Hacker’s Elusive Thoughts The Web
Hacker’s Elusive Thoughts The Web
About the Book
This book is going to help Web Application developers, Professional Penetration Testers and Web Application Security Analysts to standardise their Web Application security assessments. It is also going to help them build a comprehensive penetration testing framework, that can easily be integrated to their custom Secure Life Cycle (SDLC) development.
About the Author
Table of Contents
1 Formalizing Web Penetration Test
1.16 Chaining Scanners . . . . . . . . . . . . . . . . . . . . . . . . 23
1.17 Using Wrappers . . . . . . . . . . . . . . . . . . . . . . . . . 24
1.18 Why Python . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
1.19 Useful Python Libraries . . . . . . . . . . . . . . . . . . . . . 27
1.20 Python Useful Open Source Projects . . . . . . . . . . . . 28
1.21 The Python Version . . . . . . . . . . . . . . . . . . . . . . 29
1.22 Python Development Environment . . . . . . . . . . . . . . 29
1.23 Python Libraries Used . . . . . . . . . . . . . . . . . . . . . . 30
1.24 Installing Python . . . . . . . . . . . . . . . . . . . . . . . . 31
1.25 Installing Requests . . . . . . . . . . . . . . . . . . . . . . . 31
1.26 Installing Beautiful Soup 4 . . . . . . . . . . . . . . . . . . . 32
1.27 Python Comments . . . . . . . . . . . . . . . . . . . . . . . . . 34
1.28 Program Structure . . . . . . . . . . . . . . . . . . . . . . . . 34
1.29 Documenting Python code . . . . . . . . . . . . . . . . . . . . . 35
1.30 Writing Your Own Scanner . . . . . . . . . . . . . . . . . . . . 36
1.31 Problematic Scanning . . . . . . . . . . . . . . . . . . . . . . 38
1.32 The Scanner Design . . . . . . . . . . . . . . . . . . . . . . . 40
1.33 Python Useful Modules . . . . . . . . . . . . . . . . . . . . . . 42
1.34 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
1.35 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
2 Scanning With Class
2.1 Manual Versus Automated Testing . . . . . . . . . . . . . . . . . 48
2.2 Why Commercial Scanners Fail . . . . . . . . . . . . . . . . . . . 49
2.3 Integrating Our Scanner To SDLC . . . . . . . . . . . . . . . . . .55
2.4 Problems When Writing A Scanner . . . . . . . . . . . . . . . 58
2.5 Scanning Time . . . . . . . . . . . . . . . . . . . . . . . . . . 58
2.6 Scanning Time Improvement . . . . . . . . . . . . . . . . . . . 59
2.7 Defining URL(s) . . . . . . . . . . . . . . . . . . . . . . . . . 64
2.8 Choosing HTML Parser . . . . . . . . . . . . . . . . . . . . . 65
2.9 Defining HTML Pages . . . . . . . . . . . . . . . . . . . . . . 67
2.10 Parsing URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
2.11 Parsing HTML pages . . . . . . . . . . . . . . . . . . . . . . . 72
2.12 Restricting Scanning . . . . . . . . . . . . . . . . . . . . . . . 79
2.13 Connection Handling . . . . . . . . . . . . . . . . . . . . . . . 87
2.14 HTTP Handling . . . . . . . . . . . . . . . . . . . . . . . . . . 89
2.15 Fetching Pages . . . . . . . . . . . . . . . . . . . . . . . . . . 90
2.16 Avoiding Denial Of Service Conditions . . . . . . . . . . . . . 92
2.17 Performing Denial of Service . . . . . . . . . . . . . . . . . . . 96
2.18 Assessing Replies . . . . . . . . . . . . . . . . . . . . . . . . . 99
2.19 Sending Malicious Payloads . . . . . . . . . . . . . . . . . . . 101
2.20 Analysing Fuzz Data with Python . . . . . . . . . . . . . . . . 103
2.21 Passive Scanning Analysing Headers . . . . . . . . . . . . . . 105
2.22 Debugging Code . . . . . . . . . . . . . . . . . . . . . . . . . . 109
2.23 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
2.24 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
3 The Payload Management
3.1 Keeping Up To Date Payloads . . . . . . . . . . . . . . . . . . 116
3.2 Payloads And Fuzzing . . . . . . . . . . . . . . . . . . . . . . 117
3.3 Intelligent Fuzzing . . . . . . . . . . . . . . . . . . . . . . . . 117
3.4 Input Validation Obfuscation . . . . . . . . . . . . . . . . . . 118
3.5 The Teenage Mutant Ninja Turtles Project . . . . . . . . . . . 119
3.6 Encoding And Payloads . . . . . . . . . . . . . . . . . . . . . 119
3.7 Character Encoding . . . . . . . . . . . . . . . . . . . . . . . . 120
3.8 Code Point Explained . . . . . . . . . . . . . . . . . . . . . . 121
3.9 Encoding And Internet Browsers . . . . . . . . . . . . . . . . 123
3.10 Encoding And Rendering . . . . . . . . . . . . . . . . . . . . . 124
3.11 Payload Logistics . . . . . . . . . . . . . . . . . . . . . . . . . 124
3.12 Browser Sandboxing Bypass . . . . . . . . . . . . . . . . . . . 125
3.13 Payload Size Calculation . . . . . . . . . . . . . . . . . . . . . 126
3.14 Building Universal Exploits . . . . . . . . . . . . . . . . . . . 127
3.15 Base64 Encoding And Cross Site Scripting . . . . . . . . . . . 132
3.16 UTF-7 Encoding And Cross Site Scripting . . . . . . . . . . . 134
3.17 Double URL Encoding And Cross Site Scripting . . . . . . . . 135
3.18 Encoding And Path-Traversal Attacks . . . . . . . . . . . . . 136
3.19 UTF-8 encoding And Path-traversal Attacks . . . . . . . . . . 137
3.20 UTF-16 encoding And Path Traversal Attacks . . . . . . . . . 139
3.21 NULL Character And Path Traversal Attacks . . . . . . . . . 140
3.22 Using Mangled Paths . . . . . . . . . . . . . . . . . . . . . . . 142
3.23 Octal encoding and XSS . . . . . . . . . . . . . . . . . . . . . 142
3.24 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
4 Infiltrating Corporate Networks Using XML Injections
4.1 Why XXE Attacks Still Exist . . . . . . . . . . . . . . . . . . 145
4.2 How Extensible Markup Language Is Used . . . . . . . . . . . 148
4.3 About Document Type Definition . . . . . . . . . . . . . . . . 148
4.4 More On External Entities . . . . . . . . . . . . . . . . . . . . 150
4.5 A URI As Reference In Markup Languages . . . . . . . . . . . 153
4.6 Where XML Parsers Are Used . . . . . . . . . . . . . . . . . . 154
4.7 XML Parser Inner Workings . . . . . . . . . . . . . . . . . . . 155
4.8 XML Parser And XXE . . . . . . . . . . . . . . . . . . . . . . 156
4.9 Generating XML Errors . . . . . . . . . . . . . . . . . . . . . 156
4.10 Error Based XXE Injections . . . . . . . . . . . . . . . . . . . 157
4.11 The XML Web Application . . . . . . . . . . . . . . . . . . . 158
4.12 Generating XXE Errors . . . . . . . . . . . . . . . . . . . . . 159
4.13 Exploiting XXE Injections . . . . . . . . . . . . . . . . . . . . 160
4.14 XXE Injections And HTML Comments . . . . . . . . . . . . . 161
4.15 XXE Injections And CDATA Tags . . . . . . . . . . . . . . . 162
4.16 XXE Injections And Cross Site Scripting . . . . . . . . . . . . 164
4.17 XXE Injections And Open Redirections . . . . . . . . . . . . . 165
4.18 XXE Injections And Clickjacking . . . . . . . . . . . . . . . . 166
4.19 XXE Injections And HTML Forms . . . . . . . . . . . . . . . 168
4.20 XXE Injections And Internal Resource Extraction . . . . . . . 169
4.21 XXE Injections And Denial of Service . . . . . . . . . . . . . . 171
4.22 XXE Injections And Port Scanning . . . . . . . . . . . . . . . 173
4.23 XXE Injections And Post Exploitation . . . . . . . . . . . . . 181
4.24 XXE Injections And Service Fingerprint . . . . . . . . . . . . 181
4.25 XXE Injections And Host Discovery . . . . . . . . . . . . . . . 182
4.26 XXE Injections And Web Server Fingerprinting . . . . . . . . 183
4.27 The XXE Identification Scanner . . . . . . . . . . . . . . . . . 184
4.28 The XXE Port Scanner . . . . . . . . . . . . . . . . . . . . . . 186
4.29 The XXE Directory Enumerator . . . . . . . . . . . . . . . . . 187
4.30 Mitigating XXE Vulnerabilities . . . . . . . . . . . . . . . . . 188
4.31 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
4.32 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
5 Phishing Like A Boss
5.1 Why Phishing Attacks Still Exist . . . . . . . . . . . . . . . . 192
5.2 Phishing Attacks Evolve . . . . . . . . . . . . . . . . . . . . . 193
5.3 Clickjacking Attacks . . . . . . . . . . . . . . . . . . . . . . . 195
5.4 Exploiting Clickjacking Attacks Using Cascading Style Sheets 196
5.5 CSRF Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
5.6 Exploiting CSRF Using GET Request . . . . . . . . . . . . . . 202
5.7 Exploiting CSRF Using POST To GET Interchanges . . . . . 204
5.8 Exploiting CSRF Using POST Requests . . . . . . . . . . . . 205
5.9 Exploiting CSRF And Enctype . . . . . . . . . . . . . . . . . 207
5.10 Exploiting CSRF Using XMLHttpRequest . . . . . . . . . . . 208
5.11 XSS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
5.12 XSS Attacks And Clickjacking . . . . . . . . . . . . . . . . . . 212
5.13 XSS Attacks, Clickjacking And Payload Obfuscation . . . . . 216
5.14 Clickjacking And CSRF . . . . . . . . . . . . . . . . . . . . . 219
5.15 Countermeasures Against Phishing Attacks . . . . . . . . . . . 221
5.16 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
6 Obfuscating SQL Fuzzing For Fun and Profit
6.1 Why SQL Injection Attacks Still Exist . . . . . . . . . . . . . 224
6.2 SQL injection Attacks Evolve . . . . . . . . . . . . . . . . . . 225
6.3 SQL Obfuscation Techniques . . . . . . . . . . . . . . . . . . . 227
6.4 Using Case Variation . . . . . . . . . . . . . . . . . . . . . . . 229
6.5 Using SQL Comments . . . . . . . . . . . . . . . . . . . . . . 235
6.6 Using Single URL Encoding . . . . . . . . . . . . . . . . . . . 238
6.7 Using Double URL Encoding . . . . . . . . . . . . . . . . . . 241
6.8 Using Dynamic Query Execution . . . . . . . . . . . . . . . . 241
6.9 Using Conversion Functions . . . . . . . . . . . . . . . . . . . 245
6.10 Multil Layer SQL Obfuscation . . . . . . . . . . . . . . . . . . 248
6.11 SQL Injection Filter Design Mentality . . . . . . . . . . . . . 250
6.12 Whitelist Filters . . . . . . . . . . . . . . . . . . . . . . . . . . 251
6.13 Whitelist Filters In .NET . . . . . . . . . . . . . . . . . . . . 252
6.14 Whitelist Filters In Java . . . . . . . . . . . . . . . . . . . . . 253
6.15 Blacklist Filters . . . . . . . . . . . . . . . . . . . . . . . . . . 254
6.16 Blacklist Filters In ASP . . . . . . . . . . . . . . . . . . . . . 255
6.17 Blacklist Filters In Java . . . . . . . . . . . . . . . . . . . . . 257
6.18 Hybrid Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
6.19 Thinks To Consider When Automating Fuzzing . . . . . . . . 259
6.20 Stored Procedures And Parameterized Queries . . . . . . . . . 261
6.21 Web Application Firewall Bypassing . . . . . . . . . . . . . . 262
6.22 Python Library Requests . . . . . . . . . . . . . . . . . . . . 262
6.23 Automating SQL Fuzzing . . . . . . . . . . . . . . . . . . . . 264
6.24 Hiding SQL Injection Attacks From Logs . . . . . . . . . . 269
6.25 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Do Well. Do Good.
Authors have earned$10,782,676writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Top Books
- #1
Aprendiendo Git
Miguel Angel Durán GarcíaGit no es complicado... ¡Si lo entiendes! 😜
¿Sientes que sabes usarlo porque has memorizado todos los comandos que necesitas? ¡Pero no entiendes qué hace cada cosa y por qué! Así es normal que, cuando exista un problema, te cueste resolverlo.
¡Con este libro vas a entender de una vez por todas todo lo que es Git y cómo sacarle provecho!
- #2
Rector - The Power of Automated Refactoring
Matthias Noback and Tomas VotrubaLearn how to automatically and continuously upgrade and improve your PHP code base
- #3
Atomic Kotlin
Bruce Eckel and Svetlana IsakovaFor both beginning and experienced programmers! From the author of the multi-award-winning Thinking in C++ and Thinking in Java and a Kotlin team member comes a book that breaks concepts into small, easy-to-digest "atoms," along with exercises supported by hints and solutions directly inside IntelliJ IDEA! Full support at www.AtomicKotlin.com.
- #4
Functional Programming Made Easier
Charles ScalfaniA Functional Programming book from beginner to advanced without skipping a single step along the way.
In my 40 years of programming, I've felt that programming books always let me down, especially Functional Programming books. So, I wrote the book I wish I had 5 years ago.
Functional Programming will never be easy, but it can be easier.
- #5
OpenIntro Statistics
David Diez, Christopher Barr, Mine Cetinkaya-Rundel, and OpenIntroA complete foundation for Statistics, also serving as a foundation for Data Science.
Leanpub revenue supports OpenIntro (US-based nonprofit) so we can provide free desk copies to teachers interested in using OpenIntro Statistics in the classroom and expand the project to support free textbooks in other subjects.
More resources: openintro.org.
- #6
C++20
Rainer GrimmC++20 is the next big C++ standard after C++11. As C++11 did it, C++20 changes the way we program modern C++. This change is, in particular, due to the big four of C++20: ranges, coroutines, concepts, and modules.
- #7
Introducing EventStorming
Alberto BrandoliniThe deepest tutorial and explanation about EventStorming, straight from the inventor.
- #8
Effective Kotlin
Marcin MoskałaEffective Kotlin summarizes the best practices and experiences of the Kotlin community, together with a deep explanation of some lesser-known Kotlin functionalities. All of the best practices are presented as simple rules with detailed explanations.
- #9
Ansible for DevOps
Jeff GeerlingAnsible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.
- #10
Jetpack Compose internals
Jorge CastilloJetpack Compose is the future of Android UI. Master how it works internally and become a more efficient developer with it. You'll also find it valuable if you are not an Android dev. This book provides all the details to understand how the Compose compiler & runtime work, and how to create a client library using them.
Top Bundles
- #1
CCIE Service Provider Ultimate Study Bundle
2 Books
Piotr Jablonski, Lukasz Bromirski, and Nick Russo have joined forces to deliver the only CCIE Service Provider training resource you'll ever need. This bundle contains a detailed and challenging collection of workbook labs, plus an extensively detailed technical reference guide. All of us have earned the CCIE Service Provider certification... - #2
Software Architecture for Developers: Volumes 1 & 2 - Technical leadership and communication
2 Books
"Software Architecture for Developers" is a practical and pragmatic guide to modern, lightweight software architecture, specifically aimed at developers. You'll learn:The essence of software architecture.Why the software architecture role should include coding, coaching and collaboration.The things that you really need to think about before... - #3
Modern C++ Collection
3 Books
Get All about Modern C++C++ Standard Library, including C++20Concurrency with Modern C++, including C++20C++20Each book has about 200 complete code examples. Updates are included. When I update one of the books, you immediately get the updated bundle. You can expect significant updates to each new C++ standard (C++23, C++26, .. ) and also... - #5
"The C++ Standard Library" and "Concurrency with Modern C++"
2 Books
Get my books "The C++ Standard Library" and "Concurrency with Modern C++" in a bundle. The first book gives you the details you should know about the C++ standard library; the second one dives deeper into concurrency with modern C++. In sum, you get more than 600 pages full of modern C++ and about 250 source files presenting the standard library... - #6
10 Books Bundle - A New Career in Tech 🚀
10 Books
Do you want to create yourself a new and profitable skillset - in one year or less? Do you want to position yourself on the right side of change finally? Do you want to work from home and set your own work schedule while choosing fun and interesting coding projects? Software developers and freelance developersearn six figuresin the US, according... - #7
The Python Craftsman
3 Books
The Python Craftsman series comprises The Python Apprentice, The Python Journeyman, and The Python Master. The first book is primarily suitable for for programmers with some experience of programming in another language. If you don't have any experience with programming this book may be a bit daunting. You'll be learning not just a programming... - #9
Pattern-Oriented Memory Forensics and Malware Detection
2 Books
This training bundle for security engineers and researchers, malware and memory forensics analysts includes two accelerated training courses for Windows memory dump analysis using WinDbg. It is also useful for technical support and escalation engineers who analyze memory dumps from complex software environments and need to check for possible...
