Chapter 5. Web-Based Exploitation
Information in This Chapter:
■ Interrogating Web Servers: Nikto
■ Websecurify: Automated Web Vulnerability Scanning
■ Spidering: Crawling Your Target’s Website
■ Intercepting Requests with WebScarab
■ Cross-Site Scripting: Browsers That Trust Sites
This chapter examines web-based exploitation. The chapter begins by reviewing techniques and tools for interrogating web servers. Specific tools to scan for vulnerabilities in web servers are discussed through the use of Nikto and Websecurify. Exploring the target website by discovering directories and files is demonstrated through the use of a spider. A method for intercepting website requests by using WebScarab is also discussed. Code injection attacks, ...