Book Image

Kali Linux - An Ethical Hacker's Cookbook

By : Himanshu Sharma
Book Image

Kali Linux - An Ethical Hacker's Cookbook

By: Himanshu Sharma

Overview of this book

With the current rate of hacking, it is very important to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2016.2) according to your needs, and move on to core functionalities. This book will start with the installation and configuration of Kali Linux so that you can perform your tests. You will learn how to plan attack strategies and perform web application exploitation using tools such as Burp, and Jexboss. You will also learn how to perform network exploitation using Metasploit, Sparta, and Wireshark. Next, you will perform wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Lastly, you will learn how to create an optimum quality pentest report! By the end of this book, you will know how to conduct advanced penetration testing thanks to the book’s crisp and task-oriented recipes.
Table of Contents (20 chapters)
Title Page
Credits
Disclaimer
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
6
Wireless Attacks – Getting Past Aircrack-ng

Exploiting XSS with XSS Validator


While XSS is already detected by various tools such as Burp, Acunetix, and so on, XSS Validator comes in handy. It is the Burp Intruder and Extender that has been designed to automatically validate XSS vulnerabilities.

Getting ready

To use the tool in the following recipe, we will need to have SlimerJS and PhantomJS installed on our machines.

How to do it...

The following steps demonstrate the XSS Validator:

  1. We open up Burp and switch to the Extender tab:
  1. We then install the XSS Validator extender:
  1. Once the installation is done, we will see a new tab in the Burp window titled xssValidator:
  1. Next, we install PhantomJS and SlimerJS; this can be done on Kali with a few simple commands.
  2. We download both the PhantomJS file from the internet using wget:
        sudo wget https://bitbucket.org/ariya/phantomjs/downloads/
     ...