(Ebook) Web Hacking Arsenal 1st edition by Rafay Baloch 1003373569 9781003373568

(Ebook) Web Hacking Arsenal 1st edition by Rafay Baloch 1003373569 9781003373568

Web Hacking Arsenal 1st edition by Rafay Baloch - Ebook PDF Instant Download/DeliveryISBN:  1003373569, 9781003373568  

Full download Web Hacking Arsenal 1st edition after payment.

Product details:

ISBN-10 :  1003373569 

ISBN-13 : 9781003373568 

Author: Rafay Baloch 

In the digital age, where web applications form the crux of our interconnected existence, Web Hacking Arsenal: A Practical Guide To Modern Web Pentesting emerges as an essential guide to mastering the art and science of web application pentesting. This book, penned by an expert in the field, ventures beyond traditional approaches, offering a unique blend of real-world penetration testing insights and comprehensive research. It's designed to bridge the critical knowledge gaps in cybersecurity, equipping readers with both theoretical understanding and practical skills. What sets this book apart is its focus on real-life challenges encountered in the field, moving beyond simulated scenarios to provide insights into real-world scenarios. The core of Web Hacking Arsenal is its ability to adapt to the evolving nature of web security threats. It prepares the reader not just for the challenges of today but also for the unforeseen complexities of the future. This proactive approach ensures the book's relevance over time, empowering readers to stay ahead in the ever-changing cybersecurity landscape. Key Features In-depth exploration of web application penetration testing, based on real-world scenarios and extensive field experience. Comprehensive coverage of contemporary and emerging web security threats, with strategies adaptable to future challenges. A perfect blend of theory and practice, including case studies and practical examples from actual penetration testing. Strategic insights for gaining an upper hand in the competitive world of bug bounty programs. Detailed analysis of up-to-date vulnerability testing techniques, setting it apart from existing literature in the field. This book is more than a guide; it's a foundational tool that empowers readers at any stage of their journey. Whether you're just starting or looking to elevate your existing skills, this book lays a solid groundwork. Then it builds upon it, leaving you not only with substantial knowledge but also with a skillset primed for advancement. It's an essential read for anyone looking to make their mark in the ever-evolving world of web application security. The GitHub repository contains chapter-wise code examples from the book. This makes it easier for readers, whether using a physical book or eBook, to replicate the examples as needed. https://github.com/RedSecLabs/Web-Hacking-Arsenal

Web Hacking Arsenal 1st Table of contents:

1 Introduction to Web and Browser
1.1 Introduction
1.2 Introduction to HTTP
1.2.1 Properties of HTTP
1.2.2 HTTP Communications
1.2.3 HTTP Response Codes
1.2.4 HTTP Request Methods
1.3 Common Vulnerabilities in HTTP Headers
1.3.1 User-Agent-Based Spoofing
1.3.2 Host Header Injection
1.3.3 Cross-Domain Referer Leakage
1.4 HTTP 2
1.5 Evolution of Modern Web Applications
1.5.1 Shift in Architecture
1.5.2 Evolution in Technology Stacks
1.5.3 LAMP Stack
1.5.4 MEAN/MERN Stack
1.5.5 Single-Page Applications (SPAs)
1.5.6 Use of Cloud Components
1.5.7 Serverless Architecture
1.6 Understanding Data Encoding
1.6.1 URL Encoding
1.6.2 Double Encoding
1.6.3 HTML Encoding
1.6.4 Base64 Encoding
1.6.5 Unicode Encoding
1.7 Introduction to Browsers
1.7.1 User Interface
1.7.2 Browser Engine
1.7.3 Rendering Engine
1.7.4 Networking
1.7.5 UI Backend
1.7.6 JavaScript Interpreter
1.7.7 Data Storage
1.8 Core Browser Security Policies and Mechanisms
1.8.1 Same-Origin Policy
1.8.2 Content Security Policy
1.8.3 HTTP Cookies
1.8.4 Iframe Sandbox
1.8.5 Subresource Integrity Check
1.8.6 HTTP Strict Transport Layer Security (HSTS)
1.9 Policy Exceptions versus Policy Bypasses
1.9.1 SOP Bypass Types
1.9.2 SOP Bypass—CVE-2007–0981
1.9.3 SOP Bypass—CVE-2011–3246
1.10 Site Isolation
1.11 Address Bar Spoofing Bugs
1.11.1 Address Bar Spoofing—Example 1
1.11.2 Address Bar Spoofing—Example 2
1.11.3 Bypassing Anti-Phishing Filters Using Spoofing
1.12 Extra Mile
2 Intelligence Gathering and Enumeration
2.1 Introduction
2.1.1 Enumerating ASN and IP Blocks
2.1.2 Reverse IP Lookup
2.2 Reverse IP Lookup with Multi-Threadings
2.2.1 Scanning for Open Ports/Services
2.3 Scanning Open Ports with Masscan
2.4 Detecting HTTP Services by Running Httpx
2.4.1 Scanning for Service Versions
2.5 Subdomain Enumeration
2.5.1 Active Subdomain Enumeration
2.6 DNSValidator
2.7 ShuffleDNS
2.8 Subbrute
2.9 Gobuster
2.9.1 Subdomain Enumeration Subdomains From Content Security Policy
2.9.2 Subdomain Enumeration Using Favicon Hashes
2.10 Putting It All Together
2.10.1 Passive Enumeration of Subdomains
2.10.2 Active + Passive Subdomain Enumeration Using Amass
2.10.3 Data Consolidation
2.11 Subdomain Takeover
2.11.1 Automated Subdomain Takeover Using Subjack
2.12 Fingerprint Web Applications
2.12.1 Directory Fuzzing
2.12.2 Discovering Endpoints Using Passive Enumeration Techniques
2.12.3 Enumerating Input Parameters
2.13 Mapping the Attack Surface Using Crawling/Spidering
2.13.1 Crawling Using Gospider
2.14 Automatic Mapping of New Attack Surface
2.15 Fingerprinting Web Applications
2.15.1 Inspecting HTTP Response Headers
2.15.2 Forcing Errors for Exposing Versions
2.15.3 Fingerprinting Using WhatWeb/Wappalyzer
2.15.4 Wappalyzer Browser Extensions
2.16 Detecting Known Vulnerabilities and Exploits
2.17 Vulnerability Scanning Using Nuclei
2.18 Cloud Enumeration
2.18.1 AWS S3 Buckets Enumeration
2.18.2 Exploiting Misconfigured AWS S3 Buckets
2.18.3 Exploiting Authenticated Users Group Misconfiguration
2.19 Extra mile
3 Introduction to Server-Side Injection Attacks
3.1 Introduction to Server-Side Injection Attacks
3.2 Introduction to SQL Injection
3.2.1 Classification of SQL Injection
3.2.2 SQL Injection Techniques
3.2.3 SQLi Data Extraction Using UNION-Based Technique
3.3 SQLMap Tip 1
3.3.1 SQL Injection to RCE
3.4 Retrieving Working Directory
3.4.1 Error-Based SQL Injection
3.4.2 Boolean SQL Injection
3.5 SQLMap Tip 2
3.5.1 Time-Based SQL Injection
3.5.2 SQLMap Tip
3.5.3 Second-Order SQL Injection
3.6 SQLMap Tip 3
3.6.1 Using Tamper Scripts in SQLMap
3.7 Remote Command Execution
3.7.1 RCE in Node.js
3.7.2 RCE in Flask Application
3.8 Server-Side Template Injections (SSTI)
3.8.1 Introduction About Templating Engines
3.8.2 Identifying Template Injections
3.9 Exploiting Template Injections
3.9.1 Example # 1 (Python, Jinja2)
3.9.2 Example # 2 (Python, Mako)
3.10 NoSQL Injection Vulnerabilities
3.10.1 MongoDB NoSQL Injection Exploitation
3.10.2 NoSQL Injection Real-World Examples
3.11 Extra Mile
4 Client-Side Injection Attacks
4.1 Introduction to XSS
4.2 Types of XSS
4.3 Reflected XSS
4.4 Understanding Context in XSS
4.5 XSS Polyglots
4.6 Bypassing HTMLSpecialChars
4.7 HTMLSpecialChars without Enquotes
4.8 Bypassing HTMLSpecialChars with Enquotes
4.9 Bypassing HTMLSpecialChars in SVG Context
4.10 Stored XSS
4.10.1 DOM-Based XSS
4.11 Sources and Sinks
4.12 Root Cause Analysis
4.13 JQuery DOM XSS
4.14 JQuery Example #1
4.15 JQuery Example #2
4.15.1 Client-Side Template Injections
4.16 XSS in AngularJS
4.17 XSS in ReactJS
4.18 XSS via File Upload
4.19 XSS Through SVG File
4.20 XSS Through MetaData
4.20.1 Weaponizing XSS
4.21 XSS to Account Takeover
4.22 XSS-Based Phishing Attack
4.23 XSS Keylogging
4.24 Content Security Policy (CSP) Bypass
4.25 CSP Bypass: Example #1 Unsafe Inline
4.26 CSP Bypass: Example #2—Third-Party Endpoints and “Unsafe-Eval”
4.27 CSP Bypass: Example #3—Data URI Allowed
4.28 CSP Bypass: Example #4—XSS Through JavaScript File Upload
4.29 Exploiting Browser Bugs for XSS
4.30 SOP and Document.Domain
4.31 DOM Clobbering
4.32 ID and Name Attribute
4.33 Example 1: Using Anchor Tag to Overwrite Global Variable
4.34 Example 2: Breaking Filters with DOM Clobbering
4.35 Cookie Property Overriding
4.36 Breaking Github Gist Using DOM Clobbering
4.37 Mutation-Based XSS (mXSS)
4.38 MXSS Mozilla Bleach Clean Function CVE 2020–6802
4.39 Behavior of Browser’s HTML Parser
4.40 Extra Mile
5 Cross-Site Request Forgery Attacks
5.1 Introduction to CSRF Vulnerabilities
5.1.1 How Does CSRF Work?
5.1.2 Constructing CSRF Payload
5.1.3 CSRF Payloads without User Interaction
5.1.4 Exploiting CSRF Payload in GET Requests
5.1.5 CSRF Payload Delivery
5.2 Exploiting JSON-Based CSRF
5.2.1 Scenario 1: Missing Content-Type Validation and JSON Formatting
5.3 Scenario 2: Content-Type Is Not Validated, But JSON Syntax Is Verified
5.4 Scenario 3: When Server Is Expecting Application/JSON Content-Type Header
5.5 Automating CSRF POC Generation
5.5.1 OWASP ZAP POC Generator
5.5.2 CSRF POC Generator
5.6 Exploiting Multi-Staged CSRF
5.7 Exploiting Weak Anti-CSRF Defenses
5.7.1 CSRF Defenses—Weak/Predictable Anti-CSRF Tokens
5.7.2 CSRF Bypass—Unverified CSRF Tokens
5.7.3 CSRF Bypass—Referer/Origin Check
5.7.4 Scenario 1: Application Not Properly Validating Referer Header
5.7.5 Scenario 2: Weak Regex for Referer/Origin Validation
5.7.6 Scenario 3: Subdomain-Based Referer Validation Bypass
5.8 Scenario 4: Inconsistent Handling of Referer Headers
5.8.1 Circumventing CSRF Defenses via XSS
5.9 SameSite Cookies
5.9.1 SameSite Strict Bypass
5.9.2 SameSite Strict Bypass via Subdomains
5.9.3 SameSite Lax
5.9.4 SameSite Lax Bypass
5.9.5 SameSite None
5.10 Extra Mile
6 Webapp File System Attack
6.1 Introduction
6.2 Directory Traversal Attacks
6.3 Directory Traversal on Node.js App
6.4 Fuzzing Internal Files with FFUF
