Chapter 4. Finding Vulnerabilities

In this chapter, we will cover:

Using Hackbar add-on to ease parameter probing
Using Tamper Data add-on to intercept and modify requests
Using ZAP to view and alter requests
Using Burp Suite to view and alter requests
Identifying cross site scripting (XSS) vulnerabilities
Identifying error based SQL injection
Identifying blind SQL Injection
Identifying vulnerabilities in cookies
Obtaining SSL and TLS information with SSLScan
Looking for file inclusions
Identifying POODLE vulnerability

Introduction

We have now finished the reconnaissance stage of our penetration test and have identified the kind of server and development framework our application uses and also some of its possible weak spots. It is now time to actually put ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Chapter 4. Finding Vulnerabilities

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly