Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Book Image

Web Penetration Testing with Kali Linux 2.0, Second Edition

Overview of this book

Table of Contents (17 chapters)
Web Penetration Testing with Kali Linux Second Edition
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Index

A

  • AJAX
    • about / Introduction to AJAX
    • benefits / Introduction to AJAX
    • building blocks / Building blocks of AJAX
    • JavaScript / Building blocks of AJAX
    • Dynamic HTML (DHTML) / Building blocks of AJAX
    • Document Object Model (DOM) / Building blocks of AJAX
    • workflow / The AJAX workflow
    • security issues / AJAX security issues
    • client-side code, analyzing / Analyzing client-side code – Firebug
  • AJAX applications
    • challenges of pentesting / Challenges of pentesting AJAX applications
    • crawling / Crawling AJAX applications
  • AJAX crawling tool (ACT)
    • about / AJAX crawling tool
    • download link / AJAX crawling tool
    • starting / AJAX crawling tool
  • AJAX engine / The AJAX workflow
  • AJAX spider
    • about / AJAX spider – OWASP ZAP
  • Amap version scan
    • about / The Amap version scan
  • Amazon cloud
    • Kali Linux, installing on / Kali Linux on Amazon cloud
  • API key for Bing
    • URL / The Recon-ng tool – a framework for information gathering
  • applications of fuzzing
    • about / Applications of fuzzing
    • network protocol fuzzing / Network protocol fuzzing
    • file fuzzing / File fuzzing
    • user interface fuzzing / User interface fuzzing
    • web application fuzzing / Web application fuzzing
    • web browser fuzzing / Web browser fuzzing
  • application version fingerprinting
    • about / Application version fingerprinting
    • Nmap version scan / The Nmap version scan
    • Amap version scan / The Amap version scan
  • arbitrary code execution (ACE)
    • about / Exploiting shellshock
  • ARMEL / VMware and ARM images of Kali Linux
  • ARMHF / VMware and ARM images of Kali Linux
  • ARM images
    • of Kali Linux / VMware and ARM images of Kali Linux
  • asymmetric encryption
    • about / Asymmetric encryption versus symmetric encryption
  • asymmetric encryption algorithms
    • Diffie-Hellman key exchange / Asymmetric encryption algorithms
    • Rivest Shamir Adleman (RSA) / Asymmetric encryption algorithms
    • Elliptic Curve Cryptography (ECC) / Asymmetric encryption algorithms
  • attack potentials, of cross-site scripting attacks / Attack potential of cross-site scripting attacks
  • attack types, Burp intruder
    • Sniper / Fuzzing using Burp intruder
    • Battering ram / Fuzzing using Burp intruder
    • Pitchfork / Fuzzing using Burp intruder
    • Cluster bomb / Fuzzing using Burp intruder
  • authentication
    • basic authentication / Basic authentication
    • digest authentication / Digest authentication
    • integrated authentication / Integrated authentication
    • form-based authentication / Form-based authentication
  • authentication flaws
    • about / Authentication protocols and flaws
  • authentication issues
    • about / Authentication issues
  • authentication protocols
    • about / Authentication protocols and flaws
  • auxiliary modules
    • Dir_listing / Testing web servers using auxiliary modules in Metasploit
    • Dir_scanner / Testing web servers using auxiliary modules in Metasploit
    • Enum_wayback / Testing web servers using auxiliary modules in Metasploit
    • Files_dir / Testing web servers using auxiliary modules in Metasploit
    • http_login / Testing web servers using auxiliary modules in Metasploit
    • robots_txt / Testing web servers using auxiliary modules in Metasploit
    • webdav_scanner / Testing web servers using auxiliary modules in Metasploit

B

  • basic authentication
    • about / Basic authentication
  • BBQSQL
    • about / BBQSQL – the blind SQL injection framework
  • BeEF hook
    • injecting, MITM used / Injecting the BeEF hook using MITM
  • BeEF hook injection
    • about / BeEF hook injection
    • browser reconnaissance / Browser reconnaissance
    • exploit modules / Exploit modules
    • host information gathering / Host information gathering
    • persistence module / Persistence module
    • network recon / Network recon
    • Inter-protocol exploitation and communication (IPEC) node / Inter-protocol exploitation and communication
  • browser exploitation framework
    • about / Browser exploitation framework
  • browser exploitation framework (BeEF)
    • about / Browser exploitation framework, Introducing BeEF
    • hook injection / BeEF hook injection
    • mutillidae XSS flaw, exploiting with / Exploiting the mutillidae XSS flaw using BeEF
  • brute forcing credentials
    • about / Brute forcing credentials
  • building blocks, AJAX
    • about / Building blocks of AJAX
  • Burp intruder
    • about / Fuzzing using Burp intruder
    • used, for fuzzing / Fuzzing using Burp intruder
    • setting up / Fuzzing using Burp intruder
    • attack types / Fuzzing using Burp intruder
  • burp proxy
    • used, for attacking path traversal / Attacking path traversal using Burp proxy
  • Burp proxy
    • about / Burp proxy
    • client interception, customizing / Customizing client interception
    • requests, modifying / Modifying requests on the fly
    • with SSL-based websites / Burp proxy with SSL-based websites
    / Tools to analyze tokens
  • Burp spider / The Burp spider
  • Burp suite / Tools to analyze tokens

C

  • CAPTCHA / Cross-site request forgery
  • certificate authority (CA) / SSL encryption process
  • CIA triad
    • confidentiality / SSL in web applications
    • message integrity / SSL in web applications
    • availability / SSL in web applications
  • CMS identification tools
    • about / CMS identification tools
    • Plecost / CMS identification tools
    • Joomscan / CMS identification tools
  • command injection
    • about / Command injection, Command injection
    • parameters, identifying to inject data / Identifying parameters to inject data
    • error-based and blind command injection / Error-based and blind command injection
    • metacharacters, for command separator / Metacharacters for command separator
    • scanning / Scanning for command injection
    • exploiting, Metasploit used / Exploiting command injection using Metasploit
    • PHP shell and Metasploit / PHP shell and Metasploit
    • shellshock, exploiting / Exploiting shellshock
  • command injection, scanning for
    • about / Scanning for command injection
    • cookie file, creating for authentication / Creating a cookie file for authentication
    • Wapiti, executing / Executing Wapiti
  • commands, for meterpreter
    • getsystem / Exploitation – Metasploit
    • download / Exploitation – Metasploit
    • hashdump / Exploitation – Metasploit
    • sysinfo / Exploitation – Metasploit
    • help / Exploitation – Metasploit
  • cookie stealing / Cookie stealing
  • credential harvester attack
    • about / Credential harvester attack
  • cross-site faxing (XSF) module / Inter-protocol exploitation and communication
  • cross-site request forgery (CSRF)
    • about / Cross-site request forgery
    • attack dependencies / Attack dependencies
    • attack methodology / Attack methodology
    • mitigation techniques / CSRF mitigation techniques
  • cross-site request forgery attack (CSRF)
    • about / Cross-site request forgery
  • cross-site scripting
    • about / Cross-site scripting
    • origin / The origin of cross-site scripting
    • overview / An overview of cross-site scripting
    • types / Types of cross-site scripting
  • cross-site scripting (XSS) / The TRACE method
  • cross-site scripting attacks
    • attack potentials / Attack potential of cross-site scripting attacks
  • Cross-site tracing (XST) attack / The TRACE method
  • CSRF flaw
    • testing for / Testing for CSRF flaws
  • CVE-2014-6271
    • about / Command injection

D

  • damn vulnerable web application (DVWA)
    • about / Scanning for command injection
  • database exploitation / Database exploitation
  • defence against, DOM-based XSS / Defence against DOM-based XSS
  • different testing methodology
    • about / Different testing methodologies
    • ethical hacking / Ethical hacking
    • penetration testing / Penetration testing
    • vulnerability assessment / Vulnerability assessment
    • security audit / Security audits
  • digest authentication
    • about / Digest authentication
  • dirb
    • about / Scanning – dirb
  • DirBuster
    • used, in directory browsing / Directory browsing using DirBuster
  • directory browsing
    • about / Directory browsing
    • with DirBuster / Directory browsing using DirBuster
    • comments, in HTML code / Comments in HTML code
    • mitigation / Mitigation
  • Document Object Model (DOM)
    • about / Introduction to JavaScript
  • DOM-based XSS
    • about / DOM-based XSS
    • example / DOM-based XSS
    • defence against / Defence against DOM-based XSS
  • Domain Internet Groper (dig) / Zone transfer using dig
  • domain registration details, reconnaissance
    • about / Domain registration details
    • Whois / Whois – extracting domain information
    • domain information, extracting / Whois – extracting domain information

