What this book covers
Chapter 1, Configuring Burp Suite, takes us through preparing the system that will be used to attack the end application, before starting the actual application penetration test. This involves configuring Burp Suite to become the interception proxy for various clients and traffic sources.
Chapter 2, Configuring the Client and Setting Up Mobile Devices, will look at the three most popular user agents (Firefox, Chrome, and Internet Explorer) and configure them to work in tandem with the Burp Suite configuration, which we created, to be able to intercept HTTP and HTTPS traffic. We will also set the system proxy in the Windows, Linux, and macOS X operating systems for non-proxy aware clients. Before beginning an application penetration test, we must be aware of the scope and target that we intend to attack. To ensure that our attack traffic is sent to the right target, and to prevent unnecessary clutter and noise during the testing, we can configure Burp Suite to work with specific scopes.
Chapter 3, Executing an Application Penetration Test, uses an example web application to look at how a lot of security professionals jump to attacking the application without context, without understanding the application, and without scoping the target properly. We will look at the common areas that get overlooked due to this non-standard approach to penetration testing, and build the background for a staged approach to application penetration testing.
Chapter 4, Exploring the Stages of an Application Penetration Test, outlines the stages that are involved in the application penetration test and provides a wide overview of Burp Suite tools. Based on that knowledge, we are going to enumerate and gather information about our target.
Chapter 5, Preparing for an Application Penetration Test, details the key stages of an application penetration test performed to successfully meet the desired objectives of an engagement. Each of these stages produces data that can be used to progress to the next stage, until the desired set objective is met. The various stages of an application penetration test, namely reconnaissance, scanning, exploitation, and reporting, are covered in this chapter.
Chapter 6, Identifying Vulnerabilities Using Burp Suite, explains how various features of Burp Suite can be used to detect various vulnerabilities as part of an application penetration test. We will cover the detection of vulnerabilities, such as SQL injections, OS command injection, Cross-Site Scripting (XSS) vulnerabilities, XML-related issues, XML external entity processing, Server-Side Template Injection (SSTI), and Server-Side Request Forgery/Cross-Site Port Attacks (SSRF/XSPA).
Chapter 7, Detecting Vulnerabilities Using Burp Suite, details how various features of Burp Suite can be used to detect additional vulnerabilities as part of an application penetration test. We will cover the detection of vulnerabilities, including Cross-Site Request Forgery (CSRF), insecure direct object references, issues arising out of security misconfiguration, weaknesses with deserialization, authentication issues surrounding OAuth (aside from generic authentication issues), issues regarding poor authorization implementations, and the detection of padding oracle attacks.
Chapter 8, Exploiting Vulnerabilities Using Burp Suite – Part 1, explains how, once detection is completed and the vulnerability is confirmed, it is time to exploit the vulnerability. The goal of the exploitation phase is to either gain access to data the application uses/protects, to gain access to the underlying operating system, to gain access to the accounts of other users, or any combination of these. In this chapter, we shall see how Burp Suite's various features can be used to exploit a detected vulnerability to fulfill the objective of the penetration test, or simply to generate a proof of concept to be used in the reporting phase.
Chapter 9, Exploiting Vulnerabilities Using Burp Suite – Part 2, covers the exploitation of even more vulnerabilities using Burp Suite once the initial detection is completed.
Chapter 10, Writing Burp Suite Extensions, shows you how Burp Suite's functionality can be extended using custom extensions that can be written in a variety of languages, and added to Burp Suite using its Extender module. Burp Suite extensions can be used to process and modify HTTP requests and responses, customize the placement of attack insertion points within scanned requests, implement custom session handling, and retrieve and analyze headers, parameters, cookies, and other objects.
Chapter 11, Breaking the Authentication for a Large Online Retailer, walks you through a real-world case study of how a large online retailer was compromised by breaking its authentication implementation. This chapter outlines the various steps that were taken to identify the target, discover weaknesses in the authentication mechanism using Burp Suite, and finally attack and break the authentication implementation to gain access to the administrative console of the application.
Chapter 12, Exploiting and Exfiltrating Data from a Large Shipping Corporation, is a real-world case of how a large shipping corporation was compromised and data exfiltrated. This chapter walks the reader through the various steps that were taken to identify the target, discover weaknesses in the search functionality using Burp Suite and finally attack and exploit the discovered Blind SQL injection to exfiltrate data.