Turn: http://zhuanlan.zhihu.com/evilcos/19578244. The by cosine 2013 expands and expands, thinking about where to expand.
Under Firefox
- Firebug, debug Js,http Request response Observation, cookie,dom tree observation, etc.;
- Greasemonkey, I changed a cookie to modify the script, other students can use this: Original cookie Injector for Greasemonkey;
- Noscript, to do some JS blocking;
- Autoproxy,fq necessary;
Under Chrome
- F12 Open Developer tools, function ==firebug+ Local storage observation, etc.
- Swichysharp,fq necessary;
- Cookie modification script, wrote a Chrome extension (open Source: Cookie using Artifact: cookiehacker), other students can go to the Chrome extension to search for a useful;
Front-end penetration tools
- XSS ' OR, which I developed, is commonly used for decryption and code generation, where the source is stacked: Evilcos/xssor GitHub;
- Xssee 3.0 Beta,monyer developed, plus decryption best use artifact;
- Online JavaScript beautifier,js beautification tool, analysis JS commonly used;
- Front-end attack framework, recommended beef and some small partners developed the XSS Blind Play tool, I also have a paragraph, but not easily;
HTTP Proxy Tool
- Fiddler, can, no longer look for other, wherein the watcher plug-in can play, find loopholes;
- Burp Suite, artifact, not only HTTP proxy, but also crawler, vulnerability scanning, infiltration, blasting and other functions;
Vulnerability Scanning Tool
- Awvs, not only easy to sweep, bring some small tools to use;
- Python self-writing scripts/tools, the good flaw is you use Awvs wait to find? Wash and sleep;
- Nmap, definitely not just port scanning! Hundreds of scripts;
Exploit exploits
- Sqlmap,sql injected using the most cattle artifact, not one;
- Metasploit, the host infiltration framework, and the web level is to know the creation of some good things in the woo (I may be bragging);
- Some social work platforms, all good are hiding;
- Hydra, blasting necessary;
Grab Bag Tool
- Wireshark, grasping the bag must;
- Tcpdump,linux the command line grab packet, the result can give Wireshark analysis;
Big Data Platform
- Zoomeye, know that Chuang Yu open a web search engine, search components will know: Zoomeye (Zhong eye), can think of me in advertising;
- Shodan, the foreigner open a search engine of Internet space, search the host equipment to know: Shodan–computer search engine;
- Google,:)
See more yourself Kali Linux (old is: BackTrack).
Life Saving Recommendations: Skilled linux many command +vim.
My penetrating weapon