Burp suite cookbook :: practical recipes to help you master web penetration testing with Burp suite.
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Inje...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Birmingham :
Packt,
2018.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML ... |
| Beschreibung: | 1 online resource (350 pages) |
| ISBN: | 9781789539271 1789539277 |
Internformat
MARC
| LEADER | 00000cam a2200000 a 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-on1056058906 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 181006s2018 enk o 000 0 eng d | ||
| 040 | |a EBLCP |b eng |e pn |c EBLCP |d N$T |d TEFOD |d N$T |d MERUC |d UKMGB |d OCLCF |d LVT |d UKAHL |d OCLCQ |d OCLCO |d NZAUC |d OCLCQ |d OCLCO |d TMA |d OCLCQ | ||
| 015 | |a GBB8J4148 |2 bnb | ||
| 016 | 7 | |a 019078558 |2 Uk | |
| 020 | |a 9781789539271 |q (electronic bk.) | ||
| 020 | |a 1789539277 |q (electronic bk.) | ||
| 020 | |z 9781789531732 | ||
| 035 | |a (OCoLC)1056058906 | ||
| 037 | |a 53C84CBA-AEB3-453B-9CEA-0D14CFF5AA7D |b OverDrive, Inc. |n http://www.overdrive.com | ||
| 050 | 4 | |a TK5105.875.I57 | |
| 072 | 7 | |a COM |x 000000 |2 bisacsh | |
| 082 | 7 | |a 006.686 |2 23 | |
| 049 | |a MAIN | ||
| 100 | 1 | |a Wear, Sunny. | |
| 245 | 1 | 0 | |a Burp suite cookbook : |b practical recipes to help you master web penetration testing with Burp suite. |
| 260 | |a Birmingham : |b Packt, |c 2018. | ||
| 300 | |a 1 online resource (350 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 588 | 0 | |a Online resource; title from PDF title page (EBSCO, viewed October 17, 2018) | |
| 505 | 0 | |a Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Getting Started with Burp Suite -- Introduction -- Downloading Burp (Community, Professional) -- Getting ready -- Software tool requirements -- How to do it ... -- Setting up a web app pentesting lab -- Getting ready -- Software tool requirements -- How to do it ... -- How it works -- Starting Burp at a command line or as an executable -- How to do it ... -- How it works ... -- Listening for HTTP traffic, using Burp -- Getting ready -- How to do it ... -- How it works ... -- Chapter 2: Getting to Know the Burp Suite of Tools -- Introduction -- Software tool requirements -- Setting the Target Site Map -- Getting ready -- How to do it ... -- How it works ... -- Understanding the Message Editor -- Getting ready -- How to do it ... -- Repeating with Repeater -- Getting ready -- How to do it ... -- Decoding with Decoder -- Getting ready -- How to do it ... -- Intruding with Intruder -- Getting ready -- How to do it ... -- Target -- Positions -- Payloads -- Payload Sets -- Payload Options -- Payload Processing -- Payload Encoding -- Options -- Request Headers -- Request Engine -- Attack Results -- Grep -- Match -- Grep -- Extract -- Grep -- Payloads -- Redirections -- Start attack button -- Chapter 3: Configuring, Spidering, Scanning, and Reporting with Burp -- Introduction -- Software tool requirements -- Establishing trust over HTTPS -- Getting ready -- How to do it ... -- Setting Project options -- How to do it ... -- The Connections tab -- The HTTP tab -- The SSL tab -- The Sessions tab -- The Misc tab -- Setting user options -- How to do it ... -- The SSL tab -- The Display tab -- The Misc tab -- Spidering with Spider -- Getting ready -- The Control tab -- The Options tab -- How to do it ... -- Scanning with Scanner -- Getting ready. | |
| 505 | 8 | |a How to do it ... -- Reporting issues -- Getting ready -- How to do it ... -- Chapter 4: Assessing Authentication Schemes -- Introduction -- Software tool requirements -- Testing for account enumeration and guessable accounts -- Getting ready -- How to do it ... -- Testing for weak lock-out mechanisms -- Getting ready -- How to do it ... -- Testing for bypassing authentication schemes -- Getting ready -- How to do it ... -- How it works -- Testing for browser cache weaknesses -- Getting ready -- How to do it ... -- Testing the account provisioning process via the REST API -- Getting ready -- How to do it ... -- Chapter 5: Assessing Authorization Checks -- Introduction -- Software requirements -- Testing for directory traversal -- Getting ready -- How to do it ... -- How it works ... -- Testing for Local File Include (LFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for Remote File Inclusion (RFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for privilege escalation -- Getting ready -- How to do it ... -- How it works ... -- Testing for Insecure Direct Object Reference (IDOR) -- Getting ready -- How to do it ... -- How it works ... -- Chapter 6: Assessing Session Management Mechanisms -- Introduction -- Software tool requirements -- Testing session token strength using Sequencer -- Getting ready -- How to do it ... -- How it works ... -- Testing for cookie attributes -- Getting ready -- How to do it ... -- How it works ... -- Testing for session fixation -- Getting ready -- How to do it ... -- How it works ... -- Testing for exposed session variables -- Getting ready -- How to do it ... -- How it works ... -- Testing for Cross-Site Request Forgery -- Getting ready -- How to do it ... -- How it works ... -- Chapter 7: Assessing Business Logic -- Introduction -- Software tool requirements -- Testing business logic data validation. | |
| 505 | 8 | |a Getting ready -- How to do it ... -- How it works ... -- Unrestricted file upload -- bypassing weak validation -- Getting ready -- How to do it ... -- How it works ... -- Performing process-timing attacks -- Getting ready -- How to do it ... -- How it works ... -- Testing for the circumvention of work flows -- Getting ready -- How to do it ... -- How it works ... -- Uploading malicious files -- polyglots -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Chapter 8: Evaluating Input Validation Checks -- Introduction -- Software tool requirements -- Testing for reflected cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for stored cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP verb tampering -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP Parameter Pollution -- Getting ready -- How to do it ... -- How it works ... -- Testing for SQL injection -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Testing for command injection -- Getting ready -- How to do it ... -- How it works ... -- Chapter 9: Attacking the Client -- Introduction -- Software tool requirements -- Testing for Clickjacking -- Getting ready -- How to do it ... -- How it works ... -- Testing for DOM-based cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for JavaScript execution -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTML injection -- Getting ready -- How to do it ... -- How it works ... -- Testing for client-side resource manipulation -- Getting ready -- How to do it ... -- How it works ... -- Chapter 10: Working with Burp Macros and Extensions -- Introduction -- Software tool requirements -- Creating session-handling macros -- Getting ready -- How to do it ... -- How it works ... | |
| 505 | 8 | |a Getting caught in the cookie jar -- Getting ready -- How to do it ... -- How it works ... -- Adding great pentester plugins -- Getting ready -- How to do it ... -- How it works ... -- Creating new issues via the Manual-Scan Issues Extension -- Getting ready -- How to do it ... -- How it works ... -- See also -- Working with the Active Scan++ Extension -- Getting ready -- How to do it ... -- How it works ... -- Chapter 11: Implementing Advanced Topic Attacks -- Introduction -- Software tool requirements -- Performing XXE attacks -- Getting ready -- How to do it ... -- How it works ... -- Working with JWT -- Getting ready -- How to do it ... -- How it works ... -- Using Burp Collaborator to determine SSRF -- Getting ready -- How to do it ... -- How it works ... -- See also -- Testing CORS -- Getting ready -- How to do it ... -- How it works ... -- See also -- Performing Java deserialization attacks -- Getting Ready -- How to do it ... -- How it works ... -- There's more ... -- See also -- Other Books You May Enjoy -- Index. | |
| 520 | |a The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML ... | ||
| 650 | 0 | |a Internet |x Security measures. | |
| 650 | 0 | |a Computer security. |0 http://id.loc.gov/authorities/subjects/sh90001862 | |
| 650 | 2 | |a Computer Security |0 https://id.nlm.nih.gov/mesh/D016494 | |
| 650 | 6 | |a Internet |x Sécurité |x Mesures. | |
| 650 | 6 | |a Sécurité informatique. | |
| 650 | 7 | |a Computer security. |2 bicssc | |
| 650 | 7 | |a Network security. |2 bicssc | |
| 650 | 7 | |a Programming & scripting languages: general. |2 bicssc | |
| 650 | 7 | |a COMPUTERS |x General. |2 bisacsh | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Internet |x Security measures |2 fast | |
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1904138 |3 Volltext |
| 938 | |a Askews and Holts Library Services |b ASKH |n AH35206952 | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL5528474 | ||
| 938 | |a EBSCOhost |b EBSC |n 1904138 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-on1056058906 |
|---|---|
| _version_ | 1816882473659793408 |
| adam_text | |
| any_adam_object | |
| author | Wear, Sunny |
| author_facet | Wear, Sunny |
| author_role | |
| author_sort | Wear, Sunny |
| author_variant | s w sw |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | T - Technology |
| callnumber-label | TK5105 |
| callnumber-raw | TK5105.875.I57 |
| callnumber-search | TK5105.875.I57 |
| callnumber-sort | TK 45105.875 I57 |
| callnumber-subject | TK - Electrical and Nuclear Engineering |
| collection | ZDB-4-EBA |
| contents | Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Getting Started with Burp Suite -- Introduction -- Downloading Burp (Community, Professional) -- Getting ready -- Software tool requirements -- How to do it ... -- Setting up a web app pentesting lab -- Getting ready -- Software tool requirements -- How to do it ... -- How it works -- Starting Burp at a command line or as an executable -- How to do it ... -- How it works ... -- Listening for HTTP traffic, using Burp -- Getting ready -- How to do it ... -- How it works ... -- Chapter 2: Getting to Know the Burp Suite of Tools -- Introduction -- Software tool requirements -- Setting the Target Site Map -- Getting ready -- How to do it ... -- How it works ... -- Understanding the Message Editor -- Getting ready -- How to do it ... -- Repeating with Repeater -- Getting ready -- How to do it ... -- Decoding with Decoder -- Getting ready -- How to do it ... -- Intruding with