. How it works...
        10. Cracking password hashes by brute force using oclHashcat/cudaHashcat
          1. Getting ready
          2. How to do it...
          3. How it works...
      15. 8. Man in the Middle Attacks
        1. Introduction
        2. Setting up a spoofing attack with Ettercap
          1. Getting ready
          2. How to do it...
          3. How it works...
        3. Being the MITM and capturing traffic with Wireshark
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
        4. Modifying data between the server and the client
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. There's more...
          5. See also
        5. Setting up an SSL MITM attack
          1. How to do it...
          2. How it works...
          3. See also
        6. Obtaining SSL data with SSLsplit
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Performing DNS spoofing and redirecting traffic
          1. Getting ready
          2. How to do it...
          3. How it works...
          4. See also
      16. 9. Client-Side Attacks and Social Engineering
        1. Introduction
        2. Creating a password harvester with SET
          1. How to do it...
          2. How it works...
        3. Using previously saved pages to create a phishing site
          1. Getting ready
          2. How to do it...
          3. How it works...
        4. Creating a reverse shell with Metasploit and capturing its connections
          1. How to do it...
          2. How it works...
        5. Using Metasploit's browser_autpwn2 to attack a client
          1. How to do it...
          2. How it works...
        6. Attacking with BeEF
          1. Getting ready
          2. How to do it...
          3. How it works...
        7. Tricking the user to go to our fake site
          1. How to do it...
          2. How it works...
          3. There's more...
          4. See also
      17. 10. Mitigation of OWASP Top 10
        1. Introduction
        2. A1 – Preventing injection attacks
          1. How to do it...
          2. How it works...
          3. See also
        3. A2 – Building proper authentication and session management
          1. How to do it...
          2. How it works...
          3. See also
        4. A3 – Preventing cross-site scripting
          1. How to do it...
          2. How it works...
          3. See also
        5. A4 – Preventing Insecure Direct Object References
          1. How to do it...
          2. How it works...
        6. A5 – Basic security configuration guide
          1. How to do it...
          2. How it works...
        7. A6 – Protecting sensitive data
          1. How to do it...
          2. How it works...
        8. A7 – Ensuring function level access control
          1. How to do it...
          2. How it works...
        9. A8 – Preventing CSRF
          1. How to do it...
          2. How it works...
          3. See also
        10. A9 – Where to look for known vulnerabilities on third-party components
          1. How to do it...
          2. How it works...
        11. A10 – Redirect validation
          1. How to do it...
          2. How it works...
      18. Index