INFORMATION GATHERING | PENETRATION TESTING
Penetration Testing : Setting Up BurpSuite Proxy Environment For Penetration testing
What Penteration Testing Is ?
Penetration Testing is the process of finding vulnerabilities or weakness in the web application or the computer system with permission of owner or in other words we can say , finding vulnerabilities ethically not unethically. It basically means we should have prior permission of resource person to test any web application or system.
Setting up proxy ??
we’ll set up proxy with firefox. Here question will come in mind ,
What is Proxy ?
Proxy is nothing but a software or program that sits between client and server , similar to VPN. All the traffic from client to server goes through proxy and from server to client goes through proxy.
We’ll use BURP Proxy to intercept the request and response and we’ll do setup for it :
1. First install foxy proxy extension in your firefox in linux
2. FoxyProxy : options page will open then click on add on top left.
Now enter the following details as shown below in fig.
Now click on save.
3. Now to open burpsuite , click on top left icon of kali linux and then search for burpsuite.
4. Burpsuite: Burpsuite is very powerful automated tool and also it can be used manually , mostly for web application testing. It comes in two versions one is community version and other is paid version. We get community version as pre installed in linux. To use paid version you’ll need to buy it.
5. Now we have configured firefox , now we’ll set up burp.
6. After clicking on Burp Suite, click Next, then Start Burp. You should see a window as shown in below fig.
This Post becoming so lengthy in Reading here ->
Check Out Complete Article ( with Pictures by Step By Step ) if Are Really Setting Proxy with your Burp Suiteite :
https://www.jewkoiyie.com/penetration-testing-setting-up-burpsuite-proxy-environment-for-penetration-testing/
Penetration Testing : Setting Up BurpSuite Proxy Environment For Penetration testing
What Penteration Testing Is ?
Penetration Testing is the process of finding vulnerabilities or weakness in the web application or the computer system with permission of owner or in other words we can say , finding vulnerabilities ethically not unethically. It basically means we should have prior permission of resource person to test any web application or system.
Setting up proxy ??
we’ll set up proxy with firefox. Here question will come in mind ,
What is Proxy ?
Proxy is nothing but a software or program that sits between client and server , similar to VPN. All the traffic from client to server goes through proxy and from server to client goes through proxy.
We’ll use BURP Proxy to intercept the request and response and we’ll do setup for it :
1. First install foxy proxy extension in your firefox in linux
2. FoxyProxy : options page will open then click on add on top left.
Now enter the following details as shown below in fig.
Now click on save.
3. Now to open burpsuite , click on top left icon of kali linux and then search for burpsuite.
4. Burpsuite: Burpsuite is very powerful automated tool and also it can be used manually , mostly for web application testing. It comes in two versions one is community version and other is paid version. We get community version as pre installed in linux. To use paid version you’ll need to buy it.
5. Now we have configured firefox , now we’ll set up burp.
6. After clicking on Burp Suite, click Next, then Start Burp. You should see a window as shown in below fig.
This Post becoming so lengthy in Reading here ->
Check Out Complete Article ( with Pictures by Step By Step ) if Are Really Setting Proxy with your Burp Suiteite :
https://www.jewkoiyie.com/penetration-testing-setting-up-burpsuite-proxy-environment-for-penetration-testing/
CYBER SECURITY | INFORMATION GATHERING | PENETRATION TESTING
Penetration Testing – Learn All About BurpSuite in here
What Basically BurpSuite is
Burp Suite is a set of tools used for penetration testing of web applications. It is developed by a company named Portsviger, which is also the surname of its founder, Dafid Stuart.
It is the most popular tool among professional web app security researchers and bug bounty hunters.
WHAT IS INTRUDER IN BURPSUITE :
Now moving forward let’s talk about intruder,intruder just automates the request sending,
but in community version of burp, it works slow but no matter we’ll see how it works.
WHAT IS REPEATER IN BURPSUITE :
We can use repeater to modify the request and examine server responses in detail.
But you’ll think intruder all also help us to manipulate request , but in case of intruder it’s automatically but in repeater we do manually.
Now intercept any request and right click in proxy tab and then select send to repeater. Then in repeater left side windows will show you req and right side windows will show you response.
WHAT IS DECODER IN BURPSUITE :
The decode can be used to encode or decode some part of requests which you want.
WHAT IS COMPARER IN BURPSUITE:
We can use compare to check difference between requests or response.
SO, IF YOU REALLY WANTS TO READ ABOUT BURPSUITE :-
Do check out my website for more practical View
https://jewkoiyie.com/penetration-testing-learn-all.../
Penetration Testing – Learn All About BurpSuite in here
What Basically BurpSuite is
Burp Suite is a set of tools used for penetration testing of web applications. It is developed by a company named Portsviger, which is also the surname of its founder, Dafid Stuart.
It is the most popular tool among professional web app security researchers and bug bounty hunters.
WHAT IS INTRUDER IN BURPSUITE :
Now moving forward let’s talk about intruder,intruder just automates the request sending,
but in community version of burp, it works slow but no matter we’ll see how it works.
WHAT IS REPEATER IN BURPSUITE :
We can use repeater to modify the request and examine server responses in detail.
But you’ll think intruder all also help us to manipulate request , but in case of intruder it’s automatically but in repeater we do manually.
Now intercept any request and right click in proxy tab and then select send to repeater. Then in repeater left side windows will show you req and right side windows will show you response.
WHAT IS DECODER IN BURPSUITE :
The decode can be used to encode or decode some part of requests which you want.
WHAT IS COMPARER IN BURPSUITE:
We can use compare to check difference between requests or response.
SO, IF YOU REALLY WANTS TO READ ABOUT BURPSUITE :-
Do check out my website for more practical View
https://jewkoiyie.com/penetration-testing-learn-all.../
INFORMATION GATHERING | PENETRATION TESTING
Web Reconnaissance Or Information Gathering – Part 1
WHAT'S INFORMATION GATHERING IS ?
Information gathering is the first phase of penetration testing in which we collect publicly available information or internal information about target while performing active reconnaissance as well as passive reconnaissance which we can use it our further testing phases.
Target: Our target is nothing but web application on which we’ll perform testing.
Active Reconnaissance: It means whenever we engage with target to get information is called active reconnaissance.
Passive Reconnaissance: It means when we collect publicly available information about target without engaging with target is known as passive reconnaissance.
Vulnerability: Vulnerability is nothing but the weakness or lack of security which we found in the target.
In this blog we have talked about How to gather information about your target like - Active Reconnaissance, Passive Reconnaissance and about Google Dork
To Read Full Article And take Practical Knowledge From Given Link Below :
https://www.jewkoiyie.com/web-reconnaissance-or-information-gathering-part-1/
Web Reconnaissance Or Information Gathering – Part 1
WHAT'S INFORMATION GATHERING IS ?
Information gathering is the first phase of penetration testing in which we collect publicly available information or internal information about target while performing active reconnaissance as well as passive reconnaissance which we can use it our further testing phases.
Target: Our target is nothing but web application on which we’ll perform testing.
Active Reconnaissance: It means whenever we engage with target to get information is called active reconnaissance.
Passive Reconnaissance: It means when we collect publicly available information about target without engaging with target is known as passive reconnaissance.
Vulnerability: Vulnerability is nothing but the weakness or lack of security which we found in the target.
In this blog we have talked about How to gather information about your target like - Active Reconnaissance, Passive Reconnaissance and about Google Dork
To Read Full Article And take Practical Knowledge From Given Link Below :
https://www.jewkoiyie.com/web-reconnaissance-or-information-gathering-part-1/
INFORMATION GATHERING | PENETRATION TESTING
Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site)
SSL Certificate Parsing
SSL Certificate Parsing is another way to find different domain names related to the target. But before that what SSL certificate is, SSL stands for Secure Socket Layer, it is used to encrypt web traffic, because of SSL we see HTTPS in the url field instead of HTTP in maximum websites.
Subdomain Enumeration
Subdomain enumeration is the process of finding subdomains of a target.
What is Whois Lookup?
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Take a look To my Article on This :-
https://jewkoiyie.com/web-reconnaissance-or-information-gathering-part-2-whois-lookup-tools-site/
Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site)
SSL Certificate Parsing
SSL Certificate Parsing is another way to find different domain names related to the target. But before that what SSL certificate is, SSL stands for Secure Socket Layer, it is used to encrypt web traffic, because of SSL we see HTTPS in the url field instead of HTTP in maximum websites.
Subdomain Enumeration
Subdomain enumeration is the process of finding subdomains of a target.
What is Whois Lookup?
Whois is a widely used Internet record listing that identifies who owns a domain and how to get in contact with them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Take a look To my Article on This :-
https://jewkoiyie.com/web-reconnaissance-or-information-gathering-part-2-whois-lookup-tools-site/
👍1
Bug Bounty pinned «INFORMATION GATHERING | PENETRATION TESTING Web Reconnaissance Or Information Gathering — Part 2 ( Whois Lookup, tools, site) SSL Certificate Parsing SSL Certificate Parsing is another way to find different domain names related to the target. But before…»
INFORMATION GATHERING | PENETRATION TESTING
Directory Brute Forcing – Web Reconnaissance Or Information Gathering – Part 3
Directory Brute-Forcing : Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.
Main 2 Type of Tool To Find Hidden Directory :
Dirbuster and Gobuster
Dirb :
Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.
Gobuster :
Gobuster is another tool which can be used to find the same.
Check out My Full Article :
https://jewkoiyie.com/directory-brute-forcing-web-reconnaissance-or-information-gathering-part-3/
Directory Brute Forcing – Web Reconnaissance Or Information Gathering – Part 3
Directory Brute-Forcing : Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.
Main 2 Type of Tool To Find Hidden Directory :
Dirbuster and Gobuster
Dirb :
Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.
Gobuster :
Gobuster is another tool which can be used to find the same.
Check out My Full Article :
https://jewkoiyie.com/directory-brute-forcing-web-reconnaissance-or-information-gathering-part-3/
❤2
INFORMATION GATHERING | PENETRATION TESTING
Website’s Directory Crawling Using Spider – Web Reconnaissance
Spidering the site :
Spidering is another way of finding the directories and the paths through web spidering or web crawling.
Web Crawling or Spidering: It is a process used to identify all pages on a site. This process is done with the help of a web spider tool, in this, we’ll use Burp Spider version 1.7.36 or OWASP Zap.
Check out the Full Article on Spider Tool :
https://jewkoiyie.com/websites-directory-crawling-using-spider-web-reconnaissance-part-4/
Website’s Directory Crawling Using Spider – Web Reconnaissance
Spidering the site :
Spidering is another way of finding the directories and the paths through web spidering or web crawling.
Web Crawling or Spidering: It is a process used to identify all pages on a site. This process is done with the help of a web spider tool, in this, we’ll use Burp Spider version 1.7.36 or OWASP Zap.
Check out the Full Article on Spider Tool :
https://jewkoiyie.com/websites-directory-crawling-using-spider-web-reconnaissance-part-4/
This Cheatsheet provides various tips for using Netcat for both Linux and Unix 🔥🌿🌿🌱☘️🌼🍀
All Syntex is designed for the original netcat
Here is Netcat 🌿Cheatsheet 🔥
All Syntex is designed for the original netcat
Here is Netcat 🌿Cheatsheet 🔥
Google warns that Russian and Belarusian hackers are targeting Ukraine and European allies through phishing attacks.
Read details: https://thehackernews.com/2022/03/google-russian-hackers-target.html
Read details: https://thehackernews.com/2022/03/google-russian-hackers-target.html
👍1
A new browser extension allows users to automatically check whether or not the WhatsApp Web code on their browser has been altered or tampered with, providing an extra layer of security for millions of desktop users.
Details: https://thehackernews.com/2022/03/heres-how-to-find-if-whatsapp-web-code.html
Details: https://thehackernews.com/2022/03/heres-how-to-find-if-whatsapp-web-code.html
Multiple vulnerabilities, including command injection, have been discovered in popular Software Package Managers—such as Composer, Bundler, Poetry, Yarn, pnpm, Pip, and Pipenv, some of which have not yet fixed the reported issues.
Read: https://thehackernews.com/2022/03/multiple-security-flaws-discovered-in.html
Read: https://thehackernews.com/2022/03/multiple-security-flaws-discovered-in.html
Google is officially buying cybersecurity company Mandiant in an all-cash deal approximately valued at $5.4 billion.
Read: https://thehackernews.com/2022/03/google-buys-cybersecurity-firm-mandiant.html
Read: https://thehackernews.com/2022/03/google-buys-cybersecurity-firm-mandiant.html