Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's securityKey FeaturesFamiliarize yourself with the most common web vulnerabilitiesConduct a preliminary assessment of attack surfaces and run exploits in your labExplore new tools in the Kali Linux ecosystem for web penetration testingBook DescriptionWeb applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools, many of which can be used to execute web penetration testing. Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test – from gathering information about the system and application, to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory, exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP, Burp Suite and other web proxies and security testing tools. As you make your way through the book, you will learn how to use automated scanners to find security flaws in web applications and understand how to bypass basic security controls. In the concluding chapters, you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of this book, you will have acquired the skills you need to identify, exploit, and prevent web application vulnerabilities.What you will learnSet up a secure penetration testing laboratoryUse proxies, crawlers, and spiders to investigate an entire websiteIdentify cross-site scripting and client-side vulnerabilitiesExploit vulnerabilities that allow the insertion of code into web applicationsExploit vulnerabilities that require complex setupsImprove testing efficiency using automated vulnerability scannersLearn how to circumvent security controls put in place to prevent attacksWho this book is forKali Linux Web Penetration Testing Cookbook is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. The basics of operating a Linux environment and prior exposure to security technologies and tools are necessary. Cover Title Page Copyright and Credits Packt Upsell Contributors Table of Contents Preface Chapter 1: Setting Up Kali Linux and the Testing Lab Introduction Installing VirtualBox on Windows and Linux Getting ready How to do it... How it works... There's more... See also Creating a Kali Linux virtual machine Getting ready How to do it... How it works... There's more... Updating and upgrading Kali Linux How to do it... How it works... Configuring the web browser for penetration testing How to do it... How it works... See also Creating a client virtual machine How to do it... How it works... See also Configuring virtual machines for correct communication Getting ready How to do it... How it works... Getting to know web applications on a vulnerable virtual machine Getting ready How to do it... How it works... See also Chapter 2: Reconnaissance Introduction Passive reconnaissance Getting ready How to do it... How it works... See also Using Recon-ng to gather information Getting ready How to do it... How it works... See also Scanning and identifying services with Nmap Getting ready How to do it... How it works... There's more... See also Identifying web application firewalls How to do it... How it works... Identifying HTTPS encryption parameters Getting ready How to do it... How it works... See also Using the browser's developer tools to analyze and alter basic behavior How to do it... How it works... There's more... Obtaining and modifying cookies Getting ready How to do it... How it works... There's more... Taking advantage of robots.txt How to do it... How it works... Chapter 3: Using Proxies, Crawlers, and Spiders Introduction Finding files and folders with DirBuster Getting ready How to do it... How it works... See also Finding files and folders with ZAP Getting ready How to do it... How it works... See also Using Burp Suite to view and alter requests Getting ready How to do it... How it works... See also Using Burp Suite's Intruder to find files and folders How to do it... How it works... Using the ZAP proxy to view and alter requests How to do it... How it works... Using ZAP spider How to do it... How it works... There's more Using Burp Suite to spider a website Getting ready How to do it... How it works... There's more Repeating requests with Burp Suite's repeater Getting ready How to do it... How it works... Using WebScarab Getting ready How to do it... How it works... Identifying relevant files and directories from crawling results How to do it... How it works... Chapter 4: Testing Authentication and Session Management Introduction Username enumeration Getting ready How to do it... How it works... Dictionary attack on login pages with Burp Suite How to do it... How it works... There's more... Brute forcing basic authentication with Hydra Getting ready How to do it... How it works... There's more... See also Attacking Tomcat's passwords with Metasploit Getting ready How to do it... How it works... There's more... Manually identifying vulnerabilities in cookies How to do it... How it works... There's more... Attacking a session fixation vulnerability How to do it... How it works... Evaluating the quality of session identifiers with Burp Sequencer Getting ready How to do it... How it works... See also Abusing insecure direct object references Getting ready How to do it... How it works... Performing a Cross-Site Request Forgery attack Getting ready How to do it... How it works... See also Chapter 5: Cross-Site Scripting and Client-Side Attacks Introduction Bypassing client-side controls using the browser How to do it... How it works... See also Identifying Cross-Site Scripting vulnerabilities How to do it... How it works... There's more... Obtaining session cookies through XSS How to do it... How it works... See also Exploiting DOM XSS How to do it... How it works... Man-in-the-Browser attack with XSS and BeEF Getting ready How to do it... How it works... There's more... Extracting information from web storage How to do it... How it works... There's more... Testing WebSockets with ZAP Getting ready How to do it... How it works... Using XSS and Metasploit to get a remote shell Getting ready How to do it... How it works... Chapter 6: Exploiting Injection Vulnerabilities Introduction Looking for file inclusions How to do it... How it works... There's more... Abusing file inclusions and uploads Getting ready How to do it... How it works... There's more... Manually identifying SQL injection How to do it... How it works... There's more... Step-by-step error-based SQL injections How to do it... How it works... Identifying and exploiting blind SQL injections How to do it... How it works... There's more... See also Finding and exploiting SQL injections with SQLMap How to do it... How it works... There's more... See also Exploiting an XML External Entity injection Getting ready How to do it... How it works... There's more... See also Detecting and exploiting command injection vulnerabilities How to do it... How it works... Chapter 7: Exploiting Platform Vulnerabilities Introduction Exploiting Heartbleed vulnerability using Exploit-DB Getting ready How to do it... How it works... There's more... See also Executing commands by exploiting Shellshock How to do it... How it works... There's more... Creating and capturing a reverse shell with Metasploit How to do it... How it works... Privilege escalation on Linux Getting ready How to do it... How it works... See also Privilege escalation on Windows Getting ready How to do it... How it works... See also Using Tomcat Manager to execute code How to do it... How it works... Cracking password hashes with John the Ripper by using a dictionary Getting ready How to do it... How it works... Cracking password hashes via Brute Force using Hashcat Getting ready How to do it... How it works... Chapter 8: Using Automated Scanners Introduction Scanning with Nikto How to do it... How it works... Considerations when doing automated scanning How to do it... How it works... Finding vulnerabilities with Wapiti How to do it... How it works... Using OWASP ZAP to scan for vulnerabilities Getting ready How to do it... How it works... There's more... Scanning with Skipfish How to do it... How it works... Finding vulnerabilities in WordPress with WPScan How to do it... How it works... Finding vulnerabilities in Joomla with JoomScan How to do it... How it works... Scanning Drupal with CMSmap Getting ready How to do it... How it works... Chapter 9: Bypassing Basic Security Controls Introduction Basic input validation bypass in Cross-Site Scripting attacks How to do it... How it works... There's more... Exploiting Cross-Site Scripting using obfuscated code How to do it... How it works... Bypassing file upload restrictions How to do it... How it works... Avoiding CORS restrictions in web services Getting ready How to do it... How it works... Using Cross-Site Scripting to bypass CSRF protection and CORS restrictions How to do it... How it works... Exploiting HTTP parameter pollution How to do it... How it works... Exploiting vulnerabilities through HTTP headers How to do it... How it works... Chapter 10: Mitigation of OWASP Top 10 Vulnerabilities Introduction A1 – Preventing injection attacks How to do it... How it works... See also A2 – Building proper authentication and session management How to do it... How it works... See also A3 – Protecting sensitive data How to do it... How it works... A4 – Using XML external entities securely How to do it... How it works... A5 – Securing access control How to do it... How it works... A6 – Basic security configuration guide How to do it... How it works... A7 – Preventing Cross-Site Scripting How to do it... How it works... See also A8 – Implementing object serialization and deserialization How to do it... How it works... A9 – Where to look for known vulnerabilities on third-party components How to do it... How it works... A10 – Logging and monitoring for web applications' security How to do it... How it works... Other Books You May Enjoy Index Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's securityKey Features Familiarize yourself with the most common web vulnerabilities Conduct a preliminary assessment of attack surfaces and run exploits in your lab Explore new tools in Kali Linux ecosystem for web penetration testing Book DescriptionWeb applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a huge array of testing tools, many of which can be used to execute web penetration testing.Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. You will explore the latest features of Burp suite and perform wide range of tasks using Burp suite’s intruder. Next, you will be able to use automated scanners to find security flaws in web applications and also understand how to bypass basic security controls. Finally, you will be able to put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities.What You Will Learn Set up a penetration testing laboratory in a secure way Use proxies, crawlers, and spiders to investigate an entire website in minutes Identify cross site scripting and client-side vulnerabilities Exploit vulnerabilities that require complex setups and run custom-made exploits Discover and exploit vulnerabilities that allow you to inject code into web applications Improve your testing efficiency with the use of automated vulnerability scanners Learn to circumvent some security controls put in place to prevent attacks Who This Book Is ForThis book is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. You should know the basics of operating a Linux environment and have some exposure to security technologies and tools.About the AuthorGilberto Najera-Gutierrezis an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN); he also holds a Master's degree in Computer Science with specialization in Artificial Intelligence.Gilberto has been working as a penetration tester since 2013, and he has been a security enthusiast for almost 20 years. He has successfully conducted penetration tests on networks and applications of some the biggest corporations, government agencies, and financial institutions in Mexico and Australia. Discover the most common web vulnerabilities and prevent them from becoming a threat to your site's security Key FeaturesFamiliarize yourself with the most common web vulnerabilitiesConduct a preliminary assessment of attack surfaces and run exploits in your labExplore new tools in the Kali Linux ecosystem for web penetration testingBook DescriptionWeb applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools, many of which can be used to execute web penetration testing. Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test from gathering information about the system and application, to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory, exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP, Burp Suite and other web proxies and security testing tools. As you make your way through the book, you will learn how to use automated scanners to find security aws in web applications and understand how to bypass basic security controls. In the concluding chapters, you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of this book, you will have acquired the skills you need to identify, exploit, and prevent web application vulnerabilities. What you will learnSet up a secure penetration testing laboratoryUse proxies, crawlers, and spiders to investigate an entire websiteIdentify cross-site scripting and client-side vulnerabilitiesExploit vulnerabilities that allow the insertion of code into web applicationsExploit vulnerabilities that require complex setupsImprove testing efficiency using automated vulnerability scannersLearn how to circumvent security controls put in place to prevent attacksWho this book is forKali Linux Web Penetration Testing Cookbook is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. The basics of operating a Linux environment and prior exposure to security technologies and tools are necessary. Table of ContentsSetting up Kali Linux and the Testing LabReconnaissanceUsing Proxies, Crawlers and SpidersTesting Authentication and Session ManagementCross-Site Scripting and Client-Side AttacksExploiting Injection VulnerabilitiesExploiting Platform VulnerabilitiesUsing Automated ScannersBypassing Basic Security ControlsMitigation of OWASP Top 10 Vulnerabilities BDiscover the most common web vulnerabilities and prevent them from becoming a threat to your site's security/b h4Key Features/h4 ulliFamiliarize yourself with the most common web vulnerabilities /li liConduct a preliminary assessment of attack surfaces and run exploits in your lab /li liExplore new tools in the Kali Linux ecosystem for web penetration testing /li /ul h4Book Description/h4 Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform that provides a broad array of testing tools, many of which can be used to execute web penetration testing. Kali Linux Web Penetration Testing Cookbook gives you the skills you need to cover every stage of a penetration test - from gathering information about the system and application, to identifying vulnerabilities through manual testing. You will also cover the use of vulnerability scanners and look at basic and advanced exploitation techniques that may lead to a full system compromise. You will start by setting up a testing laboratory, exploring the latest features of tools included in Kali Linux and performing a wide range of tasks with OWASP ZAP, Burp Suite and other web proxies and security testing tools. As you make your way through the book, you will learn how to use automated scanners to find security ?aws in web applications and understand how to bypass basic security controls. In the concluding chapters, you will look at what you have learned in the context of the Open Web Application Security Project (OWASP) and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of this book, you will have acquired the skills you need to identify, exploit, and prevent web application vulnerabilities. h4What you will learn/h4 ulliSet up a secure penetration testing laboratory /li liUse proxies, crawlers, and spiders to investigate an entire website /li liIdentify cross-site scripting and client-side vulnerabilities /li liExploit vulnerabilities that allow the insertion of code into web applications /li liExploit vulnerabilities that require complex setups /li liImprove testing efficiency using automated vulnerability scanners /li liLearn how to circumvent security controls put in place to prevent attacks/li/ul h4Who this book is for/h4 Kali Linux Web Penetration Testing Cookbook is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. The basics of operating a Linux environment and prior exposure to security technologies and tools are necessary Kali Linux is the most popular open-source penetration toolkit used for effective web penetration testing. This book will teach you, in the form of step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure.