- Basic Network and Cybersecurity Concepts
- Understand Web protocols
- Perform webapps enumeration
- Perform SQL injection, XSS and brute-force attacks
subscription required
Web application penetration testing is a process of identifying and exploiting vulnerabilities in web applications to assess their security posture.
Web and HTTP Protocol
🔗📝 Some Web Applications Basics notes are already covered here (from the PTSv1 Course)
🗒️ HTTP
(HyperText Transfer Protocol) is a protocol used for communication between web servers and clients, such as web browsers. HTTP
key features are:
- Client-Server Architecture
- Stateless Protocol
- Request Methods
- Status Codes (
200
,404
,500
, etc) - Headers (additional information about the request/response)
- Cookies (store info on the client-side)
- Encryption (
HTTPS
)
HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Commonly used HTTP requests are:
GET
- retrieve data from the server
HEAD
- retrieve metadata about a resource from the server
POST
- submit data to the server
PUT
- update an existing resource on the server
DELETE
- delete a specified resource
CONNECT
- establish a tunnel to the server identified by the target resource
OPTIONS
- describe the communication options for a resource
TRACE
- perform a message loop-back test along the path to the resource
PATCH
- apply partial modifications to a resource
HTTP response status codes indicate whether a specific HTTP
request has been successfully completed. They are grouped in five classes:
100-199
- Informational responses200-299
- Successful responses300-399
- Redirection messages400-499
- Client error responses500-599
- Server error responses
An HTTP cookie is a small piece of data that a server sends to a user's web browser. The web browser may store the cookie and send it back to the same server with later requests. Cookies are mainly used for these purposes:
- Session management
- Personalization
- Tracking
🗒️ HTTPS
(HTTP Secure) is the encrypted version of HTTP
that uses a combination of Transport Layer Security (TLS
) or Secure Sockets Layer (SSL
) protocol and HTTP protocol to provide secure communication.
When a client connects to an HTTPS-enabled website, the server sends its SSL
/TLS
certificate to the client. The client verifies the certificate to ensure that it is issued by a trusted certificate authority and that it is valid. If the certificate is valid, the client and the server establish a secure connection using a unique session key.
🔬 There are many vulnerable testing web apps like:
📝 Check the HackerSploit's Web App Penetration Testing Tutorials
# bWAPP with Docker - by HackerSploit sudo docker pull hackersploit/bwapp-docker sudo docker run -d -p 80:80 hackersploit/bwapp-docker # Open http://127.0.0.1/install.php sudo docker container ls sudo docker container stop <CONTAINER_NAME> sudo docker container start <CONTAINER_NAME>
nmap -sV -p 80,443,3306 demossl.ine.local
Directory Enumeration - Gobuster
Gobuster
- a tool used to brute-force URIs including directories and files as well as DNS subdomains.
# Kali Linux Install
sudo apt update && sudo apt install -y gobuster
# Go Install
go install github.com/OJ/gobuster/v3@latest
Directory Enumeration - BurpSuite
BurpSuite
- an integrated platform for performing security testing of web applications.
# Kali Linux Install
sudo apt update && sudo apt install -y burpsuite
🔬 Check HTTP Web App Enumeration lab covering HTTP Method and Directory Enumeration Techniques
Scanning WebApp - ZAProxy
Zaproxy
- OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
# Kali Linux Install
sudo apt update && sudo apt install -y zaproxy
Scanning WebApp - Nikto
Nikto
- a pluggable web server and CGI scanner written in Perl, using rfp’s LibWhisker to perform fast security or informational checks.
# Kali Linux Install
sudo apt update && sudo apt install -y nikto
🔬 Check HTTP Web App Scanning lab covering Web Apps scanning techniques
SQLMap
- an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
# Kali Linux Install
sudo apt update && sudo apt install -y sqlmap
XSSer
(Cross-Site Scripter) - an automatic framework to detect, exploit and report XSS vulnerabilities in web-based applications.
# Kali Linux Install
sudo apt update && sudo apt install -y xsser
🗒️ SQL Injection attacks consist of insertion or “injection” of a SQL
query via the input data from the client to the application, allowing an attacker to interfere with the database queries of the vulnerable web application.
🗒️ Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites, allowing an attacker to compromise the interactions that users have with a vulnerable application.
🔬 Check Web App Attacks lab covering Web Apps Attacking techniques