Intruder -- Getting ready -- How to do it ... -- Target -- Positions -- Payloads -- Payload Sets -- Payload Options -- Payload Processing -- Payload Encoding -- Options -- Request Headers -- Request Engine -- Attack Results -- Grep -- Match -- Grep -- Extract -- Grep -- Payloads -- Redirections -- Start attack button -- Chapter 3: Configuring, Spidering, Scanning, and Reporting with Burp -- Introduction -- Software tool requirements -- Establishing trust over HTTPS -- Getting ready -- How to do it ... -- Setting Project options -- How to do it ... -- The Connections tab -- The HTTP tab -- The SSL tab -- The Sessions tab -- The Misc tab -- Setting user options -- How to do it ... -- The SSL tab -- The Display tab -- The Misc tab -- Spidering with Spider -- Getting ready -- The Control tab -- The Options tab -- How to do it ... -- Scanning with Scanner -- Getting ready. How to do it ... -- Reporting issues -- Getting ready -- How to do it ... -- Chapter 4: Assessing Authentication Schemes -- Introduction -- Software tool requirements -- Testing for account enumeration and guessable accounts -- Getting ready -- How to do it ... -- Testing for weak lock-out mechanisms -- Getting ready -- How to do it ... -- Testing for bypassing authentication schemes -- Getting ready -- How to do it ... -- How it works -- Testing for browser cache weaknesses -- Getting ready -- How to do it ... -- Testing the account provisioning process via the REST API -- Getting ready -- How to do it ... -- Chapter 5: Assessing Authorization Checks -- Introduction -- Software requirements -- Testing for directory traversal -- Getting ready -- How to do it ... -- How it works ... -- Testing for Local File Include (LFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for Remote File Inclusion (RFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for privilege escalation -- Getting ready -- How to do it ... -- How it works ... -- Testing for Insecure Direct Object Reference (IDOR) -- Getting ready -- How to do it ... -- How it works ... -- Chapter 6: Assessing Session Management Mechanisms -- Introduction -- Software tool requirements -- Testing session token strength using Sequencer -- Getting ready -- How to do it ... -- How it works ... -- Testing for cookie attributes -- Getting ready -- How to do it ... -- How it works ... -- Testing for session fixation -- Getting ready -- How to do it ... -- How it works ... -- Testing for exposed session variables -- Getting ready -- How to do it ... -- How it works ... -- Testing for Cross-Site Request Forgery -- Getting ready -- How to do it ... -- How it works ... -- Chapter 7: Assessing Business Logic -- Introduction -- Software tool requirements -- Testing business logic data validation. Getting ready -- How to do it ... -- How it works ... -- Unrestricted file upload -- bypassing weak validation -- Getting ready -- How to do it ... -- How it works ... -- Performing process-timing attacks -- Getting ready -- How to do it ... -- How it works ... -- Testing for the circumvention of work flows -- Getting ready -- How to do it ... -- How it works ... -- Uploading malicious files -- polyglots -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Chapter 8: Evaluating Input Validation Checks -- Introduction -- Software tool requirements -- Testing for reflected cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for stored cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP verb tampering -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP Parameter Pollution -- Getting ready -- How to do it ... -- How it works ... -- Testing for SQL injection -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Testing for command injection -- Getting ready -- How to do it ... -- How it works ... -- Chapter 9: Attacking the Client -- Introduction -- Software tool requirements -- Testing for Clickjacking -- Getting ready -- How to do it ... -- How it works ... -- Testing for DOM-based cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for JavaScript execution -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTML injection -- Getting ready -- How to do it ... -- How it works ... -- Testing for client-side resource manipulation -- Getting ready -- How to do it ... -- How it works ... -- Chapter 10: Working with Burp Macros and Extensions -- Introduction -- Software tool requirements -- Creating session-handling macros -- Getting ready -- How to do it ... -- How it works ... Getting caught in the cookie jar -- Getting ready -- How to do it ... -- How it works ... -- Adding great pentester plugins -- Getting ready -- How to do it ... -- How it works ... -- Creating new issues via the Manual-Scan Issues Extension -- Getting ready -- How to do it ... -- How it works ... -- See also -- Working with the Active Scan++ Extension -- Getting ready -- How to do it ... -- How it works ... -- Chapter 11: Implementing Advanced Topic Attacks -- Introduction -- Software tool requirements -- Performing XXE attacks -- Getting ready -- How to do it ... -- How it works ... -- Working with JWT -- Getting ready -- How to do it ... -- How it works ... -- Using Burp Collaborator to determine SSRF -- Getting ready -- How to do it ... -- How it works ... -- See also -- Testing CORS -- Getting ready -- How to do it ... -- How it works ... -- See also -- Performing Java deserialization attacks -- Getting Ready -- How to do it ... -- How it works ... -- There's more ... -- See also -- Other Books You May Enjoy -- Index. |
| ctrlnum | (OCoLC)1056058906 |
| dewey-full | 006.686 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 006 - Special computer methods |
| dewey-raw | 006.686 |
| dewey-search | 006.686 |
| dewey-sort | 16.686 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>09270cam a2200589 a 4500</leader><controlfield tag="001">ZDB-4-EBA-on1056058906</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu---unuuu</controlfield><controlfield tag="008">181006s2018 enk o 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">EBLCP</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">EBLCP</subfield><subfield code="d">N$T</subfield><subfield code="d">TEFOD</subfield><subfield code="d">N$T</subfield><subfield code="d">MERUC</subfield><subfield code="d">UKMGB</subfield><subfield code="d">OCLCF</subfield><subfield code="d">LVT</subfield><subfield code="d">UKAHL</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">NZAUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">TMA</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">GBB8J4148</subfield><subfield code="2">bnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">019078558</subfield><subfield code="2">Uk</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781789539271</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1789539277</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781789531732</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1056058906</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">53C84CBA-AEB3-453B-9CEA-0D14CFF5AA7D</subfield><subfield code="b">OverDrive, Inc.</subfield><subfield code="n">http://www.overdrive.com</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">TK5105.875.I57</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">000000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">006.686</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Wear, Sunny.</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Burp suite cookbook :</subfield><subfield code="b">practical recipes to help you master web penetration testing with Burp suite.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Birmingham :</subfield><subfield code="b">Packt,</subfield><subfield code="c">2018.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (350 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Online resource; title from PDF title page (EBSCO, viewed October 17, 2018)</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Getting Started with Burp Suite -- Introduction -- Downloading Burp (Community, Professional) -- Getting ready -- Software tool requirements -- How to do it ... -- Setting up a web app pentesting lab -- Getting ready -- Software tool requirements -- How to do it ... -- How it works -- Starting Burp at a command line or as an executable -- How to do it ... -- How it works ... -- Listening for HTTP traffic, using Burp -- Getting ready -- How to do it ... -- How it works ... -- Chapter 2: Getting to Know the Burp Suite of Tools -- Introduction -- Software tool requirements -- Setting the Target Site Map -- Getting ready -- How to do it ... -- How it works ... -- Understanding the Message Editor -- Getting ready -- How to do it ... -- Repeating with Repeater -- Getting ready -- How to do it ... -- Decoding with Decoder -- Getting ready -- How to do it ... -- Intruding with Intruder -- Getting ready -- How to do it ... -- Target -- Positions -- Payloads -- Payload Sets -- Payload Options -- Payload Processing -- Payload Encoding -- Options -- Request Headers -- Request Engine -- Attack Results -- Grep -- Match -- Grep -- Extract -- Grep -- Payloads -- Redirections -- Start attack button -- Chapter 3: Configuring, Spidering, Scanning, and Reporting with Burp -- Introduction -- Software tool requirements -- Establishing trust over HTTPS -- Getting ready -- How to do it ... -- Setting Project options -- How to do it ... -- The Connections tab -- The HTTP tab -- The SSL tab -- The Sessions tab -- The Misc tab -- Setting user options -- How to do it ... -- The SSL tab -- The Display tab -- The Misc tab -- Spidering with Spider -- Getting ready -- The Control tab -- The Options tab -- How to do it ... -- Scanning with Scanner -- Getting ready.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">How to do it ... -- Reporting issues -- Getting ready -- How to do it ... -- Chapter 4: Assessing Authentication Schemes -- Introduction -- Software tool requirements -- Testing for account enumeration and guessable accounts -- Getting ready -- How to do it ... -- Testing for weak lock-out mechanisms -- Getting ready -- How to do it ... -- Testing for bypassing authentication schemes -- Getting ready -- How to do it ... -- How it works -- Testing for browser cache weaknesses -- Getting ready -- How to do it ... -- Testing the account provisioning process via the REST API -- Getting ready -- How to do it ... -- Chapter 5: Assessing Authorization Checks -- Introduction -- Software requirements -- Testing for directory traversal -- Getting ready -- How to do it ... -- How it works ... -- Testing for Local File Include (LFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for Remote File Inclusion (RFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for privilege escalation -- Getting ready -- How to do it ... -- How it works ... -- Testing for Insecure Direct Object Reference (IDOR) -- Getting ready -- How to do it ... -- How it works ... -- Chapter 6: Assessing Session Management Mechanisms -- Introduction -- Software tool requirements -- Testing session token strength using Sequencer -- Getting ready -- How to do it ... -- How it works ... -- Testing for cookie attributes -- Getting ready -- How to do it ... -- How it works ... -- Testing for session fixation -- Getting ready -- How to do it ... -- How it works ... -- Testing for exposed session variables -- Getting ready -- How to do it ... -- How it works ... -- Testing for Cross-Site Request Forgery -- Getting ready -- How to do it ... -- How it works ... -- Chapter 7: Assessing Business Logic -- Introduction -- Software tool requirements -- Testing business logic data validation.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Getting ready -- How to do it ... -- How it works ... -- Unrestricted file upload -- bypassing weak validation -- Getting ready -- How to do it ... -- How it works ... -- Performing process-timing attacks -- Getting ready -- How to do it ... -- How it works ... -- Testing for the circumvention of work flows -- Getting ready -- How to do it ... -- How it works ... -- Uploading malicious files -- polyglots -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Chapter 8: Evaluating Input Validation Checks -- Introduction -- Software tool requirements -- Testing for reflected cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for stored cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP verb tampering -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP Parameter Pollution -- Getting ready -- How to do it ... -- How it works ... -- Testing for SQL injection -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Testing for command injection -- Getting ready -- How to do it ... -- How it works ... -- Chapter 9: Attacking the Client -- Introduction -- Software tool requirements -- Testing for Clickjacking -- Getting ready -- How to do it ... -- How it works ... -- Testing for DOM-based cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for JavaScript execution -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTML injection -- Getting ready -- How to do it ... -- How it works ... -- Testing for client-side resource manipulation -- Getting ready -- How to do it ... -- How it works ... -- Chapter 10: Working with Burp Macros and Extensions -- Introduction -- Software tool requirements -- Creating session-handling macros -- Getting ready -- How to do it ... -- How it works ...</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Getting caught in the cookie jar -- Getting ready -- How to do it ... -- How it works ... -- Adding great pentester plugins -- Getting ready -- How to do it ... -- How it works ... -- Creating new issues via the Manual-Scan Issues Extension -- Getting ready -- How to do it ... -- How it works ... -- See also -- Working with the Active Scan++ Extension -- Getting ready -- How to do it ... -- How it works ... -- Chapter 11: Implementing Advanced Topic Attacks -- Introduction -- Software tool requirements -- Performing XXE attacks -- Getting ready -- How to do it ... -- How it works ... -- Working with JWT -- Getting ready -- How to do it ... -- How it works ... -- Using Burp Collaborator to determine SSRF -- Getting ready -- How to do it ... -- How it works ... -- See also -- Testing CORS -- Getting ready -- How to do it ... -- How it works ... -- See also -- Performing Java deserialization attacks -- Getting Ready -- How to do it ... -- How it works ... -- There's more ... -- See also -- Other Books You May Enjoy -- Index.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML ...</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Internet</subfield><subfield code="x">Security measures.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh90001862</subfield></datafield><datafield tag="650" ind1=" " ind2="2"><subfield code="a">Computer Security</subfield><subfield code="0">https://id.nlm.nih.gov/mesh/D016494</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Internet</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Network security.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Programming & scripting languages: general.</subfield><subfield code="2">bicssc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Internet</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1904138</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">AH35206952</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL5528474</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1904138</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-on1056058906 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-27T13:29:10Z |
| institution | BVB |
| isbn | 9781789539271 1789539277 |
| language | English |
| oclc_num | 1056058906 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource (350 pages) |
| psigel | ZDB-4-EBA |
| publishDate | 2018 |
| publishDateSearch | 2018 |
| publishDateSort | 2018 |
| publisher | Packt, |
| record_format | marc |
| spelling | Wear, Sunny. Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. Birmingham : Packt, 2018. 1 online resource (350 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Online resource; title from PDF title page (EBSCO, viewed October 17, 2018) Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Getting Started with Burp Suite -- Introduction -- Downloading Burp (Community, Professional) -- Getting ready -- Software tool requirements -- How to do it ... -- Setting up a web app pentesting lab -- Getting ready -- Software tool requirements -- How to do it ... -- How it works -- Starting Burp at a command line or as an executable -- How to do it ... -- How it works ... -- Listening for HTTP traffic, using Burp -- Getting ready -- How to do it ... -- How it works ... -- Chapter 2: Getting to Know the Burp Suite of Tools -- Introduction -- Software tool requirements -- Setting the Target Site Map -- Getting ready -- How to do it ... -- How it works ... -- Understanding the Message Editor -- Getting ready -- How to do it ... -- Repeating with Repeater -- Getting ready -- How to do it ... -- Decoding with Decoder -- Getting ready -- How to do it ... -- Intruding with Intruder -- Getting ready -- How to do it ... -- Target -- Positions -- Payloads -- Payload Sets -- Payload Options -- Payload Processing -- Payload Encoding -- Options -- Request Headers -- Request Engine -- Attack Results -- Grep -- Match -- Grep -- Extract -- Grep -- Payloads -- Redirections -- Start attack button -- Chapter 3: Configuring, Spidering, Scanning, and Reporting with Burp -- Introduction -- Software tool requirements -- Establishing trust over HTTPS -- Getting ready -- How to do it ... -- Setting Project options -- How to do it ... -- The Connections tab -- The HTTP tab -- The SSL tab -- The Sessions tab -- The Misc tab -- Setting user options -- How to do it ... -- The SSL tab -- The Display tab -- The Misc tab -- Spidering with Spider -- Getting ready -- The Control tab -- The Options tab -- How to do it ... -- Scanning with Scanner -- Getting ready. How to do it ... -- Reporting issues -- Getting ready -- How to do it ... -- Chapter 4: Assessing Authentication Schemes -- Introduction -- Software tool requirements -- Testing for account enumeration and guessable accounts -- Getting ready -- How to do it ... -- Testing for weak lock-out mechanisms -- Getting ready -- How to do it ... -- Testing for bypassing authentication schemes -- Getting ready -- How to do it ... -- How it works -- Testing for browser cache weaknesses -- Getting ready -- How to do it ... -- Testing the account provisioning process via the REST API -- Getting ready -- How to do it ... -- Chapter 5: Assessing Authorization Checks -- Introduction -- Software requirements -- Testing for directory traversal -- Getting ready -- How to do it ... -- How it works ... -- Testing for Local File Include (LFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for Remote File Inclusion (RFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for privilege escalation -- Getting ready -- How to do it ... -- How it works ... -- Testing for Insecure Direct Object Reference (IDOR) -- Getting ready -- How to do it ... -- How it works ... -- Chapter 6: Assessing Session Management Mechanisms -- Introduction -- Software tool requirements -- Testing session token strength using Sequencer -- Getting ready -- How to do it ... -- How it works ... -- Testing for cookie attributes -- Getting ready -- How to do it ... -- How it works ... -- Testing for session fixation -- Getting ready -- How to do it ... -- How it works ... -- Testing for exposed session variables -- Getting ready -- How to do it ... -- How it works ... -- Testing for Cross-Site Request Forgery -- Getting ready -- How to do it ... -- How it works ... -- Chapter 7: Assessing Business Logic -- Introduction -- Software tool requirements -- Testing business logic data validation. Getting ready -- How to do it ... -- How it works ... -- Unrestricted file upload -- bypassing weak validation -- Getting ready -- How to do it ... -- How it works ... -- Performing process-timing attacks -- Getting ready -- How to do it ... -- How it works ... -- Testing for the circumvention of work flows -- Getting ready -- How to do it ... -- How it works ... -- Uploading malicious files -- polyglots -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Chapter 8: Evaluating Input Validation Checks -- Introduction -- Software tool requirements -- Testing for reflected cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for stored cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP verb tampering -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP Parameter Pollution -- Getting ready -- How to do it ... -- How it works ... -- Testing for SQL injection -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Testing for command injection -- Getting ready -- How to do it ... -- How it works ... -- Chapter 9: Attacking the Client -- Introduction -- Software tool requirements -- Testing for Clickjacking -- Getting ready -- How to do it ... -- How it works ... -- Testing for DOM-based cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for JavaScript execution -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTML injection -- Getting ready -- How to do it ... -- How it works ... -- Testing for client-side resource manipulation -- Getting ready -- How to do it ... -- How it works ... -- Chapter 10: Working with Burp Macros and Extensions -- Introduction -- Software tool requirements -- Creating session-handling macros -- Getting ready -- How to do it ... -- How it works ... Getting caught in the cookie jar -- Getting ready -- How to do it ... -- How it works ... -- Adding great pentester plugins -- Getting ready -- How to do it ... -- How it works ... -- Creating new issues via the Manual-Scan Issues Extension -- Getting ready -- How to do it ... -- How it works ... -- See also -- Working with the Active Scan++ Extension -- Getting ready -- How to do it ... -- How it works ... -- Chapter 11: Implementing Advanced Topic Attacks -- Introduction -- Software tool requirements -- Performing XXE attacks -- Getting ready -- How to do it ... -- How it works ... -- Working with JWT -- Getting ready -- How to do it ... -- How it works ... -- Using Burp Collaborator to determine SSRF -- Getting ready -- How to do it ... -- How it works ... -- See also -- Testing CORS -- Getting ready -- How to do it ... -- How it works ... -- See also -- Performing Java deserialization attacks -- Getting Ready -- How to do it ... -- How it works ... -- There's more ... -- See also -- Other Books You May Enjoy -- Index. The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML ... Internet Security measures. Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer Security https://id.nlm.nih.gov/mesh/D016494 Internet Sécurité Mesures. Sécurité informatique. Computer security. bicssc Network security. bicssc Programming & scripting languages: general. bicssc COMPUTERS General. bisacsh Computer security fast Internet Security measures fast FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1904138 Volltext |
| spellingShingle | Wear, Sunny Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. Cover -- Title Page -- Copyright and Credits -- Packt Upsell -- Contributors -- Table of Contents -- Preface -- Chapter 1: Getting Started with Burp Suite -- Introduction -- Downloading Burp (Community, Professional) -- Getting ready -- Software tool requirements -- How to do it ... -- Setting up a web app pentesting lab -- Getting ready -- Software tool requirements -- How to do it ... -- How it works -- Starting Burp at a command line or as an executable -- How to do it ... -- How it works ... -- Listening for HTTP traffic, using Burp -- Getting ready -- How to do it ... -- How it works ... -- Chapter 2: Getting to Know the Burp Suite of Tools -- Introduction -- Software tool requirements -- Setting the Target Site Map -- Getting ready -- How to do it ... -- How it works ... -- Understanding the Message Editor -- Getting ready -- How to do it ... -- Repeating with Repeater -- Getting ready -- How to do it ... -- Decoding with Decoder -- Getting ready -- How to do it ... -- Intruding with Intruder -- Getting ready -- How to do it ... -- Target -- Positions -- Payloads -- Payload Sets -- Payload Options -- Payload Processing -- Payload Encoding -- Options -- Request Headers -- Request Engine -- Attack Results -- Grep -- Match -- Grep -- Extract -- Grep -- Payloads -- Redirections -- Start attack button -- Chapter 3: Configuring, Spidering, Scanning, and Reporting with Burp -- Introduction -- Software tool requirements -- Establishing trust over HTTPS -- Getting ready -- How to do it ... -- Setting Project options -- How to do it ... -- The Connections tab -- The HTTP tab -- The SSL tab -- The Sessions tab -- The Misc tab -- Setting user options -- How to do it ... -- The SSL tab -- The Display tab -- The Misc tab -- Spidering with Spider -- Getting ready -- The Control tab -- The Options tab -- How to do it ... -- Scanning with Scanner -- Getting ready. How to do it ... -- Reporting issues -- Getting ready -- How to do it ... -- Chapter 4: Assessing Authentication Schemes -- Introduction -- Software tool requirements -- Testing for account enumeration and guessable accounts -- Getting ready -- How to do it ... -- Testing for weak lock-out mechanisms -- Getting ready -- How to do it ... -- Testing for bypassing authentication schemes -- Getting ready -- How to do it ... -- How it works -- Testing for browser cache weaknesses -- Getting ready -- How to do it ... -- Testing the account provisioning process via the REST API -- Getting ready -- How to do it ... -- Chapter 5: Assessing Authorization Checks -- Introduction -- Software requirements -- Testing for directory traversal -- Getting ready -- How to do it ... -- How it works ... -- Testing for Local File Include (LFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for Remote File Inclusion (RFI) -- Getting ready -- How to do it ... -- How it works ... -- Testing for privilege escalation -- Getting ready -- How to do it ... -- How it works ... -- Testing for Insecure Direct Object Reference (IDOR) -- Getting ready -- How to do it ... -- How it works ... -- Chapter 6: Assessing Session Management Mechanisms -- Introduction -- Software tool requirements -- Testing session token strength using Sequencer -- Getting ready -- How to do it ... -- How it works ... -- Testing for cookie attributes -- Getting ready -- How to do it ... -- How it works ... -- Testing for session fixation -- Getting ready -- How to do it ... -- How it works ... -- Testing for exposed session variables -- Getting ready -- How to do it ... -- How it works ... -- Testing for Cross-Site Request Forgery -- Getting ready -- How to do it ... -- How it works ... -- Chapter 7: Assessing Business Logic -- Introduction -- Software tool requirements -- Testing business logic data validation. Getting ready -- How to do it ... -- How it works ... -- Unrestricted file upload -- bypassing weak validation -- Getting ready -- How to do it ... -- How it works ... -- Performing process-timing attacks -- Getting ready -- How to do it ... -- How it works ... -- Testing for the circumvention of work flows -- Getting ready -- How to do it ... -- How it works ... -- Uploading malicious files -- polyglots -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Chapter 8: Evaluating Input Validation Checks -- Introduction -- Software tool requirements -- Testing for reflected cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for stored cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP verb tampering -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTTP Parameter Pollution -- Getting ready -- How to do it ... -- How it works ... -- Testing for SQL injection -- Getting ready -- How to do it ... -- How it works ... -- There's more ... -- Testing for command injection -- Getting ready -- How to do it ... -- How it works ... -- Chapter 9: Attacking the Client -- Introduction -- Software tool requirements -- Testing for Clickjacking -- Getting ready -- How to do it ... -- How it works ... -- Testing for DOM-based cross-site scripting -- Getting ready -- How to do it ... -- How it works ... -- Testing for JavaScript execution -- Getting ready -- How to do it ... -- How it works ... -- Testing for HTML injection -- Getting ready -- How to do it ... -- How it works ... -- Testing for client-side resource manipulation -- Getting ready -- How to do it ... -- How it works ... -- Chapter 10: Working with Burp Macros and Extensions -- Introduction -- Software tool requirements -- Creating session-handling macros -- Getting ready -- How to do it ... -- How it works ... Getting caught in the cookie jar -- Getting ready -- How to do it ... -- How it works ... -- Adding great pentester plugins -- Getting ready -- How to do it ... -- How it works ... -- Creating new issues via the Manual-Scan Issues Extension -- Getting ready -- How to do it ... -- How it works ... -- See also -- Working with the Active Scan++ Extension -- Getting ready -- How to do it ... -- How it works ... -- Chapter 11: Implementing Advanced Topic Attacks -- Introduction -- Software tool requirements -- Performing XXE attacks -- Getting ready -- How to do it ... -- How it works ... -- Working with JWT -- Getting ready -- How to do it ... -- How it works ... -- Using Burp Collaborator to determine SSRF -- Getting ready -- How to do it ... -- How it works ... -- See also -- Testing CORS -- Getting ready -- How to do it ... -- How it works ... -- See also -- Performing Java deserialization attacks -- Getting Ready -- How to do it ... -- How it works ... -- There's more ... -- See also -- Other Books You May Enjoy -- Index. Internet Security measures. Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer Security https://id.nlm.nih.gov/mesh/D016494 Internet Sécurité Mesures. Sécurité informatique. Computer security. bicssc Network security. bicssc Programming & scripting languages: general. bicssc COMPUTERS General. bisacsh Computer security fast Internet Security measures fast |
| subject_GND | http://id.loc.gov/authorities/subjects/sh90001862 https://id.nlm.nih.gov/mesh/D016494 |
| title | Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. |
| title_auth | Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. |
| title_exact_search | Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. |
| title_full | Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. |
| title_fullStr | Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. |
| title_full_unstemmed | Burp suite cookbook : practical recipes to help you master web penetration testing with Burp suite. |
| title_short | Burp suite cookbook : |
| title_sort | burp suite cookbook practical recipes to help you master web penetration testing with burp suite |
| title_sub | practical recipes to help you master web penetration testing with Burp suite. |
| topic | Internet Security measures. Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer Security https://id.nlm.nih.gov/mesh/D016494 Internet Sécurité Mesures. Sécurité informatique. Computer security. bicssc Network security. bicssc Programming & scripting languages: general. bicssc COMPUTERS General. bisacsh Computer security fast Internet Security measures fast |
| topic_facet | Internet Security measures. Computer security. Computer Security Internet Sécurité Mesures. Sécurité informatique. Network security. Programming & scripting languages: general. COMPUTERS General. Computer security Internet Security measures |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1904138 |
| work_keys_str_mv | AT wearsunny burpsuitecookbookpracticalrecipestohelpyoumasterwebpenetrationtestingwithburpsuite |