In this Burp Suite Tutorial, we are going to elaborately describe the Burp Suite tool and its features that are bundled in a single suite made for Web Application Security assessment as well as Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Burp Suite free edition installed. There is …
Tag Archives: web server
Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App
Whatweb is the perfect name for this tool. Simply it answers the question, “What is that Website?” Whatweb can identify all sorts of information about a live website, like: Whatweb offers both passive scanning and aggressive testing. Passive scanning just extracts data from HTTP headers simulating a normal visit. Aggressive options get deeper with recursion …
Continue reading “Whatweb – A Scanning Tool to Find Security Vulnerabilities in Web App”
SQLMAP – Enumeration of Databases & Users from Vulnerable Web Forms
Sqlmap is a database assessment tool which pentesters & security researchers can use to enumerate databases of various types. Sqlmap automates a normal & advanced sql injection techniques and performs them on a regular form. Refer to the article on Introduction to SQLMAP for getting started. The following lab sessions are a continuation of the previous …
Continue reading “SQLMAP – Enumeration of Databases & Users from Vulnerable Web Forms”
Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing
UA-tester is a tool to check whether a website provides different pages for different user agents like for mobile, desktop bots etc. Well, this tool also delivers a lot of information. It is basically a python script which runs through various user-agents on a specified site. It also tries various options like setting cookie, redirection, …
Continue reading “Ua-tester – A tool for User Agent WAF, IDS/IPS, Redirection testing”
Reconnaissance, Identification & Fingerprinting of Web Application Firewall using WAFW00F
Web Application firewalls are typically firewalls working on the application layer which monitors & modifies HTTP requests. The key difference is that WAFs work on Layer 7 – Application Layer of the OSI Model. Basically, all WAFs protect against different HTTP attacks & queries like SQLi & XSS. Since the firewall is able to detect …
Burpsuite – Use Burp Intruder to Bruteforce Forms
Using Burp Intruder to Bruteforce passwords. Burpsuite is a collection of tools and plugins for any web application security testing bundled into a single executable jar file. It contains about 8 useful tools for performing spidering, fuzzing, decoding etc. But the prime feature is that, it is an intercepting proxy which works on application layer. …
Continue reading “Burpsuite – Use Burp Intruder to Bruteforce Forms”
SQLMAP – Introduction & Automation of SQLi
Basic Operation of SQLMAP & enumeration of Server through automatic SQL Injection. SQLMAP is a database pentesting tool used to automate SQL Injection. Practically using sqlmap, we can dump a whole database from a vulnerable server. SQLMap is written in python and has got dynamic testing features. It can conduct tests for various database backends very …
Continue reading “SQLMAP – Introduction & Automation of SQLi”
World Wide Live Attack Map & Analytics
Ever wanted to see live DOS attacks across the globe? There is a website from a security firm that shows live attacks from all over the globe including the protocol information, IP addresses and country. All this information is put together in a wonderful hacker-like map. Live attacks & traffic are shown once you start the …