Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Burp Suite Cookbook
Packt Upsell
Why subscribe? Packt.com
Contributors
About the author About the reviewer Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this book
Conventions used
Sections
Getting ready How to do it… How it works… There's more… See also
Get in touch
Reviews
Disclaimer Targeting legal vulnerable web applications
Getting Started with Burp Suite
Introduction Downloading Burp (Community, Professional)
Getting ready
Software tool requirements
How to do it...
Setting up a web app pentesting lab
Getting ready
Software tool requirements
How to do it... How it works
Starting Burp at a command line or as an executable
How to do it... How it works...
Listening for HTTP traffic, using Burp
Getting ready How to do it... How it works...
Getting to Know the Burp Suite of Tools
Introduction Software tool requirements Setting the Target Site Map
Getting ready How to do it... How it works...
Understanding the Message Editor
Getting ready How to do it...
Repeating with Repeater
Getting ready How to do it...
Decoding with Decoder
Getting ready How to do it...
Intruding with Intruder
Getting ready How to do it...
Target Positions Payloads
Payload Sets Payload Options Payload Processing Payload Encoding
Options
Request Headers Request Engine Attack Results Grep - Match Grep - Extract Grep - Payloads Redirections
Start attack button
Configuring, Spidering, Scanning, and Reporting with Burp
Introduction  Software tool requirements Establishing trust over HTTPS
Getting ready How to do it...
Setting Project options
How to do it...
The Connections tab The HTTP tab The SSL tab The Sessions tab The Misc tab
Setting user options
How to do it...
The SSL tab The Display tab The Misc tab
Spidering with Spider
Getting ready 
The Control tab The Options tab
How to do it...
Scanning with Scanner
Getting ready  How to do it...
Reporting issues
Getting ready  How to do it...
Assessing Authentication Schemes
Introduction Software tool requirements Testing for account enumeration and guessable accounts
Getting ready How to do it...
Testing for weak lock-out mechanisms
Getting ready How to do it...
Testing for bypassing authentication schemes
Getting ready How to do it... How it works
Testing for browser cache weaknesses
Getting ready How to do it...
Testing the account provisioning process via the REST API
Getting ready How to do it...
Assessing Authorization Checks
Introduction Software requirements Testing for directory traversal
Getting ready How to do it... How it works...
Testing for Local File Include (LFI)
Getting ready How to do it... How it works...
Testing for Remote File Inclusion (RFI)
Getting ready How to do it... How it works...
Testing for privilege escalation
Getting ready How to do it... How it works...
Testing for Insecure Direct Object Reference (IDOR)
Getting ready How to do it... How it works...
Assessing Session Management Mechanisms
Introduction Software tool requirements Testing session token strength using Sequencer
Getting ready How to do it... How it works...
Testing for cookie attributes
Getting ready How to do it... How it works...
Testing for session fixation
Getting ready How to do it... How it works...
Testing for exposed session variables
Getting ready How to do it... How it works...
Testing for Cross-Site Request Forgery
Getting ready How to do it... How it works...
Assessing Business Logic
Introduction Software tool requirements Testing business logic data validation
Getting ready How to do it... How it works...
Unrestricted file upload – bypassing weak validation
Getting ready How to do it... How it works...
Performing process-timing attacks
Getting ready How to do it... How it works...
Testing for the circumvention of work flows
Getting ready How to do it... How it works...
Uploading malicious files – polyglots
Getting ready How to do it... How it works... There's more...
Evaluating Input Validation Checks
Introduction Software tool requirements Testing for reflected cross-site scripting
Getting ready How to do it... How it works...
Testing for stored cross-site scripting
Getting ready How to do it... How it works...
Testing for HTTP verb tampering
Getting ready How to do it... How it works...
Testing for HTTP Parameter Pollution
Getting ready How to do it... How it works...
Testing for SQL injection
Getting ready How to do it... How it works... There's more...
Testing for command injection
Getting ready How to do it... How it works...
Attacking the Client
Introduction Software tool requirements Testing for Clickjacking
Getting ready How to do it... How it works...
Testing for DOM-based cross-site scripting
Getting ready How to do it... How it works...
Testing for JavaScript execution
Getting ready How to do it... How it works...
Testing for HTML injection
Getting ready How to do it... How it works...
Testing for client-side resource manipulation
Getting ready How to do it... How it works...
Working with Burp Macros and Extensions
Introduction Software tool requirements Creating session-handling macros
Getting ready How to do it... How it works...
Getting caught in the cookie jar
Getting ready How to do it... How it works...
Adding great pentester plugins
Getting ready How to do it... How it works...
Creating new issues via the Manual-Scan Issues Extension
Getting ready How to do it... How it works... See also
Working with the Active Scan++ Extension
Getting ready How to do it... How it works...
Implementing Advanced Topic Attacks
Introduction Software tool requirements Performing XXE attacks
Getting ready How to do it... How it works...
Working with JWT
Getting ready How to do it... How it works...
Using Burp Collaborator to determine SSRF
Getting ready How to do it... How it works... See also
Testing CORS
Getting ready How to do it... How it works... See also
Performing Java deserialization attacks
Getting Ready How to do it... How it works... There's more... See also
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion