Book Image

Web Penetration Testing with Kali Linux

Book Image

Web Penetration Testing with Kali Linux

Overview of this book

Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities. Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications. "Web Penetration Testing with Kali Linux" looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises. You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls. On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.
Table of Contents (15 chapters)
Web Penetration Testing with Kali Linux
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

MitM Proxy


MITM Proxy is a great tool for a Penetration Tester to examine the client's vulnerabilities. It allows the administrator to examine the HTTPS connection, halt, examine, and reply traffic. MITM Proxy allows an administrator to alter the request or response from a web server.

MITM Proxy can allow a Penetration Tester to examine the attacks quickly and see what requests and responses are coming from the web browser. MITM Proxy can be launched by going to Kali | Sniffing/Spoofing | Web Sniffers and selecting mitmproxy.

Note

Its recommended to use MITM Proxy when setting up a SET attack, as well as when analyzing the behavior of that attack. You should run SET and MITM Proxy at the same time in a test environment.

Once MitM proxy is loaded, you will need to point your client's web browser to the your Kali server. MITM will display the web requests transactions that occur on the client-side as shown in the following screenshot:

There will be a log of all browser activity going through the...