Page 9 - Hands-On Bug Hunting for Penetration Testers
P. 9
Table of Contents
Tools 32
Using Burp 34
Attack Surface Reconnaisance – Strategies and the Value of
Standardization 34
Sitemaps 35
Scanning and Target Reconaissance 37
Brute-forcing Web Content 37
Spidering and Other Data-Collection Techniques 39
Burp Spider 39
Striker 40
Scrapy and Custom Pipelines 42
Manual Walkthroughs 42
Source Code 45
Building a Process 47
Formatting the JS Report 47
Downloading the JavaScript 50
Putting It All Together 51
The Value Behind the Structure 52
Summary 53
Questions 54
Further Reading 54
Chapter 4: Unsanitized Data – An XSS Case Study 55
Technical Requirements 56
A Quick Overview of XSS – The Many Varieties of XSS 56
Testing for XSS – Where to Find It, How to Verify It 57
Burp Suite and XSS Validator 57
Payload Sets 61
Payload Options 61
Payload Processing 62
XSS – An End-To-End Example 65
XSS in Google Gruyere 66
Gathering Report Information 69
Category 69
Timestamps 69
URL 70
Payload 70
Methodology 70
Instructions to Reproduce 70
Attack Scenario 71
Summary 72
Questions 72
Further Reading 72
Chapter 5: SQL, Code Injection, and Scanners 73
Technical Requirements 74
[ ii ]