6.4.1 Directory Traversal and Arbitrary File Creation Vulnerability
6.5 File Inclusion Vulnerabilities
6.5.1 Local File Inclusion to Remote Code Execution
6.5.2 LFI to RCE via Apache Log Files
6.5.3 LFI to RCE via SSH Auth Log
6.5.4 LFI to RCE Using PHP Wrappers and Protocols
6.5.5 LFI to RCE via Race Condition
6.6 Local File Disclosure
6.7 File Upload Attacks
6.7.1 PHP Disable Functions
6.8 Bypassing File Upload Restrictions
6.8.1 Bypassing Client-Side Validation
6.8.2 Bypassing Blacklist-Based Filters
6.8.3 Apache. htaccess Override
6.8.4 MIME-Type Verification Bypass
6.8.5 Bypassing Magic Bytes
6.8.6 Method 1: Injecting through EXIF Data
6.8.7 Method 2: Raw Insertion
6.8.8 Vulnerabilities in Image-Parsing Libraries
6.9 Extra Mile
7 Authentication, Authorization, and SSO Attacks
7.1 Introduction
7.2 Attacks against Authentication
7.2.1 Username Enumeration
7.2.2 Username Enumeration through Timing Attack
7.2.3 Brute Force and Dictionary Attacks
7.2.4 Brute Forcing HTTP Basic Authentication
7.2.5 Attacking Form-Based Authentication
7.3 Attacking Account Lockout Policy
7.4 Bypassing Rate-Limiting Mechanism
7.4.1 Other Ways to Bypass Rate Limiting
7.5 Bypassing CAPTCHA
7.5.1 Replay Attack
7.6 Dynamic CAPTCHA Generation Bypass Using OCR
7.7 Abusing Forgot Password Functionality
7.7.1 Predictable Reset Token
7.8 Password Reset Link Poisoning via Host Header Injection
7.9 Attacking Authorization
7.9.1 Lack of Access Control
7.9.2 Insecure Direct Object References (IDOR)
7.9.3 Web Parameter Tampering
7.9.4 Attacking JWT
7.10 None Algorithm
7.11 Attacking OAuth 2.0
7.11.1 OAuth Scenario 1: Stealing OAuth Tokens via Redirect_uri
7.11.2 OAuth Scenario 2: Stealing Users’ OAuth Tokens via Bypassing Redirect_uri
7.12 Attacking SAML
7.12.1 SAML Workflow
7.12.2 SAML Scenario 1: Response Tampering
7.12.3 SAML Scenario 2: Signature Exclusion Attack
7.13 Attacking Multi-Factor Authentication
7.13.1 Multi-Factor Authentication Bypasses
7.13.2 MFA Bypass Scenario: OTP Bypass
7.14 Web Cache Deception
7.15 Extra Mile
8 Business Logic Flaws
8.1 Introduction
8.2 Business Logic Flaws
8.2.1 Unlimited Wallet Balance Manipulation
8.2.2 Transaction Duplication Vulnerability
8.2.3 Improper Validation Rule Resulting in Business Logic Flaw
8.2.4 Exploiting Top-Up Feature to Steal Customer Balance
8.2.5 Lack of Validation Leads to Unlimited Card Limit
8.2.6 Unauthorized Manipulation of Cart Items Pre-/Post-Authentication
8.2.7 Loan Amount Restriction Bypass
8.2.8 Abuse of Feature Leads to Unlimited Wallet Balance
8.3 Race Condition Vulnerabilities
8.3.1 Race Condition Leading to Manipulation of Votes
8.3.2 Creating Multiple Accounts with the Same Details Using Race Condition
8.3.3 Exploiting Race Condition in Coupon Code Feature for Duplicate Discounts
8.4 Extra Mile
9 Exploring XXE, SSRF, and Request Smuggling Techniques
9.1 Introduction to XML
9.2 XML Structure
9.2.1 XML DTD
9.2.2 External DTD
9.2.3 XML Entities
9.3 XXE (XML External Entity)
9.3.1 XXE Local File Read
9.3.2 Remote Code Execution Using XXE
9.3.3 XXE JSON to XML
9.3.4 XXE Through File Parsing
9.3.5 Reading Local Files via php://
9.4 Blind XXE Exploitation Using Out-of-Band (OOB) Channels
9.4.1 Parameter Entities
9.4.2 OOB XXE via HTTP
9.4.3 XXE OOB Using FTP
9.4.4 Error-Based Blind XXE
9.5 Server-Side Request Forgery (SSRF)
9.5.1 SSRF Port Scan
9.5.2 File Read with SSRF
9.5.3 SSRF in PHP Thumb Application
9.5.4 Validation of the Vulnerability