E

  • ethical hacking
    • about / Ethical hacking
  • evilattacker
    • URL / XSS using the POST Method

F

  • file fuzzing
    • about / File fuzzing
  • file inclusion vulnerability
    • about / File inclusion vulnerability
    • remote file include / Remote file include
    • local file include / Local file include
    • mitigation / Mitigation for file inclusion attacks
  • Firebug
    • about / Analyzing client-side code – Firebug
    • URL / Analyzing client-side code – Firebug
    • Script panel / The Script panel
    • Console panel / The Console panel
    • Network panel / The Network panel
  • firewalls and IPS, evading with Nmap
    • ACK scan / Evading firewalls and IPS using Nmap
    • hardcoded source port, in firewall rules / Evading firewalls and IPS using Nmap
    • custom packet size / Evading firewalls and IPS using Nmap
    • custom MTU / Evading firewalls and IPS using Nmap
    • MAC address spoofing / Evading firewalls and IPS using Nmap
  • form-based authentication
    • about / Form-based authentication
  • fuzzdb
    • reference / Fuzzing using Burp intruder
  • fuzzer frameworks
    • about / Fuzzer frameworks
    • SPIKE / Fuzzer frameworks
    • Peach / Fuzzer frameworks
    • Sulley / Fuzzer frameworks
  • fuzzing
    • about / Fuzzing basics
    • basics / Fuzzing basics
    • advantages / Fuzzing basics
    • disadvantages / Fuzzing basics
    • types / Types of fuzzing techniques
    • mutation fuzzing / Mutation fuzzing
    • generation fuzzing / Generation fuzzing
    • applications of fuzzing / Applications of fuzzing
  • fuzzing input, in web applications
    • about / Fuzzing input in web applications
    • request URI / Request URI
    • headers / Headers
    • form fields / Form fields
  • fuzzing steps
    • about / Fuzzing steps

G

  • generation-based fuzzers
    • about / Generation fuzzing
  • Geocoder and reverse geocoder / Reporting modules
  • Gramm-Leach-Bliley Act (GLBA) / Sensitive data handling

H

  • hacker
    • about / Who is a hacker?
  • hacking
    • about / Who is a hacker?
  • hard drive
    • Kali Linux, installing on / Installing Kali Linux on a hard drive
  • hashing functions
    • about / Hashing for message integrity
  • Health Insurance Portability and Accountability Act (HIPAA) / Sensitive data handling
  • Hip Hop Virtual machine (HHVM) / The HTTP header
  • hosts, identifying with DNS
    • about / Identifying hosts using DNS
    • zone transfer, using dig / Zone transfer using dig
    • brute force DNS records, using Nmap / Brute force DNS records using Nmap
  • HTTP error codes
    • reference / Detecting result of fuzzing
  • HTTP methods, for penetration testing
    • GET method / The GET/POST method
    • POST method / The GET/POST method
    • HEAD method / The HEAD method
    • TRACE method / The TRACE method
    • PUT method / The PUT and DELETE methods
    • DELETE method / The PUT and DELETE methods
    • OPTIONS method / The OPTIONS method
  • HTTP parameter pollution
    • about / HTTP parameter pollution
    • mitigation / Mitigation
  • HTTP response splitting
    • about / HTTP response splitting
    • mitigation / Mitigation
  • HTTP Strict Transport Security (HSTS) / SSL stripping limitations
  • Hydra
    • about / Hydra – a brute force password cracker

