Page 26 - Hands-On Bug Hunting for Penetration Testers
P. 26
Joining the Hunt Chapter 1
Here's a brief overview of some of the technologies we will be using:
Burp Suite is a versatile program that can intercept web traffic (Burp Proxy),
trigger application information submission (Burp Intruder), scan input against
malicious code snippets (Burp Scanner), and d with the possibilities offered by
extensions d a multitude of other things. We'll go over both using the native Burp
functionality as well as how to incorporate simple extensions. Some of the paid
functionalities, such as Burp Scan, will only receive an overview, in favor of
focusing on the features available in the free version.
Nmap, sqlmap, wfuzz, arachnid, and other CLI programs are great for their
ability to be assembled into larger workflows, feeding information into adjacent
tools (Burp and others), kicking off other automation, or consistently visualizing
a target's attack surface.
Deliberately vulnerable web applications are a different category of tooling d less
for use in an actual pentesting engagement and designed more to either test out
new ideas or calibrate an existing method or technology for those times when
you need to return a positive result for a specific vulnerability. We'll be doing
both with our use of deliberately vulnerable web apps, such as Google Gruyere,
Target Range, DAMN vulnerable web app, and others. You can find a list of
more DVWA in the sites section of $IBQUFS , Going Further.
While we'll be going through the setup for these tools as we use them, it's still a good idea
to poke around their installation and documentation pages. Because of their depth, many of
these tools will have useful functionalities that we simply won't be able to completely cover
in the course of our work. We'll also only skim the surface of tools not specific to
securitybthe notebtaking, logging, and other general productivity functionality
represented by those apps can easily be replaced by whatever analogue you're most
comfortable with.
[ 11 ]
