Gain insights into web app vulnerabilities and attack methods, delve into penetration testing with Kali Linux, and explore tools for enhancing information security using Python, web tech, and network management.

webpen.tar.gz

shodan_api

Wireshark

chrome

Burp

frog

proxychains

encoder

setoolkitChrome

chromeShark

juiceshop

BurpChrome

This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. 

You will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. 

Your knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.

Web Application Penetration Testing

# Overview 

Considering the different types of XSS attacks we've discussed, it's fair to assume that the overall process of finding such vulnerabilities is not all that difficult. Despite modern browsers and frameworks having simplified web application development, sometimes a developer has to actually make an effort to add security bugs to their application. Nevertheless, it's still quite important to know how these vulnerabilities are exploited before delegating the task to an automated tool or service.

# Exploiting XSS vulnerabilities

Websites are rendered on the browser (alongside site business logic) as a combination of HTML, CSS, and JavaScript. This means that as long as the browser trusts the sources of the code, JavaScript especially, it will have no problem in executing it.  


JavaScript is largely just like any other programming language, although with a few eccentricities. The same goes for HTML. As such, we can use the `<script></script>` tags to probe for basic vulnerabilities. For example, if a website has a form or a search bar, we can type `<script> alert("Hello, World")</script>` in the search bar or the form. This code prompts the users with a dialogue box with the message `Hello World`. This alerting methodology is the one most commonly used by pentesters because it's both a simple yet brutal indicator of XSS vulnerabilities. 

When a vulnerability is discovered, the adversary will often perform recon to see what's the most they can get away with without getting caught.

Let's look at more examples. A JavaScript element like `document.documentElement.innerHTML` contains all the HTML code of the web page. Changing this element to point to an empty string leads to a loss of the web page. The JavaScript code is injected into the webpage as `<script>document.documentElement.innerHTML = ''</script>`.

Other tags can also be used in the exploitation process. Let's look at some below:

- `<body onload=alert('Hello World')>`: This will result in the prompt automatically popping up whenever a user opens up a page.

- `<p onclick=alert('Hello!')>Click me for a surprise!</p>`: This will result in a prompt being displayed whenever a user clicks on the element.

Now let's look at each XSS vulnerability type with a practical example.

## Reflected XSS

For reflected XSS, the biggest tell is usually the parameters in the URL. If you notice a value in the URL that is then displayed on the web page, you can start poking around there. Let's confirm this with [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/) below:

1. Click the "Run" button for the playground to load. After a while, we'll see a message that says that the application is ready at port `3000`.
2. Click on the playground's URL. The vulnerable web application will load in a new tab.
3. Create a new account. Use bogus details.
4. Log in using the new account.
5. Add a number of items to the basket.
6. Go to the basket, and provide an address and then payment details. Again, provide fake details.
7. We'll get a confirmation that our order has been placed.

Learn how to exploit the three main types of XSS vulnerabilities with the OWASP Juice Shop.

Introduction to the Course

Introduction to Linux

Introduction to Python

Web and Server Technology

Network Management and Analysis

Open-Source Intelligence

Cross-Site Scripting

SQL Injection

Authentication and Authorization

Cross-Site Request Forgery

Social Engineering Attacks

Broader Security Concepts

Wrapping Up

XSS Exploitation

Overview

Exploiting XSS vulnerabilities