I

  • improvements, in Kali Linux 2.0
    • continuous rolling updates / Improvements in Kali Linux 2.0
    • frequent tool updates / Improvements in Kali Linux 2.0
    • revamped desktop environment / Improvements in Kali Linux 2.0
    • support, for various hardware platforms / Improvements in Kali Linux 2.0
    • major tool changes / Improvements in Kali Linux 2.0
  • information gathering, reconnaissance
    • about / Reconnaissance – information gathering
    • domain registration details / Domain registration details
    • hosts, identifying with DNS / Identifying hosts using DNS
    • Recon-ng tool / The Recon-ng tool – a framework for information gathering
  • information leakage
    • about / Information leakage
  • injection-based flaws
    • about / Injection-based flaws
    • command injection / Command injection
    • SQL injection / SQL injection
  • installation, Kali Linux
    • about / Installing Kali Linux
    • on USB drive / USB mode
    • on Amazon cloud / Kali Linux on Amazon cloud
    • on hard drive / Installing Kali Linux on a hard drive
  • integrated authentication
    • about / Integrated authentication
  • Internet Assigned Numbers Authority (IANA) / Application version fingerprinting
  • IPInfoDB GeoIP / Reporting modules

J

  • Java applet attack
    • about / Java applet attack
  • JavaScript
    • about / Introduction to JavaScript
  • JavaScript, in HTML code
    • script tag / Introduction to JavaScript
    • body tag / Introduction to JavaScript
    • image tag / Introduction to JavaScript
  • Joomscan
    • about / CMS identification tools

K

  • Kali Linux
    • about / Kali Linux
    • installing / Installing Kali Linux
    • installing, on USB drive / USB mode
    • URL, for downloading / USB mode
    • installing, on Amazon cloud / Kali Linux on Amazon cloud
    • installing, on hard drive / Installing Kali Linux on a hard drive
    • virtualization, versus installation on physical hardware / Kali Linux-virtualizing versus installing on physical hardware
    • tools / Important tools in Kali Linux
  • Kali Linux 2.0
    • improvements / Improvements in Kali Linux 2.0
  • Kali Linux image, Amazon marketplace
    • reference link / Kali Linux on Amazon cloud
  • key logger / Key logger

L

  • LinkedIn authenticated contact enumerator / Reporting modules
  • Linux Unified Key Setup (LUKS)
    • about / USB mode
  • load balancers
    • identifying / Identifying load balancers, Other ways of identifying load balancers
    • cookie-based load balancer / Cookie-based load balancer
  • load balancers, identifying
    • SSL differences between servers, analyzing / Other ways of identifying load balancers
    • different URL, redirecting to / Other ways of identifying load balancers
    • DNS records, for load balancers / Other ways of identifying load balancers
    • load balancer detector / Other ways of identifying load balancers
    • web application firewall (WAF) / Other ways of identifying load balancers
  • local file include / Local file include

M

  • Mail exchanger (MX) / Zone transfer using dig
  • man-in-the-middle attack (MITM) / Sniffing tokens and man-in-the-middle attacks
  • man in the middle attack (MITM)
    • about / SSL man-in-the-middle attack
  • metasploit browser exploit
    • about / Metasploit browser exploit
  • meterpreter
    • commands / Exploitation – Metasploit
    • about / Exploitation – Metasploit
  • modes, Zed Attack Proxy (ZAP)
    • safe mode / Modes of operation
    • protected mode / Modes of operation
    • standard mode / Modes of operation
  • multi-tier web application
    • about / Multi-tier web application
    • presentation layer / Multi-tier web application
    • application layer / Multi-tier web application
    • data access layer / Multi-tier web application
  • mutation fuzzers
    • about / Mutation fuzzing
  • mutation fuzzing
    • about / Mutation fuzzing
  • Mutillidae
    • reference link / Attacking path traversal using Burp proxy
  • mutillidae
    • about / Exploiting the mutillidae XSS flaw using BeEF

N

  • netcat (nc) utility / The OPTIONS method
  • Netcraft hostname enumerator / Reporting modules
  • network protocol fuzzing
    • about / Network protocol fuzzing
  • Nikto
    • about / Nikto
    • features / Nikto
  • Nmap version scan
    • about / The Nmap version scan

O

  • open source intelligence (OSINT) gathering / Reconnaissance – information gathering
  • OpenSSL command-line tool
    • about / OpenSSL command-line tool
  • OpenVAS
    • about / OpenVAS
  • Open Web Application Security Project (OWASP)
    • about / WebScarab and Zed Attack Proxy
  • OWASP
    • URL / Testing for CSRF flaws
  • OWASP broken web applications
    • reference link / Attacking path traversal using Burp proxy
  • OWASP ZAP
    • about / AJAX spider – OWASP ZAP

