Practical Web Application Penetration Testing Series – Chapter 3b

October 12, 2016 | Views: 3446

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Chapter 3b

Hello cybrarians

In the last chapter, we set up plugins needed for burp suite. Now we are going to start scanning http://testphp.acunetix.com/ with burp suite.

Run burp scanner and set the browser proxy to it. Then, in the URL, go to the target site and you see that burp captures the request for us.

Screenshot from 2016-10-02 10-04-40.png

Hints: At this point, we should know which strategy we are going to use. Some pentesters like doing penetration testing manually and they just check every suspected link with burp scanner for specific vulnerabilities the think may exist. However, I am going to perform an automatic scanning with burp suite.

Some others may prefer using other scanners like Acunetix or Netsparker but

If we talk about commercial tools I prefer to use Netsparker as it has many attacking tools plugins.

Back to our burp suite.click on intercept is off and go to target tab at the top.

Screenshot from 2016-10-02 10-05-49.png

 

On the right, you see a list of URLs, but the one we are going to perform scanning is http://testphp.acunetix.com/. So, right click on it and from menu select “Add to scope.” This is for that we want to use some extra plugins in the future so we distinct our URL and separate it from others in the list.

Again right click on http://testphp.acunetix.com/ URL and this time select “Spider this host.”

Now click on “spider tab.”

 

1.png

You can see that during spider burp asks us for manual input,you can enter username and password or any info you want or just press Submit form without entering.

We press “submit form” without entering again and again.

The spider is now spidering http://testphp.acunetix.com/ website and finds each link it has.

Press target tab again and you can see spider has found many links and subfolders of the website.

Screenshot from 2016-10-02 10-28-04.png

 

Right click on the target URL and select Actively scan this host.IN the Active scanning wizard dialog we set some options for running our scan .

Screenshot from 2016-10-02 10-33-05.png

First, we check Remove items with no parameters since as we don’t want burp to scan links that have no parameters.

Hint: the links that have no parameters are usually not used for scanning as wherever there is not an option from user input in the site we can not find vulnerabilities [ But not always ].

Usually, these kinds of links have a source of static data such as js files or static web pages. [Where there is no input from the user there may be no vulnerability].

 

We also check Remove items with the following extensions and we can put more extensions in the list, for example we add .bmp (bitmap files).

 

2.png

 

We click on Next

Screenshot from 2016-10-02 10-47-51.png

 

And then ok .

In the scanner tab -> Scan queue we see that scanning started .

 

Screenshot from 2016-10-02 10-49-55.png

We should wait until scanning finishes .during scanning if we go to target tab we can see issues that scanner finds in the Issues window.

Screenshot from 2016-10-02 10-52-14.png

 

If we click on an issue, in the Advisory we can see Issue detail of every issue burp suite has found.

The first thing we do after finishing scan id to save the scan. For this we go to the main menu, click on burp and select “Save state. The “save state wizard appears.

 

Screenshot from 2016-10-02 11-31-01.png

 

We check save in-scope item only [we added this to scope before] and click next.

Screenshot from 2016-10-02 11-34-58.png

 

We can input the password for encrypting our state but I just click on next. The other options are clear.Screenshot from 2016-10-02 11-37-11.png

Hit next, then give it a name and save it.

Screenshot from 2016-10-02 11-40-57.png

Hit next again, and done.

Screenshot from 2016-10-02 11-41-06.png

This way ,we can consider the details we scanned whenever we want.

In the next section of this chapter, we use more techniques to retest the

issues we found and ensure they are real issues. After that, in chapter 4 we are going to exploit the issues found and the techniques of exploitation.

We will see how to bypass WAF and make a final report. In chapter 5 we repeat testing in manually advanced mode :testing URL rewrites and injections and inclusions.

Thanks everybody

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
3 Comments
  1. An interesting series. Waiting for the next …

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel