Share this.Here you will find most common tools used to. Below listed tools are used for web application testing.
![]()
On top of excellent PC performance, Call of Duty: WWII is one of the best FPS games on PC with tried and tested multiplayer and a story that evokes some of the finest moments of classic COD.
BurpsuiteBurpsuite is an GUI based tool used to intercepting http traffic. The tool is written inJava & created by PortSwigger web security. This tool is mostly used by pentesters/ security researchers & CTFs. According to researcher of international institute of cyber security Burpsuite contains options of many small tools like – scanner, intruder, spider & other tools to scan the URL.
![]()
Burpsutie Tools. HTTP Proxy – It works as web proxy server & used as MITM (Man In Middle Attack) between web browser & Burpsuite. Scanner – It is used to automate the scan of web application. Intruder – This tool automates attacks on web application. Intruder offers pre-written algorithms to generate malicious HTTP request.
Spider – It is used to crawl website & used in manual mapping to accelerate the process of application functionality. Repeater – It is used to modify requests to the server. Decoder – This tool is used to transform raw data into hash forms. Decoder is capable of observing encoding formats.
Comparer – Comparer is used to perform comparison between two items of web application. Extender – This tool is used to load extensions for extending burpsuite functionalities.
Sequencer – It is used to randomness data items of web applications. Mostly it is used to test application session tokens or other important data items which are unpredictable. CommixCommix is another tool used by security researchers/ CTFs to automate the web application testing.
This tool is designed to find vulnerabilities related to command injection attacks. Attacker can also upload shells using commix such as using malicious php shells or gather session using metasploit. For testing you can use different linux distros. ArchStrike. BlackArch Linux. BackBox. Kali Linux.
Parrot Security OS. Pentoo Linux. Weakerthan Linux. We are using Kali Linux 2019.1 amd64. Open terminal type.
git clone Type cd commix && ls. Type python commix.py –help. We will showing command injection attack. For testing we will use web for pentester vm. Hackbar gives other options to convert hex into mysql.OWASP-ZAPOwasp-zap tool is used to scan web application. As this tool works same as burpsuite.
The tool has to be configured with same configuration. You have to give same localhost for the owasp-zap & for Firefox.
The tool comes pre-installed in Kali Linux distros. You can also install tool in Windows based OS.
It is the world most free security tool maintained by many volunteers. These tools are covered as a part of courses offered by International Institute of Cyber Security. Download tool from: https://www.owasp.org/index.php/OWASPZedAttackProxyProject. Above you can see owasp-zap http traffic interception.
When we opened hackthissite.org, owasp-zap started intercepting the traffic of the URL. Above screenshot shows directories of the URL containing. Owasp-zap is very popular among pentesters, security researchers & also used in CTFs challenges.POSTMANPostman is used to debug web application request. Pentesters, security researchers uses postman for checking GET POST & many other request for any web applications. As tool itself offers many features for web application testing. When you enter URL in untitled request postman will start finding its cookies, headers, domain, ssl verification & even the path. You can also open the website inside postman.
Download tool from: https://www.getpostman.com/. Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience.
He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions.
He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |