Index
A
- Acunetix,
- reference / Performing an internal port scan to the backend
- Android
- setting up, for working with Burp Suite / Setting up Android to work with Burp Suite
- proxy, setting up / Setting up Android to work with Burp Suite
- application pentest
- stages / Stages of an application pentest
- attack types
- authentication / Remembering about authentication
- authentication method analysis
- about / Authentication method analysis
- weak storage for credentials / Weak storage for credentials
- predictable login credentials / Predictable login credentials
- session IDs exposed, in URL / Session IDs exposed in the URL
- Session IDs issue / Session IDs susceptible to session fixations attacks
- session destruction, checking / The session is not destructed after the logout
- passive scanning / Sensitive information sent via unprotected channels
B
- Blind SQL injection
- discovering / Discovering Blind SQL injection
- automatic scan / Automatic scan
- SQLMap detection / SQLMap detection
- Intruder detection / Intruder detection
- Intruder detection exploitation / Exploitation
- Boolean-based SQL injection
- data extrafiltration / Data exfiltration via a blind Boolean-based SQL injection
- vulnerability, exploiting / Data exfiltration via a blind Boolean-based SQL injection
- broken authentication
- detecting / Detecting broken authentication
- weak storage for credentials, detecting / Detecting weak storage for credentials
- predictable login credentials, detecting / Detecting predictable login credentials
- session IDs, exposing in URL / Session IDs exposed in the URL
- Session IDs issue / Session IDs susceptible to session fixation attacks
- time out implementation / Time out implementation
- session destruction, checking / Session is not destructed after logout
- browser add-ons
- used, for managing proxy settings / Additional browser add-ons that can be used to manage proxy settings
- FoxyProxy / FoxyProxy for Firefox
- Proxy SwitchySharp / Proxy SwitchySharp for Google Chrome
- brute forcing, on forms
- about / Brute forcing forms
- automation, with Burp Suite / Automation with Burp Suite
- bug bounty
- versus client-initiated pentest / Differences between a bug bounty and a client-initiated pentest
- Burp Auditor
- about / Auditor/Scanner
- issue categories / Auditor/Scanner
- insertion points / Understanding the insertion points
- Burp Auditor/Scanner / Auditor/Scanner
- Burp crawler / Types and features, Crawling
- Burp Intruder
- used, for brute forcing login pages / Brute forcing login pages using Burp Intruder
- Burp Suite
- exploring / Getting to know Burp Suite
- target scopes, creating / Creating target scopes in Burp Suite
- proxy options, setting up in Firefox / Setting up Firefox to work with Burp Suite (HTTP and HTTPS)
- proxy options, setting up in Chrome / Setting up Chrome to work with Burp Suite (HTTP and HTTPS)
- proxy options, setting up in Internet Explorer / Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS)
- proxy options, setting up in Android / Setting up Android to work with Burp Suite
- proxy options, setting up in iOS / Setting up iOS to work with Burp Suite
- advantages / Why Burp Suite? Let's cover some groundwork!
- inbuilt tools / Types and features
- tool segregation / Types and features
- Audit / Types and features
- features / Getting to know Burp Suite better, Features of Burp Suite
- used, for content and file discovery / Using Burp for content and file discovery
- authentication, testing via / Testing for authentication via Burp
- used, for brute forcing login pages / Brute forcing login pages using Burp Intruder
- used, for performing exfiltration / Performing exfiltration using Burp Suite
- used, for performing out-of-data extraction / Using Burp Suite to exploit the vulnerability
- Burp Suite API
- reference / Burp Suite's API
- Burp Suite collaborator
- used, for performing out-of-data extraction / Performing out-of-data extraction using XXE and Burp Suite collaborator
- Burp Suite extension
- writing / Writing a Burp Suite extension
- API / Burp Suite's API
- used, for modifying user-agent / Modifying the user-agent using an extension
- executing / Executing the extension
- Burp Suite Scanner
- need for / Why Burp Suite Scanner?
- Burp Suite Sequencer
- reference / Sequencer
C
- Certificate Authority (CA) / Setting up proxy listeners
- Chrome
- setting up, for working with Burp Suite / Setting up Chrome to work with Burp Suite (HTTP and HTTPS)
- proxy options, setting up / Setting up Chrome to work with Burp Suite (HTTP and HTTPS)
- proxy options, setting up on Linux / Setting up Chrome proxy options on Linux
- Clickbandit / Types and features
- collaborator client / Types and features
- comparer / Types and features
- content management systems (CMS) / Using Intruder
- crawling / Crawling
- Cross-Site Port Attack (XSPA) / Using SSRF/XSPA to perform internal port scans
- Cross-Site Request Forgery (CSRF) / Detecting CSRF, Detecting CSRF using Burp Suite, Steps for detecting CSRF using Burp Suite
- crypto vulnerabilities
- exploiting / Exploiting crypto vulnerabilities
D
- database management system (DBMS) / CO2 detection, Data exfiltration via a blind Boolean-based SQL injection
- decoder / Types and features
- development environment
- setting up / Setting up the development environment
- directory listings
- about / Directory listings
- scanning / Scanning
- application, mapping / Mapping the application
- Intruder, using / Using Intruder
- Document Object Model (DOM) / Auditor/Scanner
E
- EsPReSSO / Detecting SSO protocols
F
- features, Burp Suite
- file upload restrictions
- bypassing / Bypassing file upload restrictions
- Firefox
- setting up, for working with Burp Suite / Setting up Firefox to work with Burp Suite (HTTP and HTTPS)
- proxy options, setting up / Setting up Firefox to work with Burp Suite (HTTP and HTTPS)
- FoxyProxy
- about / Setting up Firefox to work with Burp Suite (HTTP and HTTPS)
- for Firefox / FoxyProxy for Firefox
- setting up / FoxyProxy for Firefox
H
- HTTP basic authentication
- brute forcing / Brute forcing HTTP basic authentication
- brute forcing, with Burp Suite / Brute forcing it with Burp Suite
I
- inferential SQL injection
- Boolean-based blind SQL injection / Data exfiltration via a blind Boolean-based SQL injection
- time-based blind SQL injection / Data exfiltration via a blind Boolean-based SQL injection
- information gathering
- performing / Performing information gathering
- port scanning / Port scanning
- authentication weaknesses, discovering / Discovering authentication weaknesses
- authentication method analysis / Authentication method analysis
- insecure deserialization
- detecting / Detecting insecure deserialization
- Java deserialization scanner / Java Deserialization Scanner
- Insecure Direct Object Reference (IDOR)
- about / Detecting Insecure Direct Object References
- detecting / Detecting Insecure Direct Object References
- flaws, used for data extraction / Extracting data using Insecure Direct Object Reference (IDOR) flaws
- exploiting, with Burp Suite / Exploiting IDOR with Burp Suite
- integrated development environments (IDE) / Default credentials
- internal port scans
- performing, SSRF/XSPA used / Using SSRF/XSPA to perform internal port scans
- performing, to backend / Performing an internal port scan to the backend
- Internet Explorer
- setting up, for working with Burp Suite / Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS)
- proxy options, setting up / Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS)
- Intruder / Types and features
- intrusion prevention systems (IPS) / Performing an internal port scan to the backend
- iOS
- setting up, for working with Burp Suite / Setting up iOS to work with Burp Suite
- proxy options, setting up / Setting up iOS to work with Burp Suite
- issues, OAuth-related issues
- insecure storage secrets / Detecting OAuth-related issues
- lack of confidentiality / Detecting OAuth-related issues
- URL redirection / Detecting OAuth-related issues
J
- Java Developer Kit (JDK) / Setting up the development environment
- Java virtual machine (JVM) / Setting up the development environment
- JFrame / Detecting insecure deserialization
- JRuby
- reference / Extender
- Jython JAR
- reference / Extender
L
- Linux
- Chrome proxy options, setting up / Setting up Chrome proxy options on Linux
M
- Man in the Middle (MITM) / Setting up proxy listeners
- manual testing, application pentest
- business logic flows /
- second order SQL injection / Second-order SQL injection
- cryptographic parameters, presenting / Pentesting cryptographic parameters
- privilege escalation / Privilege escalation
- sensitive information disclosures / Sensitive information disclosures
- men in the middle (MITM) attack / Brute forcing HTTP basic authentication
- Metasploit
- reference / Bypassing type restrictions
- multiple proxy listeners
- managing / Managing multiple proxy listeners
N
- NetBeans
- reference / Setting up the development environment
- Nmap
- reference / Exploiting the vulnerability
- non-proxy-aware clients
- working with / Working with non-proxy-aware clients
- system-wide proxy, setting up / Setting system-wide proxy for non-proxy-aware clients
O
- OAuth-related issues
- detecting / Detecting OAuth-related issues
- SSO protocols, detecting / Detecting SSO protocols
- detecting, with Burp Suite / Detecting OAuth issues using Burp Suite
- redirections / Redirections
- insecure storage / Insecure storage
- online retailers / Large online retailers
- OS command injection detection
- about / Detecting OS command injection
- manual detection / Manual detection
- OS commands
- executing, with SQL injection / Executing OS commands using an SQL injection, The vulnerability
