Kali进行web渗透笔记(一)
来源:互联网 发布:多开分身软件 编辑:程序博客网 时间:2024/06/05 13:22
- Insider attacks are more lethal than the one achieved by an external entity,so sometimes Black box testing would be a waste of money and time .
- Career as a penetration tester is not a sprint,it is a marathon.
- Important HTTP methods for penetration testing
- The GET method:passes the parameters to the web application via the URL itself.
- The POST method:is similar to the GET method and is used to retrieve data from the server but it passes the content via the body of the request.
- The HEAD method:The HEAD method is used by attackers to identify the type of server as the server only responds with the HTTP header without sending any payload.It’s a quick way to find out the server version and the date.
- The TRACE method:is used to identify any alterations to request by intermediary devices such as proxy servers and firewalls.The TRACE method to steal user’s cookies.
- The PUT/DELETE methods:are part of WebDAV,which is an extension to http protocol and allows management of documents and files on the web server.
- The OPTIONS method:used to query the server for the methods that it supports.
Session tracking using cookies:
- The ID could be shared using the GET method or the POST method.When using the GET method,the session ID would become a part of the URL;when using the POST method,the session ID is shared in the body of the HTTP message.The server would maintain a table mapping usernames to the HTTP message.
- the cookie is always set and controlled by the server.
- persistent and non-persistent cookies.
- HTTP is the communication mechanism used to transfer HTML formatted pages.
Three-tier web application:
- Presentation layer
- Application layer
- Data access layer
0 0
- Kali进行web渗透笔记(一)
- Kali进行web渗透笔记(二)
- Kali进行web渗透笔记(三)
- Kali进行web渗透笔记(四)
- Kali进行web渗透笔记(五)
- Kali进行web渗透笔记(六)
- Kali进行web渗透笔记(七)
- Kali进行web渗透笔记(八)
- Kali进行web渗透笔记(九)
- Kali进行web渗透笔记(十)
- Kali进行web渗透笔记(十一)
- kali linux web渗透测试学习笔记
- kali linux web渗透测试学习笔记
- kali----渗透学习一
- kali linux metasploit的web渗透测试(一)
- 【安全牛学习笔记】Kali实战-Web渗透
- 小白日记33:kali渗透测试之Web渗透-扫描工具-Burpsuite(一)
- kali渗透测试(一)
- 我的Unity3D学习日记-04(Transform,Time,Mathf类以及动态在场景中生成Prefab)
- mysql从csv文件导入数据时提示int类型出现' '(空字符串)
- 栈实现的带括号的计算器
- Delete a node, only give access to that node.
- js 识别or 手机
- Kali进行web渗透笔记(一)
- MJExtension 框架的使用
- Python数字
- PHP图片上传时$_FILES为空解决
- Microsoft Windows远程桌面协议中间人攻击漏洞(CVE-2005-1794)解决方案
- CALayer学习
- Android通过ViewPager实现Tab面板实例
- centos6.3配置MFS服务器
- 华为机试题,字符串最后一个单词的长度