Hands-On Application Penetration Testing with Burp Suite

Hands-On Application Penetration Testing with Burp Suite

by Carlos A. Lozano, Dhruv Shah, Riyaz Ahemed Walikar
Released February 2019
Publisher(s): Packt Publishing
ISBN: 9781788994064

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Test, fuzz, and break web applications and services using Burp Suite's powerful capabilities

Key Features

  • Master the skills to perform various types of security tests on your web applications
  • Get hands-on experience working with components like scanner, proxy, intruder and much more
  • Discover the best-way to penetrate and test web applications

Book Description

Burp suite is a set of graphic tools focused towards penetration testing of web applications. Burp suite is widely used for web penetration testing by many security professionals for performing different web-level security tasks.

The book starts by setting up the environment to begin an application penetration test. You will be able to configure the client and apply target whitelisting. You will also learn to setup and configure Android and IOS devices to work with Burp Suite. The book will explain how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. Once detection is completed and the vulnerability is confirmed, you will be able to exploit a detected vulnerability using Burp Suite. The book will also covers advanced concepts like writing extensions and macros for Burp suite. Finally, you will discover various steps that are taken to identify the target, discover weaknesses in the authentication mechanism, and finally break the authentication implementation to gain access to the administrative console of the application.

By the end of this book, you will be able to effectively perform end-to-end penetration testing with Burp Suite.

What you will learn

  • Set up Burp Suite and its configurations for an application penetration test
  • Proxy application traffic from browsers and mobile devices to the server
  • Discover and identify application security issues in various scenarios
  • Exploit discovered vulnerabilities to execute commands
  • Exploit discovered vulnerabilities to gain access to data in various datastores
  • Write your own Burp Suite plugin and explore the Infiltrator module
  • Write macros to automate tasks in Burp Suite

Who this book is for

If you are interested in learning how to test web applications and the web part of mobile applications using Burp, then this is the book for you. It is specifically designed to meet your needs if you have basic experience in using Burp and are now aiming to become a professional Burp user.

