Chapter 4. Finding Vulnerabilities

In this chapter, we will cover:

  • Using Hackbar add-on to ease parameter probing
  • Using Tamper Data add-on to intercept and modify requests
  • Using ZAP to view and alter requests
  • Using Burp Suite to view and alter requests
  • Identifying cross site scripting (XSS) vulnerabilities
  • Identifying error based SQL injection
  • Identifying blind SQL Injection
  • Identifying vulnerabilities in cookies
  • Obtaining SSL and TLS information with SSLScan
  • Looking for file inclusions
  • Identifying POODLE vulnerability


We have now finished the reconnaissance stage of our penetration test and have identified the kind of server and development framework our application uses and also some of its possible weak spots. It is now time to actually put ...

Get Kali Linux Web Penetration Testing Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.