P

  • passive reconnaissance
    • versus active reconnaissance / Passive reconnaissance versus active reconnaissance
  • path traversal
    • about / Path traversal
    • attacking, burp proxy used / Attacking path traversal using Burp proxy
    • mitigation / Mitigation
  • Payment Card Industry (PCI) / The need for testing web applications
  • penetration testing / Proactive security testing
    • about / Penetration testing
    • limitations / The limitations of penetration testing
    • Tor, using for / Using Tor for penetration testing
  • persistent XSS
    • about / Persistent XSS
  • PHP shell
    • about / PHP shell and Metasploit
  • pinata-csrf-tool
    • URL / Testing for CSRF flaws
  • Plecost
    • about / CMS identification tools
  • plugins, w3af
    • crawl / Plugins
    • audit / Plugins
    • grep / Plugins
    • infrastructure / Plugins
    • output / Plugins
    • auth / Plugins
  • port scanning, using Nmap
    • about / Port scanning using Nmap
    • different options for port scan / Different options for port scan
    • firewalls and IPS, evading with Nmap / Evading firewalls and IPS using Nmap
    • firewall, spotting with back checksum option / Spotting a firewall using back checksum option in Nmap
  • POST method
    • used, for executing XSS / XSS using the POST Method
  • PowerFuzzer
    • about / PowerFuzzer tool
  • prerequisites, for brute forcing login page
    • host / Hydra – a brute force password cracker
    • method / Hydra – a brute force password cracker
    • URL / Hydra – a brute force password cracker
    • form parameters / Hydra – a brute force password cracker
    • failure response / Hydra – a brute force password cracker
    • list of username / Hydra – a brute force password cracker
    • password dictionary / Hydra – a brute force password cracker
    • threads / Hydra – a brute force password cracker
    • timeout period / Hydra – a brute force password cracker
    • output file / Hydra – a brute force password cracker
  • Privoxy
    • setting up / Steps to set up Tor and connect anonymously
  • proactive security testing
    • about / Proactive security testing
    • hacker / Who is a hacker?
    • different testing methodology / Different testing methodologies
  • ProxyStrike
    • about / ProxyStrike
  • Pushin modules
    • about / Reporting modules
    • Twitter geolocation search / Reporting modules
    • Flickr geolocation search / Reporting modules

R

  • Recon-ng tool
    • about / The Recon-ng tool – a framework for information gathering
    • domain enumeration / Domain enumeration using recon-ng
    • top-level domain enumeration / Sub-level and top-level domain enumeration
    • sub-level domain enumeration / Sub-level and top-level domain enumeration
    • modules, reporting / Reporting modules
  • reconnaissance
    • about / Reconnaissance
    • aim / Reconnaissance
    • passive reconnaissance, versus active reconnaissance / Passive reconnaissance versus active reconnaissance
    • information gathering / Reconnaissance – information gathering
  • reconnaissance modules, in Recon-ng
    • Netcraft hostname enumerator / Reporting modules
    • SSL SAN lookup / Reporting modules
    • LinkedIn authenticated contact enumerator / Reporting modules
    • IPInfoDB GeoIP / Reporting modules
    • Yahoo! hostname enumerator / Reporting modules
    • Geocoder and reverse geocoder / Reporting modules
    • Pushin modules / Reporting modules
  • reflected XSS
    • about / Reflected XSS
  • reflected XSS flaw / Cross-site scripting
  • Regional Internet Registrars (RIR) / Whois – extracting domain information
  • remote file include / Remote file include
  • request header / The request header
  • response header / The response header
  • REST
    • about / Web services
  • RESTful web services
    • about / Introducing SOAP and RESTful web services
    • features / Introducing SOAP and RESTful web services
  • rules of engagement (RoE)
    • about / Rules of engagement
    • black box testing / Black box testing or Gray box testing
    • gray box testing / Black box testing or Gray box testing
    • client contact details / Client contact details
    • client IT team notifications / Client IT team notifications
    • sensitive data handling / Sensitive data handling
    • status meeting / Status meeting