Publisher resources

View/Submit Errata

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Hands-On Application Penetration Testing with Burp Suite
  3. Contributors
    1. About the authors
    2. About the reviewer
    3. Packt is searching for authors like you
  4. About Packt
    1. Why subscribe?
    2. Packt.com
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Conventions used
    4. Get in touch
      1. Reviews
  6. Configuring Burp Suite
    1. Getting to know Burp Suite
    2. Setting up proxy listeners
    3. Managing multiple proxy listeners
    4. Working with non-proxy-aware clients
    5. Creating target scopes in Burp Suite
    6. Working with target exclusions
    7. Quick settings before beginning
    8. Summary
  7. Configuring the Client and Setting Up Mobile Devices
    1. Setting up Firefox to work with Burp Suite (HTTP and HTTPS)
    2. Setting up Chrome to work with Burp Suite (HTTP and HTTPS)
      1. Setting up Chrome proxy options on Linux 
    3. Setting up Internet Explorer to work with Burp Suite (HTTP and HTTPS)
    4. Additional browser add-ons that can be used to manage proxy settings
      1. FoxyProxy for Firefox
      2. Proxy SwitchySharp for Google Chrome
    5. Setting system-wide proxy for non-proxy-aware clients
      1. Linux or macOS X
      2. Windows
    6. Setting up Android to work with Burp Suite
    7. Setting up iOS to work with Burp Suite
    8. Summary
  8. Executing an Application Penetration Test
    1. Differences between a bug bounty and a client-initiated pentest
    2. Initiating a penetration test
    3. Why Burp Suite? Let's cover some groundwork!
      1. Types and features
      2. Crawling
    4. Why Burp Suite Scanner?
      1. Auditor/Scanner
        1. Understanding the insertion points
    5. Summary
  9. Exploring the Stages of an Application Penetration Test
    1. Stages of an application pentest
      1. Planning and reconnaissance
      2. Client-end code analysis
      3. Manual testing
        1. Various business logic flaws
        2. Second-order SQL injection
        3. Pentesting cryptographic parameters
        4. Privilege escalation
        5. Sensitive information disclosures
      4. Automated testing
      5. Exploiting discovered issues
      6. Digging deep for data exfiltration
      7. Taking shells
      8. Reporting
    2. Getting to know Burp Suite better
      1. Features of Burp Suite
        1. Dashboard
        2. Target 
        3. Proxy
        4. Intruder
        5. Repeater
        6. Comparer
        7. Sequencer
        8. Decoder
        9. Extender
        10. Project options
        11. User options
    3. Summary
  10. Preparing for an Application Penetration Test
    1. Setup of vulnerable web applications
      1. Setting up Xtreme Vulnerable Web Application
      2. Setting up OWASP Broken Web Application
    2. Reconnaissance and file discovery
      1. Using Burp for content and file discovery
    3. Testing for authentication via Burp
      1. Brute forcing login pages using Burp Intruder
      2. Testing for authentication page for SQL injection
    4. Summary
  11. Identifying Vulnerabilities Using Burp Suite
    1. Detecting SQL injection flaws
      1. Manual detection
      2. Scanner detection
      3. CO2 detection
    2. Detecting OS command injection
      1. Manual detection
    3. Detecting XSS vulnerabilities
    4. Detecting XML-related issues, such as XXE
    5. Detecting SSTI
    6. Detecting SSRF
    7. Summary
  12. Detecting Vulnerabilities Using Burp Suite
    1. Detecting CSRF
      1. Detecting CSRF using Burp Suite
        1. Steps for detecting CSRF using Burp Suite
    2. Detecting Insecure Direct Object References
    3. Detecting security misconfigurations
      1. Unencrypted communications and clear text protocols
      2. Default credentials
      3. Unattended installations
      4. Testing information
      5. Default pages
    4. Detecting insecure deserialization
      1. Java Deserialization Scanner
    5. Detecting OAuth-related issues
      1. Detecting SSO protocols
      2. Detecting OAuth issues using Burp Suite
        1. Redirections
        2. Insecure storage
    6. Detecting broken authentication
      1. Detecting weak storage for credentials
      2. Detecting predictable login credentials
      3. Session IDs exposed in the URL
      4. Session IDs susceptible to session fixation attacks
      5. Time out implementation
      6. Session is not destructed after logout
    7. Summary
  13. Exploiting Vulnerabilities Using Burp Suite - Part 1
    1. Data exfiltration via a blind Boolean-based SQL injection
      1. The vulnerability
      2. The exploitation
      3. Performing exfiltration using Burp Suite
    2. Executing OS commands using an SQL injection
      1. The vulnerability
    3. Executing an out-of-band command injection
      1. SHELLING
    4. Stealing session credentials using XSS
      1. Exploiting the vulnerability
    5. Taking control of the user's browser using XSS
    6. Extracting server files using XXE vulnerabilities
      1. Exploiting the vulnerability
    7. Performing out-of-data extraction using XXE and Burp Suite collaborator
      1. Using Burp Suite to exploit the vulnerability
    8. Exploiting SSTI vulnerabilities to execute server commands
      1. Using Burp Suite to exploit the vulnerability
    9. Summary
  14. Exploiting Vulnerabilities Using Burp Suite - Part 2
    1. Using SSRF/XSPA to perform internal port scans
      1. Performing an internal port scan to the backend
    2. Using SSRF/XSPA to extract data from internal machines
    3. Extracting data using Insecure Direct Object Reference (IDOR) flaws
      1. Exploiting IDOR with Burp Suite
    4. Exploiting security misconfigurations
      1. Default pages
      2. Directory listings
        1. Scanning
        2. Mapping the application
        3. Using Intruder
      3. Default credentials
      4. Untrusted HTTP methods
    5. Using insecure deserialization to execute OS commands
      1. Exploiting the vulnerability
    6. Exploiting crypto vulnerabilities
    7. Brute forcing HTTP basic authentication
      1. Brute forcing it with Burp Suite
    8. Brute forcing forms
      1. Automation with Burp Suite
    9. Bypassing file upload restrictions
      1. Bypassing type restrictions
    10. Summary
  15. Writing Burp Suite Extensions
    1. Setting up the development environment
    2. Writing a Burp Suite extension
      1. Burp Suite's API
      2. Modifying the user-agent using an extension
        1. Creating the user-agents (strings)
        2. Creating the GUI
        3. The operation
    3. Executing the extension
    4. Summary
  16. Breaking the Authentication for a Large Online Retailer
    1. Remembering about authentication
    2. Large online retailers
    3. Performing information gathering
      1. Port scanning
      2. Discovering authentication weaknesses
      3. Authentication method analysis
        1. Weak storage for credentials
        2. Predictable login credentials
        3. Session IDs exposed in the URL
        4. Session IDs susceptible to session fixations attacks
        5. The session is not destructed after the logout
        6. Sensitive information sent via unprotected channels
    4. Summary
  17. Exploiting and Exfiltrating Data from a Large Shipping Corporation
    1. Discovering Blind SQL injection
      1. Automatic scan
      2. SQLMap detection
        1. Looking for entry points
        2. Using SQLMap
      3. Intruder detection
        1. Exploitation
    2. Summary
  18. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Hands-On Application Penetration Testing with Burp Suite
  • Author(s): Carlos A. Lozano, Dhruv Shah, Riyaz Ahemed Walikar
  • Release date: February 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781788994064