Web Hacking Survival Kit (Pen testing Tools)...
When doing a manual security assessment of a web application you
generally only require a web browser and a local proxy server that
allows you to trap and modify requests. Aside from those basic tools,
there are a few others that come in handy. This page is dedicated to the
tools I use, or that I find useful.
The Starting Team All 3g Hacking
- Mozilla FireFox-
If your not using this browser for your normal browsing activity… you
should. There are enough security problems with IE to encourage such a
choice, and if you want to do any security hacking/auditing this will
become an invaluable tool. One of the major benefits of FireFox comes in
the form of the great number of extensions available. Here are some
useful ones
- Web Developer - This plugin adds a toolbar full of useful tools for both web developers and web hackers alike.
- SwitchProxy - Quickly and easily switch between your local proxy server and direct connections.
- LiveHTTP Headers -
This allows you to quickly view the header traffic to and from your
browser without the need for connecting to a local proxy server
- User Agent Switcher -
This plugin allows you to quickly and easily change the User Agent
string sent to the webserver. Sometimes apps are designed to generate
different output based on the browser type and this could result in the
execution of a different chunk of code.
- My full FireFox extensions list - There are additional extensions I use, but they don’t really belong in this list.
- Burp Proxy -
Burp Proxy is my primary manual attacking tool and is actually designed
specifically for web app hacking. Note: Requires a working Java environment.
- ntoinsight and ntoweb -
ntoinsight is a great crawler that will inventory the site and generate
a cool report of the attackable locations on the site. Adding ntoweb
allows it to execute the nikto checks and add the findings to the
report.
- Cross Site Scripting cheatsheet -
This appears to be the definitive list of ways to accomplish XSS and
work around various input validation or complicated ways to make sure
the resulting injection accomplishes what you want.
- MD5 Hash Lookup -
When you discover an MD5 has, this is the fastest solution for finding
its unencrypted value. If is not “decrypting”, but instead they are
building up a huge database of common strings/passwords and generating
the MD5 hashes and then allowing you to search the pre-generated hashes
to find a possible match.
- Google - Need I explain what an awesome resource this is?
Often Benchwarmers, but good to have around
- Paros Proxy -
This is another local proxy server that allows you to have your own man
in the middle to use for recoding the full traffic between your browser
and the web server. Paros allows you to “trap” the requests and
responses in a way that you have to approve each and are able to modify
any of the traffic before it gets to its intended destination. Note:
Requires a working Java environment.
- DSniff (for Windows) – Old school spoofing, intercept and monitoring communication tools.
- Ettercap (for Windows) – Similar to DSniff, but more user-friendly.
- LibWhisker - Perl library that provides functions for manipulating HTTP and HTML. Can be used to create your own hacking scripts.
- Nikto - Known vuln web server and application scanner (uses LibWhisker).
- Stunnel -
Allows you to use any normal hacking script that works over HTTP but
not HTTPS. Stunnel can handle the encryption layer and tunnel the
traffic.
- NetCat (for Windows) – Known as “The TCP/IP swiss army knife”. This is just a generally useful networking tool.
Other lists of tools
Automated Tools that Cost
The previous entries are available and free for all. The following are professional tools that you will have to pay for.
0 comments:
Post a Comment
enjoy free 3G tricks