June 2017
Intermediate to advanced
338 pages
8h 28m
English
Depending on our success in the Recon phase, some of our OSINT may include credentials for a web user. These can often be scraped in a MITM attack similar to what we discussed using SET in Chapter 3, Stalking Prey Through Target Recon. While it is certainly acceptable to scan sites without credentials, the revelations that may come with a scan as a logged-in user never disappoint. Without the credentials, you'll likely see a majority of static content and much less sensitive information exposed in black-box tests. White-box tests can better serve to secure data in the event of compromised credentials and thus input strings here are just as valuable if they are available. ...
Read now
Unlock full access