Mastering Modern Web Penetration Testing

Book description

Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does!

About This Book

  • This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today’s web applications

  • Penetrate and secure your web application using various techniques

  • Get this comprehensive reference guide that provides advanced tricks and tools of the trade for seasoned penetration testers

  • Who This Book Is For

    This book is for security professionals and penetration testers who want to speed up their modern web application penetrating testing. It will also benefit those at an intermediate level and web developers who need to be aware of the latest application hacking techniques.

    What You Will Learn

  • Get to know the new and less-publicized techniques such PHP Object Injection and XML-based vectors

  • Work with different security tools to automate most of the redundant tasks

  • See different kinds of newly-designed security headers and how they help to provide security

  • Exploit and detect different kinds of XSS vulnerabilities

  • Protect your web application using filtering mechanisms

  • Understand old school and classic web hacking in depth using SQL Injection, XSS, and CSRF

  • Grasp XML-related vulnerabilities and attack vectors such as XXE and DoS techniques

  • Get to know how to test REST APIs to discover security issues in them

  • In Detail

    Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security.

    We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book.

    We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance.

    Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples.

    This pragmatic guide will be a great benefit and will help you prepare fully secure applications.

    Style and approach

    This master-level guide covers various techniques serially. It is power-packed with real-world examples that focus more on the practical aspects of implementing the techniques rather going into detailed theory.

    Table of contents

    1. Mastering Modern Web Penetration Testing
      1. Table of Contents
      2. Mastering Modern Web Penetration Testing
      3. Credits
      4. About the Author
      5. About the Reviewer
      6. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Common Security Protocols
        1. SOP
          1. Demonstration of the same-origin policy in Google Chrome
          2. Switching origins
          3. Quirks with Internet Explorer
          4. Cross-domain messaging
          5. AJAX and the same-origin policy
        2. CORS
          1. CORS headers
          2. Pre-flight request
          3. Simple request
        3. URL encoding – percent encoding
          1. Unrestricted characters
          2. Restricted characters
          3. Encoding table
          4. Encoding unrestricted characters
        4. Double encoding
          1. Introducing double encoding
          2. IIS 5.0 directory traversal code execution – CVE-2001-0333
          3. Using double encoding to evade XSS filters
        5. Base64 encoding
          1. Character set of Base64 encoding
          2. The encoding process
          3. Padding in Base64
        6. Summary
      9. 2. Information Gathering
        1. Information gathering techniques
          1. Active techniques
          2. Passive techniques
        2. Enumerating Domains, Files, and Resources
        3. Fierce
        4. theHarvester
        5. SubBrute
        6. CeWL
        7. DirBuster
        8. WhatWeb
          1. Maltego
          2. Wolfram Alpha
        9. Shodan
        10. DNSdumpster
        11. Reverse IP Lookup – YouGetSignal
        12. Pentest-Tools
        13. Google Advanced Search
        14. Summary
      10. 3. Cross-Site Scripting
        1. Reflected XSS
          1. Demonstrating reflected XSS vulnerability
          2. Reflected XSS – case study 1
          3. Reflected XSS – case study 2
        2. Stored XSS
          1. Demonstrating stored XSS
          2. Stored XSS through Markdown
          3. Stored XSS through APIs
          4. Stored XSS through spoofed IP addresses
        3. Flash-based XSS – ExternalInterface.call()
        4. HttpOnly and secure cookie flags
        5. DOM-based XSS
        6. XSS exploitation – The BeEF
          1. Setting Up BeEF
          2. Demonstration of the BeEF hook and its components
            1. Logs
            2. Commands
            3. Rider
            4. Xssrays
            5. IPec
            6. Network
        7. Summary
      11. 4. Cross-Site Request Forgery
        1. Introducing CSRF
        2. Exploiting POST-request based CSRF
        3. How developers prevent CSRF?
        4. PayPal's CSRF vulnerability to change phone numbers
        5. Exploiting CSRF in JSON requests
        6. Using XSS to steal anti-CSRF tokens
        7. Exploring pseudo anti-CSRF tokens
        8. Flash comes to the rescue
          1. Rosetta Flash
          2. Defeating XMLHTTPRequest-based CSRF protection
        9. Summary
      12. 5. Exploiting SQL Injection
        1. Installation of SQLMap under Kali Linux
        2. Introduction to SQLMap
          1. Injection techniques
        3. Dumping the data – in an error-based scenario
          1. Interacting with the wizard
          2. Dump everything!
        4. SQLMap and URL rewriting
        5. Speeding up the process!
          1. Multi-threading
          2. NULL connection
          3. HTTP persistent connections
          4. Output prediction
          5. Basic optimization flags
        6. Dumping the data – in blind and time-based scenarios
        7. Reading and writing files
          1. Checking privileges
          2. Reading files
          3. Writing files
        8. Handling injections in a POST request
        9. SQL injection inside a login-based portal
        10. SQL shell
        11. Command shell
        12. Evasion – tamper scripts
        13. Configuring with proxies
        14. Summary
      13. 6. File Upload Vulnerabilities
        1. Introducing file upload vulnerability
        2. Remote code execution
          1. Multi-functional web shells
          2. Netcat accessible reverse shell
        3. The return of XSS
          1. SWF – the flash
          2. SVG images
        4. Denial of Service
          1. Malicious JPEG file – pixel flood
          2. Malicious GIF file – frame flood
          3. Malicious zTXT field of PNG files
        5. Bypassing upload protections
          1. Case-sensitive blacklist extension check bypass
        6. MIME content type verification bypass
          1. Apache's htaccess trick to execute benign files as PHP
            1. SetHandler method
            2. The AddType method
          2. Bypassing image content verification
        7. Summary
      14. 7. Metasploit and Web
        1. Discovering Metasploit modules
        2. Interacting with Msfconsole
        3. Using Auxiliary Modules related to Web Applications
        4. Understanding WMAP – Metasploit's Web Application Security Scanner
        5. Generating Web backdoor payload with Metasploit
        6. Summary
      15. 8. XML Attacks
        1. XML 101 – the basics
          1. XML elements
          2. XML Attributes
          3. XML DTD and entities
            1. Internal DTD
            2. External DTD
          4. Entities
            1. Entity declaration
        2. XXE attack
          1. Reading files
            1. PHP Base64 conversion URI as an alternative
          2. SSRF through XXE
          3. Remote code execution
          4. Denial of Service through XXE
        3. XML quadratic blowup
          1. XML billion laughs
          2. The quadratic blowup
            1. WordPress 3.9 quadratic blowup vulnerability – Case Study
        4. Summary
      16. 9. Emerging Attack Vectors
        1. Server Side Request Forgery
          1. Demonstrating SSRF
          2. Protocol Handlers for SSRF URLs
          3. Case Study – MailChimp port scan SSRF
            1. Open port – with non-HTTP service
            2. Open port – with HTTP service
            3. Closed port – with HTTP service
        2. Insecure Direct Object Reference
          1. The basics of IDOR
          2. Case studies
            1. IDOR in Flipkart to delete saved shipping addresses
            2. IDOR in HackerOne to leak private response template data
        3. DOM clobbering
          1. Case study – breaking GitHub's Gist comment system through DOM clobbering
        4. Relative Path Overwrite
          1. Controlling CSS
          2. Internet Explorer
        5. UI redressing
        6. PHP Object Injection
          1. PHP serialization
          2. PHP magic functions
          3. Object injection
        7. Summary
      17. 10. OAuth 2.0 Security
        1. Introducing the OAuth 2.0 model
          1. OAuth 2.0 roles
            1. Resource owner
            2. Client
            3. Resource server
            4. Authorization server
          2. The application
            1. Redirect URI
            2. Access token
            3. Client ID
            4. Client secret
        2. Receiving grants
          1. Authorization grant
          2. Implicit grant
        3. Exploiting OAuth for fun and profit
          1. Open redirect – the malformed URL
          2. Hijacking the OAuth flow – fiddling with redirect URI
            1. Directory traversal tricks
            2. Domain tricks
              1. Naked domain
              2. TLD suffix confusion
            3. Flow hijack through open redirect on client
          3. Force a malicious app installation
        4. Summary
      18. 11. API Testing Methodology
        1. Understanding REST APIs
          1. REST API concepts
            1. URIs
            2. URI format
            3. Modelling of resource
          2. Stitching things together
          3. REST API and HTTP
            1. Request methods
            2. Response codes
            3. Headers
        2. Setting up the testing environment
          1. Analyzing the API
            1. Basic HTTP authentication
            2. Access token
            3. Cookies
          2. Tools
            1. Burp Suite
            2. REST API clients
            3. Custom API explorers
        3. Learning the API
          1. Developer documentation
          2. Understanding requests/responses
          3. Learning scopes
          4. Learning roles
        4. Basic methodology to test developer APIs
          1. Listing endpoints
          2. Firing different request methods
          3. Exploiting API bugs
            1. Scope based testing
              1. Case study 1
              2. Case study 2
            2. Roles based testing
              1. Case study 1
            3. Insecure direct object reference testing
              1. Case study 2
        5. Summary
      19. Index

    Product information

    • Title: Mastering Modern Web Penetration Testing
    • Author(s): Prakhar Prasad
    • Release date: October 2016
    • Publisher(s): Packt Publishing
    • ISBN: 9781785284588