- executing, with insecure deserialization / Using insecure deserialization to execute OS commands, Exploiting the vulnerability
- out-of-band command injection
- executing / Executing an out-of-band command injection
- SHELLING / SHELLING
- OWASP Broken Web Application
- setting up / Setting up OWASP Broken Web Application
P
- penetration test
- initiating / Initiating a penetration test
- PortSwigger
- reference / Getting to know Burp Suite
- proxy listener
- setting up / Setting up proxy listeners
- redirect to port / Setting up proxy listeners
- redirect to host / Setting up proxy listeners
- force use of SSL / Setting up proxy listeners
- proxy listeners
- setting up / Setting up proxy listeners
- proxy settings
- managing, with browser add-ons / Additional browser add-ons that can be used to manage proxy settings
- Proxy SwitchySharp
R
- reconnaissance
- used, for files discovery / Reconnaissance and file discovery
- repeater / Types and features
S
- scanner / Types and features
- Scope option / Performing information gathering
- security misconfigurations
- detecting / Detecting security misconfigurations
- unencrypted communications / Unencrypted communications and clear text protocols
- clear text protocols / Unencrypted communications and clear text protocols
- default credentials / Default credentials, Default credentials
- unattended installations / Unattended installations
- information, testing / Testing information
- default pages / Default pages, Default pages
- exploiting / Exploiting security misconfigurations
- directory listing / Directory listings
- untrusted HTTP methods / Untrusted HTTP methods
- sequencer / Types and features
- server files
- extracting, with XXE vulnerabilities / Extracting server files using XXE vulnerabilities
- Server Side Request Forgery (SSRF)
- detecting / Detecting SSRF
- Server Side Template Injection (SSTI)
- about / Detecting SSTI
- detecting / Detecting SSTI
- session credentials
- stealing, with XSS / Stealing session credentials using XSS, Exploiting the vulnerability
- settings
- configuring / Quick settings before beginning
- SQL injection
- authentication page, testing for / Testing for authentication page for SQL injection
- in-band SQL injection / Data exfiltration via a blind Boolean-based SQL injection
- inferential / Data exfiltration via a blind Boolean-based SQL injection
- out-of-band SQL injection / Data exfiltration via a blind Boolean-based SQL injection
- used, for executing OS commands / Executing OS commands using an SQL injection, The vulnerability
- SQL injection flaws detection
- about / Detecting SQL injection flaws
- manual detection / Manual detection
- scanner detection / Scanner detection
- CO2 detection / CO2 detection
- SQL injection vulnerability
- exploiting / The vulnerability, The exploitation
- exfiltration, performing with Burp Suite / Performing exfiltration using Burp Suite
- sqlmap
- about / Detecting SQL injection flaws
- reference / CO2 detection
- SQLMap detection
- about / SQLMap detection
- entry points, checking / Looking for entry points
- using / Using SQLMap
- SSRF/XSPA
- used, for performing internal port scans / Using SSRF/XSPA to perform internal port scans
- used, for data extraction / Using SSRF/XSPA to extract data from internal machines
- SSTI vulnerabilities
- exploiting, foe server command execution / Exploiting SSTI vulnerabilities to execute server commands
- exploiting, with Burp Suite / Using Burp Suite to exploit the vulnerability
- stages, application pentest
- planning and reconnaissance / Planning and reconnaissance
- client-end code analysis / Client-end code analysis
- manual testing / Manual testing
- automated testing / Automated testing
- automated testing, advantages / Automated testing
- discovered issues, exploiting / Exploiting discovered issues
- data exfiltration, exploring / Digging deep for data exfiltration
- shells, taking / Taking shells
- reporting / Reporting
- subtabs, Intruder
- system-wide proxy
- setting, for non-proxy-aware clients / Setting system-wide proxy for non-proxy-aware clients
- using, on Linux / Linux or macOS X
- setting up, on macOS X / Linux or macOS X
- setting up, on Windows / Windows
T
- target exclusions
- working with / Working with target exclusions
- Task type
- Twig
- reference / Using Burp Suite to exploit the vulnerability
- type restrictions
- bypassing / Bypassing type restrictions
U
- user-agent
- modifying, with extension / Modifying the user-agent using an extension
- creating / Creating the user-agents (strings)
- GUI, creating / Creating the GUI
- operation / The operation
W
- Web Application Firewalls (WAF) / Auditor/Scanner
X
- XML-related issues
- detecting / Detecting XML-related issues, such as XXE
- XML External Entity (XXE)
- detecting / Detecting XML-related issues, such as XXE
- used, for performing out-of-data extraction / Performing out-of-data extraction using XXE and Burp Suite collaborator
- XSS
- vulnerabilities, detecting / Detecting XSS vulnerabilities
- used, for stealing session credentials / Stealing session credentials using XSS, Exploiting the vulnerability
- used, for controlling user's browser / Taking control of the user's browser using XSS
- Xtreme Vulnerable Web Application
- setting up / Setting up Xtreme Vulnerable Web Application
- reference / Setting up Xtreme Vulnerable Web Application
- XXE vulnerabilities
- used, for extracting server files / Extracting server files using XXE vulnerabilities, Exploiting the vulnerability
Z
- ZAP Proxy
- reference / Scanner detection