Kali Linux Web滲透測試第3版

　　《Kali Linux Web滲透測試 第3版（影印版）》展示了如何設定實驗室，幫助你了解網站攻擊的本質和機制，並且深入解釋了經典的攻擊方法。第3版針對新的Kali Linux改動以及最近的網路攻擊進行了大量更新。在客戶端攻擊，尤其是模糊測試方面，Kali Linux的表現非常出色。

　　《Kali Linux Web滲透測試 第3版（影印版）》首先將為你全面的介紹黑客攻擊和滲透測試的概念，你會看到在Kali Linux中使用的與Web應用程式攻擊相關的工具。你將深入了解典型的SQL、命令注入缺陷以及多種利用這些缺陷的手法。Web滲透測試還需要對客戶端攻擊具備一般性的了解，而這可以通過對腳本和輸入驗證缺陷的長時間討論來解決。還有一個非常重要的章節是關於加密算法實現上的缺陷，在這章里我們討論了網路棧中與加密層有關的新問題。這類攻擊的嚴重性不容小覷，對其的防範與大多數網際網路用戶密切相關，當然其中也少不了滲透測試員。

　　在《Kali Linux Web滲透測試 第3版（影印版）》的結尾，你會使用一種稱為模糊測試的自動化技術來識別Web應用程式中的缺陷。最終，你將了解Web應用程式漏洞以及藉助Kali Linux中的工具利用這些漏洞的方法。

Preface

Chapter 1： Introduction to Penetration Testing and Web Applications

Proactive security testing

Different testing methodologies

Ethical hacking

Penetration testing

Vulnerability assessment

Security audits

Considerations when performing penetration testing

Rules of Engagement

The type and scope of testing

Client contact details

Client IT team notifications

Sensitive data handling

Status meeting and reports

The limitations of penetration testing

The need for testing web applications

Reasons to guard against attacks on web applications

Kali Linux

A web application overview for penetration testers

HTTP protocol

Knowing an HTTP request and response

The request header

The response header

HTTP methods

The GET method

The POST method

The HEAD method

The TRACE method

The PUT and DELETE methods

The OPTIONS method

Keeping sessions in HTTP

Cookies

Cookie flow between server and client

Persistent and nonpersistent cookies

Cookie parameters

HTML data in HTTP response

The server-side code

Multilayer web application

Three-layer web application design

Web services

Introducing SOAP and REST web services

HTTP methods in web services

XML and JSON

AJAX

Building blocks of AJAX

The AJAX workflow

HTML5

WebSockets

Summary

Chapter 2： Setting Up Your Lab with Kali Linux

Kali Linux

Latest improvements in Kali Linux

Installing Kali Linux

Virtualizing Kali Linux versus installing it on physical hardware

Installing on VirtualBox

Creating the virtual machine

Installing the system

Important tools in Kali Linux

CMS & Framework Identification

WPScan

JoomScan

CMSmap

Web Application Proxies

Burp Proxy

Customizing client interception

Modifying requests on the fly

Burp Proxy with HTTPS websites

Zed Attack Proxy

ProxyStrike

Web Crawlers and Directory Bruteforce

……

Chapter 3： Reconnaissance and Profiling the Web Sewer

Reconnaissance

Chapter 4： Authentication and Session Management Flaws

Authentication schemes in web applications

Chapter 5： Detecting and Exploiting Injection-Based Flaws

Command injection

Chapter 6： Finding and Exploiting Cross-Site Scripting （XSS）

Vulnerabilities

Chapter 7： Cross-Site Request Forgery， Identification， and

Exploitation

Chapter 8： Attacking Flaws in Cryptographic Implementations

Chapter 9： AJAX， HTML5， and Client-Side Attacks

Crawling AJAX applications

Chapter 10： Other Common Security Flaws in Web Applications

Insecure direct object references

Chapter 11 ： Using Automated Scanners on Web Applications

Considerations before using an automated scanner

Web application vulnerability scanners in Kali Linux

Index

Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one ofthe top security testing service providers in Australia. He obtained leading security andpenetration testing certifications， namely Offensive Security Certified Professional （OSCP），EC-Council Certified Security Administrator （ECSA）， and GIAC Exploit Researcher andAdvanced Penetration Tester （GXPN）； he also holds a Master's degree in Computer Sciencewith specialization in Artificial Intelligence.

　　Gilberto has been working as a penetration tester since 2013， and he has been a securityenthusiast for almost 20 years. He has successfully conducted penetration tests on networksand applications of some the biggest corporations， government agencies， and financialinstitutions in Mexico and Australia.