« Previous 1 2 3
Searching for security flaws and exploits with Burp Suite
On Patrol
Conclusion
In this article, I looked at the basics of attack proxies (Burp Suite in particular), looked at the security of cookies and the various security-related fields they can have, performed brute forcing against the target application, and ran through a randomness test for the session tokens used in the application.
Although this article is designed to help developers and security technicians test for a few basic web flaws, it's not intended to be a comprehensive walkthrough of Burp Suite or a replacement for a professional security assessment.
Infos
- Burp Suite: http://portswigger.net/burp/
- Cookies Manager+: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/#
- FoxyProxy Standard: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
- Attack types: http://www.portswigger.net/burp/help/intruder_positions.html#attacktype
- Example session tokens: http://www.RhinoSecurityLabs.com/example-tokens.txt
« Previous 1 2 3
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Credential harvesting at the network interstice
To thwart credential harvesters at the network interstice, you must understand how attackers exploit browser transactions. -
Identity and access management with Authelia
Add access controls to web applications that do not have their own user administration; however, this useful gatekeeper requires a reverse proxy. -
Pentest your web server with Nikto
Check your web servers for known vulnerabilities. -
Attacks on HTTPS Connections
HTTPS protects a connection from both tapping and manipulation, but only if a man in the middle hasn't already infiltrated the Internet connection. We highlight the weaknesses in HTTPS and demonstrate how to protect your client and server. -
Kali Linux is the complete toolbox for penetration testing
The Kali Linux distribution is a complete toolbox for penetration testing.