S

  • scanning
    • about / Scanning – probing the target
    • target, probing / Scanning – probing the target
    • port scanning, using Nmap / Port scanning using Nmap
    • operating system, identifying with Nmap / Identifying the operating system using Nmap
    • server, profiling / Profiling the server
  • scanning, for XSS flaws
    • about / Scanning for XSS flaws
    • Zed Attack Proxy (ZAP) / Zed Attack Proxy
    • xsser / Xsser, Features
    • w3af / W3af
  • second-level domains (SLDs) / Sub-level and top-level domain enumeration
  • secure hashing algorithm (SHA)
    • about / Hashing for message integrity
  • secure socket layer (SSL)
    • about / Secure socket layer
    • in web applications / SSL in web applications
    • encryption process / SSL encryption process
    • asymmetric encryption, versus symmetric encryption / Asymmetric encryption versus symmetric encryption
    • hashing, for message integrity / Hashing for message integrity
    • weak SSL implementations, identifying / Identifying weak SSL implementations
    • man in the middle attack (MITM) / SSL man-in-the-middle attack
  • security audit
    • about / Security audits
  • security issues, AJAX
    • about / AJAX security issues
    • increase in attack surface / Increase in attack surface
    • exposed programming logic of application / Exposed programming logic of the application
    • insufficient access control / Insufficient access control
  • sequencer / Tools to analyze tokens
  • server, profiling
    • about / Profiling the server
    • application version fingerprinting / Application version fingerprinting
    • web application framework, fingerprinting / Fingerprinting the web application framework
    • virtual hosts, identifying / Identifying virtual hosts
    • load balancers, identifying / Identifying load balancers
    • web servers, scanning for vulnerabilities / Scanning web servers for vulnerabilities and misconfigurations
    • web applications, spidering / Spidering web applications
  • session-based flaws
    • about / Session-based flaws
  • session fixation attack
    • about / Session fixation attack
    • mitigation / Mitigation for session fixation
  • session tokens
    • sharing, between application and browser / Session token sharing between application and browser
  • session tracking, using cookies
    • about / Session tracking using cookies
    • cookie / Cookie
    • cookie flow between server and client / Cookie flow between server and client
    • non-persistent cookies / Persistent and non-persistent cookies
    • persistent cookies / Persistent and non-persistent cookies
    • cookie parameters / Cookie parameters
  • shellshock
    • exploiting / Exploiting shellshock
    • about / Exploiting shellshock
    • overview / Overview of shellshock
    • scanning, with dirb / Scanning – dirb
    • exploiting, with Metasploit / Exploitation – Metasploit
  • shellshock bug
    • about / Command injection
  • Skipfish
    • about / Skipfish
  • Skipfish web application scanner / Vulnerability scanning and graphical reports – the Skipfish web application scanner
  • SOAP
    • about / Introducing SOAP and RESTful web services
    • advantages / Introducing SOAP and RESTful web services
  • social engineering attacks
    • about / Social engineering attacks, Social engineering attacks
    • e-mail spoofing / Social engineering attacks
    • telephone attacks / Social engineering attacks
    • dumpster diving / Social engineering attacks
    • malicious USB drives / Social engineering attacks
    • employees, training to defeat / Training employees to defeat social engineering attacks
    • phishing e-mails / Social engineering attacks
    • adware and malware / Social engineering attacks
    • phishing websites / Social engineering attacks
  • social engineering toolkit (SET)
    • about / Social engineering toolkit
  • spear-phishing attack
    • about / Spear-phishing attack
  • Sprajax
    • about / Sprajax
    • reference / Sprajax
  • SQL injection
    • about / SQL injection, SQL injection
    • SQL statements / SQL statements
    • flaw, manipulating / Attack potential of the SQL injection flaw
    • error-handling / Blind SQL injection
    • testing methodology / SQL injection testing methodology
    • scanning for / Scanning for SQL injection
    • information gathering / Information gathering
    • exploitation, automating with sqlmap / Sqlmap – automating exploitation
    • BBQSQL / BBQSQL – the blind SQL injection framework
    • sqlsus / Sqlsus – MySQL injection
    • sqlninja / Sqlninja – MS SQL injection
  • sqlmap
    • about / Sqlmap – automating exploitation
    • features / Sqlmap – automating exploitation
  • sqlninja
    • about / Sqlninja – MS SQL injection
    • features / Sqlninja – MS SQL injection
  • SQL statements
    • about / SQL statements
    • UNION operator / The UNION operator
    • SQL query example / The SQL query example
  • sqlsus
    • about / Sqlsus – MySQL injection
  • SSL configuration
    • testing, with Nmap / Testing SSL configuration using Nmap
  • SSL MITM tools
    • about / SSL MITM tools in Kali Linux
    • SSLsplit / SSLsplit
    • SSLstrip / SSLstrip
  • SSL SAN lookup / Reporting modules
  • SSLScan
    • about / SSLScan
  • SSL Server Test
    • about / Testing SSL configuration using Nmap
    • URL / Testing SSL configuration using Nmap
  • SSLsplit
    • about / SSLsplit
  • SSLstrip
    • about / SSLstrip
    • limitations / SSL stripping limitations
  • SSLyze
    • about / SSLyze
  • stored XSS flaws / Cross-site scripting
  • structured query language (SQL) / Multi-tier web application
  • Sulley framework
    • reference / Fuzzer frameworks
  • symmetric encryption
    • about / Asymmetric encryption versus symmetric encryption
  • symmetric encryption algorithm
    • about / Symmetric encryption algorithm
    • block cipher / Symmetric encryption algorithm
    • stream cipher / Symmetric encryption algorithm
    • Data encryption Standard (DES) / Symmetric encryption algorithm
    • Advance Encryption standard (AES) / Symmetric encryption algorithm
    • International Data Encryption Algorithm (IDEA) / Symmetric encryption algorithm
    • Rivest Cipher 4 (RC4) / Symmetric encryption algorithm

