Kali进行web渗透笔记(一)
2016-06-12 00:14
344 查看
Insider attacks are more lethal than the one achieved by an external entity,so sometimes Black box testing would be a waste of money and time .
Career as a penetration tester is not a sprint,it is a marathon.
Important HTTP methods for penetration testing
The GET method:passes the parameters to the web application via the URL itself.
The POST method:is similar to the GET method and is used to retrieve data from the server but it passes the content via the body of the request.
The HEAD method:The HEAD method is used by attackers to identify the type of server as the server only responds with the HTTP header without sending any payload.It’s a quick way to find out the server version and the date.
The TRACE method:is used to identify any alterations to request by intermediary devices such as proxy servers and firewalls.The TRACE method to steal user’s cookies.
The PUT/DELETE methods:are part of WebDAV,which is an extension to http protocol and allows management of documents and files on the web server.
The OPTIONS method:used to query the server for the methods that it supports.
the cookie is always set and controlled by the server.
persistent and non-persistent cookies.
HTTP is the communication mechanism used to transfer HTML formatted pages.
Application layer
Data access layer
Career as a penetration tester is not a sprint,it is a marathon.
Important HTTP methods for penetration testing
The GET method:passes the parameters to the web application via the URL itself.
The POST method:is similar to the GET method and is used to retrieve data from the server but it passes the content via the body of the request.
The HEAD method:The HEAD method is used by attackers to identify the type of server as the server only responds with the HTTP header without sending any payload.It’s a quick way to find out the server version and the date.
The TRACE method:is used to identify any alterations to request by intermediary devices such as proxy servers and firewalls.The TRACE method to steal user’s cookies.
The PUT/DELETE methods:are part of WebDAV,which is an extension to http protocol and allows management of documents and files on the web server.
The OPTIONS method:used to query the server for the methods that it supports.
Session tracking using cookies:
The ID could be shared using the GET method or the POST method.When using the GET method,the session ID would become a part of the URL;when using the POST method,the session ID is shared in the body of the HTTP message.The server would maintain a table mapping usernames to the HTTP message.the cookie is always set and controlled by the server.
persistent and non-persistent cookies.
HTTP is the communication mechanism used to transfer HTML formatted pages.
Three-tier web application:
Presentation layerApplication layer
Data access layer
相关文章推荐
- java-WEB中的监听器Lisener
- GUI - Web前端开发框架
- Extjs4.0 最新最全视频教程
- MyEclipse Web Project转Eclipse Dynamic Web Project
- axis备忘
- 创业如何选择WEB开发语言
- Erlang实现的一个Web服务器代码实例
- 防止网页脚本病毒执行的方法-from web
- 自学成才的秘密:115个 web Develop 资源
- 渗透技术一瞥(图)
- 使用批处理修改web打印设置笔记 适用于IE
- Apache Web让JSP“动”起来
- web下载的ActiveX控件自动更新
- 推荐六款WEB上传组件性能测试与比较第1/10页
- 关于三种主流WEB架构的思考
- 使用 Iisext.vbs 列出 Web 服务扩展文件的方法
- 使用 Iisext.vbs 删除 Web 服务扩展文件的方法
- 使用 iisext.vbs 禁用 Web 服务扩展的方法
- 用vbs 实现从剪贴板中抓取一个 URL 然后在浏览器中打开该 Web 站点
- web标准知识——从p开始,循序渐进