9.5.5 SSRF to Remote Code Execution (RCE)
9.5.6 Scanning for Open Ports
9.5.7 Interacting with Redis and the Gopher Protocol
9.5.8 Chaining SSRF with Redis for File Write to Obtain RCE
9.5.9 DNS Rebinding in SSRF Attacks
9.6 HTTP Request Smuggling/HTTP Desync Attacks
9.6.1 CL.TE Technique Leading to Persistent XSS
9.6.2 CVE-2019–20372: HTTP Request Smuggling via Error Pages in NGINX
9.7 Extra Mile
10 Attacking Serialization
10.1 Introduction to Serialization
10.1.1 Concept of Gadget
10.2 Insecure Deserialization/PHP Object Injection
10.2.1 PHP Magic Functions
10.2.2 PHP Object Injection—Example
10.2.3 PHP Object Injection in SugarCRM
10.2.4 Input Parameters
10.2.5 Finding a Magic Function
10.3 Insecure Deserialization—DOT NET
10.3.1 Deserialization of the Base64-Encoded Payload
10.3.2 ASP.NET Viewstate Insecure Deserialization
10.3.3 MAC Validation and Encryption
10.3.4 Exploiting with YSOSerial
10.3.5 Blacklist3r
10.4 Decoding VIEWSTATE
10.5 Insecure Deserialization—Python
10.5.1 Serializing the Data with Pickle.Dumps
10.5.2 Deserializing the Bytes with Pickle.Loads
10.6 Insecure Deserialization—Java
10.6.1 Gadgets Libraries in Java
10.6.2 Insecure Deserialization—Example
10.6.3 Vulnerable Code
10.6.4 Verifying the Vulnerability
10.6.5 Generating the URLDNS Payload
10.6.6 Obtaining RCE Using Insecure Deserialization
10.6.7 Blackbox Review of Java-Based Applications
10.6.8 Java Framework and Libraries Indicators
10.7 Extra Mile
11 Pentesting Web Services and Cloud Services
11.1 Introduction
11.1.1 Differences between RPC and REST
11.1.2 Monolithic versus Distributed Architecture
11.2 Introduction to SOAP
11.2.1 Interacting with SOAP Services
11.2.2 Invoking Hidden Methods in SOAP
11.2.3 SOAP Account-Takeover Vulnerability
11.2.4 Remote Code Execution (RCE) in SOAP Service
11.2.5 Finding Writable Directory
11.2.6 Uploading Shell to Achieve RCE
11.3 JSON-RPC Vulnerabilities
11.4 REST API
11.4.1 Request Methods
11.4.2 Identifying REST API Endpoints
11.4.3 Example 1: Excessive Data Exposure
11.4.4 Example 2: Sensitive Data Exposure
11.4.5 Example 3: Unauthorized Modification Using Users’ Profile
11.5 GraphQL Vulnerabilities
11.5.1 Enumerating GraphQL Endpoint
11.5.2 GraphQL Introspection
11.6 Response
11.6.1 Information Disclosure: GraphQL Field Suggestions
11.6.2 GraphQL Introspection Query for Mutation
11.7 Response
11.8 Response
11.9 Serverless Applications Vulnerabilities
11.9.1 Functions as a Service (FaaS)
11.10 Sensitive Information Exposure
11.10.1 Serverless Event Injection
11.10.2 Analysis of Vulnerable Code
11.11 Extra Mile
12 Attacking HTML5
12.1 Introduction
12.2 Cross-Origin Resource Sharing
12.2.1 Weak Access Control Using Origin Header
12.2.2 CORS Leading to DOM XSS Vulnerability
12.2.3 Exploiting OpenRedirects
12.3 Web Storage: An Overview
12.3.1 Session Storage
12.3.2 Local Storage
12.3.3 Session/Local Storage API
12.3.4 Security Concerns with Web Storage in HTML5
12.3.5 Session Hijacking
12.3.6 Second-Order DOM XSS Using Local Storage
12.4 IndexedDB Vulnerabilities
12.4.1 Scenario—A Notes Application
12.5 Web Messaging Attacks Scenarios
12.5.1 Sender’s Window
12.5.2 Receiver’s Window
12.5.3 Security Concerns
12.5.4 Not Validating Origin in PostMessage API
12.5.5 DOM XSS in PostMessage API
12.6 WebWorkers Vulnerabilities
12.6.1 Interacting with WebWorker
12.6.2 WebWorker DOM XSS
12.6.3 Distributed Denial of Service Attacks Using WebWorkers