T

  • tabnabbing attack
    • about / Tabnabbing attack
  • The Hacker's Choice (THC)
    • about / The Amap version scan
  • tokens, stealing
    • ways / Different ways to steal tokens
    • brute forcing tokens / Brute forcing tokens
    • sniffing / Sniffing tokens and man-in-the-middle attacks
    • man-in-the-middle attack (MITM) / Sniffing tokens and man-in-the-middle attacks
    • XSS attack used / Stealing session tokens using XSS attack
  • tools, for analyzing tokens / Tools to analyze tokens
  • tools, Kali Linux
    • about / Important tools in Kali Linux
    • web application proxies / Web application proxies
    • web vulnerability scanner / Web vulnerability scanner
    • CMS identification tools / CMS identification tools
    • web application fuzzers / Web application fuzzers
  • top-level domains (TLDs) / Sub-level and top-level domain enumeration
  • Tor
    • using, for penetration testing / Using Tor for penetration testing
    • setting up / Steps to set up Tor and connect anonymously
    • used, for visualizing web request / Visualization of a web request through Tor
    • overview / Final words for Tor
  • types, cross-site scripting
    • about / Types of cross-site scripting
    • persistent XSS / Persistent XSS
    • reflected XSS / Reflected XSS
    • DOM-based XSS / DOM-based XSS

U

  • USB drive
    • Kali Linux, installing on / USB mode
  • user interface fuzzing
    • about / User interface fuzzing

V

  • virtual hosts
    • identifying / Identifying virtual hosts
    • locating, with search engines / Locating virtual hosts using search engines
    • lookup module, in Recon-ng / The virtual host lookup module in Recon-ng
  • virtual private network (VPN) / Secure socket layer
  • VMware images
    • of Kali Linux / VMware and ARM images of Kali Linux
  • vulnerability assessment
    • about / Vulnerability assessment
  • vulnerable bank application
    • reference link / Cross-site request forgery

