Chapter 4. Finding Vulnerabilities
In this chapter, we will cover:
- Using Hackbar add-on to ease parameter probing
- Using Tamper Data add-on to intercept and modify requests
- Using ZAP to view and alter requests
- Using Burp Suite to view and alter requests
- Identifying cross site scripting (XSS) vulnerabilities
- Identifying error based SQL injection
- Identifying blind SQL Injection
- Identifying vulnerabilities in cookies
- Obtaining SSL and TLS information with SSLScan
- Looking for file inclusions
- Identifying POODLE vulnerability
Introduction
We have now finished the reconnaissance stage of our penetration test and have identified the kind of server and development framework our application uses and also some of its possible weak spots. It is now time to actually put ...
Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.