book

Web Security Testing Cookbook

by Paco Hope, Ben Walther

October 2008

Intermediate to advanced

312 pages

8h 57m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Who This Book Is ForLeveraging Free ToolsAbout the CoverOrganizationConventions Used in This BookUsing Code ExamplesSafari® Books OnlineComments and QuestionsAcknowledgments
What Is Security Testing?What Are Web Applications?Web Application FundamentalsWeb App Security TestingIt’s About the How
2.1. Installing Firefox2.2. Installing Firefox Extensions2.3. Installing Firebug2.4. Installing OWASP’s WebScarab2.5. Installing Perl and Packages on Windows2.6. Installing Perl and Using CPAN on Linux, Unix, or OS X2.7. Installing CAL90002.8. Installing the ViewState Decoder2.9. Installing cURL2.10. Installing Pornzilla2.11. Installing Cygwin2.12. Installing Nikto 22.13. Installing Burp Suite2.14. Installing Apache HTTP Server
3.1. Viewing a Page’s HTML Source3.2. Viewing the Source, Advanced3.3. Observing Live Request Headers with Firebug3.4. Observing Live Post Data with WebScarab3.5. Seeing Hidden Form Fields3.6. Observing Live Response Headers with TamperData3.7. Highlighting JavaScript and Comments3.8. Detecting JavaScript Events3.9. Modifying Specific Element Attributes3.10. Track Element Attributes Dynamically3.11. Conclusion
4.1. Recognizing Binary Data Representations4.2. Working with Base 644.3. Converting Base-36 Numbers in a Web Page4.4. Working with Base 36 in Perl4.5. Working with URL-Encoded Data4.6. Working with HTML Entity Data4.7. Calculating Hashes4.8. Recognizing Time Formats4.9. Encoding Time Values Programmatically4.10. Decoding ASP.NET’s ViewState4.11. Decoding Multiple Encodings
5.1. Intercepting and Modifying POST Requests5.2. Bypassing Input Limits5.3. Tampering with the URL5.4. Automating URL Tampering5.5. Testing URL-Length Handling5.6. Editing Cookies5.7. Falsifying Browser Header Information5.8. Uploading Files with Malicious Names5.9. Uploading Large Files5.10. Uploading Malicious XML Entity Files5.11. Uploading Malicious XML Structure5.12. Uploading Malicious ZIP Files5.13. Uploading Sample Virus Files5.14. Bypassing User-Interface Restrictions
6.1. Spidering a Website with WebScarab6.2. Turning Spider Results into an Inventory6.3. Reducing the URLs to Test6.4. Using a Spreadsheet to Pare Down the List6.5. Mirroring a Website with LWP6.6. Mirroring a Website with wget6.7. Mirroring a Specific Inventory with wget6.8. Scanning a Website with Nikto6.9. Interpretting Nikto’s Results6.10. Scan an HTTPS Site with Nikto6.11. Using Nikto with Authentication6.12. Start Nikto at a Specific Starting Point6.13. Using a Specific Session Cookie with Nikto6.14. Testing Web Services with WSFuzzer6.15. Interpreting WSFuzzer’s Results
7.1. Fetching a Page with cURL7.2. Fetching Many Variations on a URL7.3. Following Redirects Automatically7.4. Checking for Cross-Site Scripting with cURL7.5. Checking for Directory Traversal with cURL7.6. Impersonating a Specific Kind of Web Browser or Device7.7. Interactively Impersonating Another DeviceImitating a Search Engine with cURL7.8. Faking Workflow by Forging Referer Headers7.9. Fetching Only the HTTP Headers7.10. POSTing with cURL7.11. Maintaining Session State7.12. Manipulating Cookies7.13. Uploading a File with cURL7.14. Building a Multistage Test Case7.15. Conclusion
8.1. Writing a Basic Perl Script to Fetch a Page8.2. Programmatically Changing Parameters8.3. Simulating Form Input with POST8.4. Capturing and Storing Cookies8.5. Checking Session Expiration8.6. Testing Session Fixation8.7. Sending Malicious Cookie Values8.8. Uploading Malicious File Contents8.9. Uploading Files with Malicious Names8.10. Uploading Viruses to Applications8.11. Parsing for a Received Value with Perl8.12. Editing a Page Programmatically8.13. Using Threading for Performance

