Kali Linux is a Linux distribution widely used by security professionals. It comes bundled with many tools to effectively perform a security assessment. It has tools categorized based on the different phases of a penetration test such as information gathering, vulnerability analysis, and exploitation phase to name a few. The latest version, Kali 2.0, was released at Black Hat USA 2015. Besides tools used in a network penetration test, Kali Linux also includes tools to perform web application security and database assessment.
Web applications have become an integral part of any network and they need special attention when performing a security assessment. Web penetration testing with Kali Linux is designed to be a guide for network penetration testers who want to explore web application hacking. Our goal in this book is to gain an understanding about the different security flaws that exist in web application and then use selected tools from Kali Linux to identify the vulnerabilities and exploit them.
The chapters in this book are divided based on the steps that are performed during a real-world penetration test. The book starts with describing the different building blocks of a penetration test and then moves on to setting up the lab with Kali 2.0. In subsequent chapters, we follow the steps of a professional penetration tester and identify security flaws using the tools in Kali 2.0.
Chapter 1, Introduction to Penetration Testing and Web Applications, covers the different testing methodologies and rules that security professionals follow when performing an assessment of a web application. We also gain an overview of the building blocks of a web applications and the HTTP protocol.
Chapter 2, Setting up Your Lab with Kali Linux, introduces the changes and improvements in Kali 2.0. We will learn about the different ways to install Kali Linux and also install it in a lab environment. Next we have a walk-through of the important tools in Kali Linux and then set up Tor to connect anonymously.
Chapter 3, Reconnaissance and Profiling the Web Server, focuses on the information gathering phase. We use different tools in Kali Linux to perform passive and active reconnaissance. Next we profile the web server identifying the OS, application version, and additional information that help us in the later stages of the penetration test.
Chapter 4, Major Flaws in Web Applications, covers the different security flaws that affect web applications at various levels. We start by describing the less serious security flaws such as information leakage and then move on to the more severe ones, such as injection flaws. The chapter briefly touches all the major flaws that exist in real-world web applications.
Chapter 5, Attacking the Server Using Injection-based Flaws, is all about command injection and SQL injection flaws. We gain a deep understanding of the command injection flaw and exploit it using Metasploit. We also learn about the attack potential of a SQL injection flaw and use different tools in Kali Linux to exploit it.
Chapter 6, Exploiting Clients Using XSS and CSRF Flaws, focuses on cross-site scripting attack. We learn about the origin of the flaw and different types of XSS. We use different tools in Kali Linux to automate the scanning of the web application for XSS flaws. In the CSRF section we cover the attack methodology and the tools to exploit the flaw.
Chapter 7, Attacking SSL-based Websites, explores the importance of SSL in web applications. We learn different techniques to identify weak SSL implementations and then use the man-in-the-middle technique to hack into an SSL connection.
Chapter 8, Exploiting the Client Using Attack Frameworks, discusses different techniques and tricks to gain control over a client computer. In this chapter we use the Social Engineering Toolkit (SET) from Kali Linux to execute a phishing attack. In the second part of the chapter, we use the Browser exploitation framework (BeEF) to gain control of a user's browser by exploiting a XSS flaw. We also explore the different modules in BeEF.
Chapter 9, AJAX and Web Services – Security Issues, covers security flaws affecting an AJAX application and the challenges faced when performing a security assessment of it. Web services are also introduced in this chapter along with the security issues it faces.
Chapter 10, Fuzzing Web Applications, introduces the different types of fuzzing techniques. We learn the different ways in which fuzzing can identify flaws in web applications. Next we explore different fuzzers in Kali Linux and use Burp intruder to fuzz a web application.
Readers should have a basic understanding of web applications, networking concepts, and penetration testing methodology. This book will include detailed examples of how to execute an attack using the tools offered in Kali Linux. It is not required but beneficial to have experience using previous versions of Kali Linux.
The software requirements for building a lab environment and installing Kali Linux are covered in Chapter 2, Setting up Your Lab with Kali Linux.
If you are already working as a network penetration tester and want to expand your knowledge of web application hacking, then this book tailored for you. Those who are interested in learning more about the Kali Linux 2.0 tools that are used to test web applications will find this book a thoroughly useful and interesting guide.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "The ID could be shared using the GET method or the POST method."
A block of code is set as follows:
<?php
$file = $_GET['file'];
{
include("pages/$file");
}When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
<?php
$file = $_GET['file'];
{
include("pages/$file");
}Any command-line input or output is written as follows:
SELECT columnA FROM tableX WHERE columnE='employee' AND columnF=100;
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Select New context to create a new scope for this URL."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
You can download the example code files from your account at http://www.packtpub.com for all the Packt Publishing books you have purchased. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from http://www.packtpub.com/sites/default/files/downloads/8525OS_ColorImages.pdf.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.