W

  • w3af
    • about / W3af
    • plugins / Plugins
    • graphical interface / Graphical interface
  • weak SSL implementations
    • identifying / Identifying weak SSL implementations
    • identifying, with OpenSSL command-line tool / OpenSSL command-line tool
    • identifying, with SSLScan / SSLScan
    • identifying, with SSLyze / SSLyze
  • Web application firewall (WAF) / Status meeting
  • web application framework, fingerprinting
    • about / Fingerprinting the web application framework
    • HTTP header / The HTTP header
    • Whatweb scanner / The Whatweb scanner
  • web application fuzzers
    • about / Web application fuzzers
  • web application fuzzers, in Kali Linux
    • about / Web application fuzzers in Kali Linux
  • web application fuzzing
    • about / Web application fuzzing
  • web application overview, for penetration testers
    • about / A web application overview for penetration testers
    • HTTP protocol / HTTP protocol
    • response header / Request and response header, The response header
    • request header / The request header
    • HTTP methods / Important HTTP methods for penetration testing
    • session tracking, using cookies / Session tracking using cookies
    • HTML data, in HTTP response / HTML data in HTTP response
    • multi-tier web application / Multi-tier web application
  • web application proxies
    • about / Web application proxies
    • Burp proxy / Burp proxy
    • WebScarab / WebScarab and Zed Attack Proxy
    • Zed Access Proxy (ZAP) / WebScarab and Zed Attack Proxy
    • ProxyStrike / ProxyStrike
  • web applications
    • testing / The need for testing web applications
    • testing, fuzzing used / Testing web applications using fuzzing
    • fuzzing input / Fuzzing input in web applications
    • result of fuzzing, detecting / Detecting result of fuzzing
  • web applications, spidering
    • about / Spidering web applications
    • Burp spider / The Burp spider
    • application login / Application login
  • web browser fuzzing
    • about / Web browser fuzzing
  • Web Crawler / Web Crawler – Dirbuster
  • web jacking attack
    • about / Web jacking attack
  • web request
    • visualizing, through Tor / Visualization of a web request through Tor
  • WebScarab
    • about / WebScarab and Zed Attack Proxy
  • Webscarab / Tools to analyze tokens
  • web servers, scanning
    • about / Scanning web servers for vulnerabilities and misconfigurations
    • HTTP methods, identifying with Nmap / Identifying HTTP methods using Nmap
    • web servers, testing with auxiliary modules / Testing web servers using auxiliary modules in Metasploit
    • scan, automating with WMAP web scanner plugin / Automating scanning using the WMAP web scanner plugin
    • vulnerability scanning / Vulnerability scanning and graphical reports – the Skipfish web application scanner
  • web services
    • about / Web services
    • SOAP / Introducing SOAP and RESTful web services
    • RESTful web services / Introducing SOAP and RESTful web services
    • securing / Securing web services
    • insecure direct object reference vulnerability / Insecure direct object reference vulnerability
  • website attack
    • about / Website attack
    • Java applet attack / Java applet attack
    • credential harvester attack / Credential harvester attack
    • web jacking attack / Web jacking attack
    • metasploit browser exploit / Metasploit browser exploit
    • tabnabbing attack / Tabnabbing attack
  • website defacing / Website defacing
  • web vulnerability scanner
    • about / Web vulnerability scanner
    • Nikto / Nikto
    • Skipfish / Skipfish
    • Web Crawler / Web Crawler – Dirbuster
    • OpenVAS / OpenVAS
    • database exploitation / Database exploitation
  • Whois
    • about / Whois – extracting domain information

X

  • XSS
    • executing, POST method used / XSS using the POST Method
  • XSS, combining with JavaScript
    • about / XSS and JavaScript – a deadly combination
    • cookie stealing / Cookie stealing
    • key logger / Key logger
    • website defacing / Website defacing
  • XSS attack
    • about / An overview of cross-site scripting
    • example / An overview of cross-site scripting
  • xsser
    • about / Xsser
    • features / Features
    • graphical interface / Features
  • XSS vulnerabilities
    • stored XSS flaws / Cross-site scripting
    • reflected XSS flaw / Cross-site scripting

Y

  • Yahoo! hostname enumerator / Reporting modules

Z

  • Zed Access Proxy (ZAP)
    • about / WebScarab and Zed Attack Proxy
  • Zed Attack Proxy (ZAP)
    • about / Tools to analyze tokens, Zed Attack Proxy
    • nodes, scoping / Scoping and selecting modes
    • nodes, selecting / Scoping and selecting modes
    • modes / Modes of operation
    • scan policy, defining / Scan policy and attack