June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Web
应用测试
|
289
等。有效载荷处理功能允许你配置规则,以便通过不同有效载荷更改基本有
效载荷列表来使其正常工作。
此前我们谈到了会话劫持。
Burp Suite
可以帮助用户识别身份验证令牌,对其
进行分析是确定它们是否可以预测。你可以使用“
Sequencer
”选项卡中的功
能完成此操作。如果令牌是可预测的,那么这可能允许攻击者确定令牌的内
容或者构造一个令牌。你可以通过
Burp Suite
中的其他工具向“
Sequencer
”
发送请求,或者只是用一个捕获的数据包发送到此工具。
虽然可能需要一些时间来习惯它的使用,特别是对于所有选项都是可配置的。
Burp Suite
会执行大量测试,即使是
Kali
中功能有限的社区版软件。对于想
要了解服务器和客户端之间的交互,以及希望了解更改这些请求可能会如何
影响应用程序功能的人来说,这是一个很好的起点。
Zed
攻击代理
开放式
Web
应用程序安全项目(
The Open Web Applications Security Project
,
OWASP
)维护着一个常见漏洞类别列表。它旨在通过最大限度地减少导致这
些漏洞的数量,从而向开发人员和安全人员介绍如何保护他们的应用程序以
及应用环境免受攻击。除了漏洞列表之外,
OWASP
还创建了一个
Web
应用
程序测试程序。这也是一个类似
Burp Suite
这样基于代理的测试程序。除了
基于代理的测试之外,
Zed
攻击代理(
Zed Attack Proxy
,
ZAP
)还具有一些
其他特性。
获取
Zed
攻击代理程序
你将在
Kali
菜单系统下
We
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.