9.1. Bypassing Required Navigation9.2. Attempting Privileged Operations9.3. Abusing Password Recovery9.4. Abusing Predictable Identifiers9.5. Predicting Credentials9.6. Finding Random Numbers in Your ApplicationTesting Random Numbers9.7. Abusing Repeatability9.8. Abusing High-Load Actions9.9. Abusing Restrictive Functionality9.10. Abusing Race Conditions
10.1. Observing Live AJAX Requests10.2. Identifying JavaScript in Applications10.3. Tracing AJAX Activity Back to Its Source10.4. Intercepting and Modifying AJAX Requests10.5. Intercepting and Modifying Server Responses10.6. Subverting AJAX with Injected Data10.7. Subverting AJAX with Injected XML10.8. Subverting AJAX with Injected JSON10.9. Disrupting Client State10.10. Checking for Cross-Domain Access10.11. Reading Private Data via JSON Hijacking
11.1. Finding Session Identifiers in Cookies11.2. Finding Session Identifiers in Requests11.3. Finding Authorization Headers11.4. Analyzing Session ID Expiration11.5. Analyzing Session Identifiers with Burp11.6. Analyzing Session Randomness with WebScarab11.7. Changing Sessions to Evade Restrictions11.8. Impersonating Another User11.9. Fixing Sessions11.10. Testing for Cross-Site Request Forgery
12.1. Stealing Cookies Using XSS12.2. Creating Overlays Using XSS12.3. Making HTTP Requests Using XSS12.4. Attempting DOM-Based XSS Interactively12.5. Bypassing Field Length Restrictions (XSS)12.6. Attempting Cross-Site Tracing Interactively12.7. Modifying Host Headers12.8. Brute-Force Guessing Usernames and Passwords12.9. Attempting PHP Include File Injection Interactively12.10. Creating Decompression Bombs12.11. Attempting Command Injection Interactively12.12. Attempting Command Injection Systematically12.13. Attempting XPath Injection Interactively12.14. Attempting Server-Side Includes (SSI) Injection Interactively12.15. Attempting Server-Side Includes (SSI) Injection Systematically12.16. Attempting LDAP Injection Interactively12.17. Attempting Log Injection Interactively

Content preview from Web Security Testing Cookbook

Chapter 8. Automating with LibWWWPerl

I have not failed. I’ve just found 10,000 ways that won’t work.

—Thomas Alva Edison

Anyone who has spent a little time with Perl knows that it does a few things really, really well: it handles strings and pattern matching, it allows for rapid development of scripts, it is portable across platforms, and it can make use of a wealth of third-party modules that save you a lot of time. When you bring Perl to bear on your scripting, you leverage not only your own programming, but also the programming of thousands of others. Perl is also supported in major commercial testing systems, such as HP’s Quality Center.

To be fair, Perl has some disadvantages, too, which we will mention up front. Perl has been accused of being a “write-only” language. That is, writing Perl that does what you need is one thing; writing working Perl code that you can read six months later is something else. Perl’s motto is “there’s more than one way to do it.” That’s great most of the time, but it also means that there are a lot of variations in the modules you might use. One programmer thinks that procedural functions are the best way to express his solutions, while another thinks that an object-oriented approach is the best way for his module. You’ll find that you need to understand and live with the many paradigms Perl supports if you want to leverage other people’s work.

A Perl guru looking at the examples in this chapter may find them unnecessarily verbose. We’re trying to ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9780596514839Errata Page

Web Security Testing Cookbook

by Paco Hope, Ben Walther

Chapter 8. Automating with LibWWWPerl

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Security for Web Developers

Hands-On Security in DevOps

Software Security Testing

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

Publisher Resources

Chapter 8. Automating with LibWWWPerl

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Security for Web Developers

Hands-On Security in DevOps

Software Security Testing

Penetration Testing Fundamentals: A Hands-On Guide to Reliable Security Audits

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.