"Notes" NetEase Micro Professional-web security Engineer -03.web Safety Tools

Course Overview:

In web security testing, with the help of the right tools, we can improve our testing efficiency and expand our testing ideas. This lesson will introduce browser and extension, Agent grab packet, sensitive file detection, vulnerability scanning, injection detection, target information collection of common tools usage and test ideas.

Course Outline:

NOTES: 0. Pre-class instruction

The first two chapters introduce the basic knowledge and security foundation of the web, which is the cultivation of internal strength. The following two chapters will introduce web security tools and combat, temper drilling, really in practice learning, understanding and summary.

A. Web security requires a wide range of knowledge.

B. Through the phenomenon, the essence is the higher realm of tool utilization.

C. In the subsequent study, the practice of practicing their own internal strength.

Web Attack Flow: Information search--vulnerability detection and utilization--backdoor implantation/get permission--Trace cleanup

1. Browsers and plugins

A. Be able to install Chrome, Firefox and Internet Explorer and try it out;

B. Know how to view the configuration options of the browser's feature menu, with a focus on security-related configuration;

C. Know how to view the page source code, check the elements, disable the page JS;

D. Use F12 to bring up developer tools, with the focus on using the network capabilities to view HTTP packets

E. Common plugins (Firefox):

(Note: The latest version of the Firefox many plugins are not available, you need to download the previous version of learning and use.) ）

Firebug: One of the five-star strongly recommended extensions for Firefox. It integrates HTML viewing and editing, JavaScript consoles, and network health monitors, and is the right helper for developing JavaScript, CSS, HTML, and Ajax. Learn to use Firebug to view page elements, network packet contents.

Hackbar: A gadget package that contains tools commonly used by hackers, such as SQL injection, XSS, encryption, and so on. Learn to divide URL parameters, construct post parameters, and modify Referer.

Advanced Cookie Manager: View, manage, construct cookies, and combine Hackbar to construct most requests. Learn to view, modify, delete, and add to cookies.

Proxy Switcher: Agent tool, combined with the following introduction of the capture kit used.

2. Agent Grab Bag

A. Agent principle: Like an "intermediary", when the client has the data requirements of the Internet, Proxy will help users to the destination to obtain the data required by the user, responsible for intercepting, releasing, discarding requests and responses.

B. Ability to configure browser proxies (native configuration methods and quick configuration with plug-ins).

C. Commonly used agent grab bag tool:

Burpsuite: An integrated platform for attacking Web applications. It contains a number of tools and has designed many interfaces for these tools to facilitate the process of speeding up attacks on applications. The default port 8080 is used as the local agent interface, in conjunction with the proxy switcher. Professional editions are available for a fee, download a trial version, or contact KP to get it.

In addition to Charles and fiddler, download and familiarize yourself with tool usage.

D. Practical exercises:

1) Successfully hide your real IP from the Web server by configuring the remote HTTP proxy;

2) be able to configure the local Java operating environment;

3) Successful installation of Charles and initialization configuration;

4) can use Charles and other crawling, modification, replay HTTP packets;

5) successfully use Charles and other crawling HTTPS packets;

3. Vulnerability Scanning Tool

3.1 Sensitive file detection

A. Download and configure the local Python environment, recommended Python2.7;

B. What are sensitive files: Website management background, data files, backup files, Webshell, etc.;

C. How to detect sensitive files: Guess the filename, too slow! , the use of automated tools "sword", Configuration dictionary, scan site;

3.2 Comprehensive Vulnerability Scan

Common tools: Awvs,netsparker,appscan.

3.3 SQL Injection Vulnerability

Artifact: Sqlmap

Basic flow: Find the function page with database interaction to determine if there is SQL injection, and use SQL injection vulnerability read data, export the data required to save.

4. Online Tools

4.1 Search engine Syntax

Baidu/Google's advanced Search

Site:/inurl: (login|admin)/INTITLE:/INTEXT:/FILETYPE:/IP:

4.2 Web Space Search

The function of web-space search engine is to collect and tidy up the internet assets, so as to facilitate people's access and utilization. The principle is to detect crawling sites, identify and tag, and store information for retrieval. Learn to refer to the user manual using web space search engines such as Zoomeye,shodan,fofa. So, for example, enter the app: component name or ver: component version.

4.3 online tools

Whatweb: A website Fingerprint identification tool, the main question is: "What technology does this website use?" "Whatweb can tell you the program used to build the site, including what CMS system, what blog system, javascript libraries, Web servers, embedded devices, etc.

IPIP.NET:IP information.

CMD5: Online encryption and decryption.

Tool.chinaz.com: Webmaster Tools.

Security Ring Info: Secure site collection.

"Notes" NetEase Micro Professional-web security Engineer -03.web Safety Tools