12.6.4 Distributed Password Cracking Using WebWorker
12.7 WebSockets
12.7.1 WebSocket DOM XSS
12.7.2 Cross-Site WebSocket Hijacking (CSWH)
12.7.3 WebSocket and Unencrypted Connections
12.8 UI Redressing Attacks
12.9 Extra Mile
13 Evading Web Application Firewalls (WAFs)
13.1 Introduction to WAF
13.1.1 WAF Detection Methods
13.1.2 Regular Expressions
13.1.3 Bayesian Analysis
13.1.4 Machine Learning
13.1.5 Understanding WAF Security Models: Whitelisting and Blacklisting
13.1.6 Whitelisting-Based Models
13.1.7 Blacklisting-Based Models
13.1.8 Fingerprinting WAF
13.1.9 Cookie Values
13.1.10 Citrix Netscaler
13.1.11 F5 Big IP ASM
13.1.12 Barracuda WAF
13.1.13 HTTP Response Codes
13.1.14 ModSecurity
13.1.15 Sucuri WAF
13.1.16 CloudFlare WAF
13.1.17 Connection Close
13.2 Bypass WAF—Methodology Exemplified at XSS
13.2.1 Injecting Harmless HTML
13.2.2 Considerations
13.2.3 Injecting Script Tag
13.2.4 Testing with Attributes and Corresponding Tags
13.2.5 Testing with src Attribute
13.2.6 Testing with Srcdoc Attribute
13.2.7 Testing with Action Attribute
13.3 Testing with Formaction Attribute
13.3.1 Testing with Data Attribute
13.3.2 Testing with href Attribute
13.3.3 Testing with Pseudo-Protocols
13.3.4 Using HTML Character Entities for Evasion
13.3.5 Injecting Event Handlers
13.3.6 Injecting a Fictitious Event Handler
13.3.7 Injecting Lesser-Known Event Handlers
13.3.8 Injecting Location Object
13.3.9 Bypass Using Unicode Separators
13.3.10 Using SVG-Based Vectors
13.3.11 Bypassing WAF’s Blocking Parenthesis
13.3.12 Bypassing Keyword-Based Filters
13.3.13 Character Escapes
13.3.14 Constructing Strings in JavaScript
13.3.15 Accessing Properties through Syntactic Notation
13.3.16 Bypassing Keyword-Based Filters Using Non-Alphanumeric JS
13.3.17 Alternative Execution Sinks
13.3.18 Bypassing WAF’s Decoding Entities
13.3.19 Case Study: Laravel XSS Filter Bypass
13.3.20 Bypassing Recursive Filters through Tag Nesting
13.3.21 Bypassing Filters with Case Sensitivity
13.3.22 Bypassing Improper Input Escaping
13.3.23 Bypassing Using DOM XSS
13.3.24 Example for Disallowed Keywords
13.3.25 Using Window.Name Property
13.4 Setting the Name Property
13.5 Example 1: Using the Iframe Tag
13.6 Example 2: Window.open Function
13.7 Example 3: Anchor Tag
13.7.1 Bypassing Blacklisted “Location” Keyword
13.7.2 Variations Using Different Browser Properties
13.7.3 Bypassing WAF Using HPP
13.8 Example with XSS
13.9 Example with SQL Injection
13.10 Extra Mile
14 Report Writing
14.1 Introduction
14.2 Reporting Audience
14.3 Executive Summary
14.3.1 Structure of an Executive Summary
14.3.2 Executive Summary Fail
14.3.3 Recommendations Report
14.4 Findings Summary
14.4.1 Overall Strengths
14.4.2 Overall Weaknesses
14.5 Historical Comparison
14.6 Narrative of the Report
14.7 Risk Assessment
14.7.1 CVSS Scoring
14.7.2 Limitations of CVSS
14.8 Risk Matrix
14.8.1 Risk Assessment and Reporting
14.9 Methodology
14.10 Technical Report
14.11 Organizing the Report
14.12 Report Writing Tools
14.12.1 ChatGPT for Report Writing
14.12.2 Prompt 1
14.12.3 Prompt 2
14.12.4 Prompt 3
14.12.5 Prompt 4
14.13 Report Writing Tips
14.14 Extra Mile

People also search for Web Hacking Arsenal 1st:

hacking arsenal gameplay
    
hacking arsenal
    
hacking arsenal aimbot
    
jj waike arsenal hacker hunting
    
killing arsenal hackers

Tags: Web Hacking, Arsenal, Rafay Baloch, interconnected existence