See previous entry for setup/hosting options for OWASP Juice Shop CTF
Tools
Notepad
I'm a fan of taking notes when debugging an issue with the same reasoning as mentioned in this blog post. Coming from a science background, I learned that keeping notes in a lab-book allows you to track your data and retrace your thinking. Troubleshooting an issue or attempting to hack something is no different.
For quick temporary placeholders and notes, I prefer Notepad2 (replaces default Notepad). For long running notes, I prefer Notepad++ due to the autosave to long-lived tempfiles.
In actual usage, I try to keep commands, outputs, observations, etc in these notes.
Chrome or Firefox Developer Tools
F12 - The tried and true tool for developers and hackers.
Network
Tools for analyzing some layers of the OSI model.
Analyzers/Monitors
Proxies
Use these to view requests and responses over the wire. Alter and resend requests. Initiate automated forced browsing.
Burp Suite is useful for website vulnerability testing, it's used as a proxy to capture requests and responses.
Fiddler has some of the features.
OWASP ZAP
SQL Injection
sqlmap is useful in automatically testing for SQL Injection vulnerabilities. SQL Injection Cheat Sheet
Cross-Site Scripting (XSS)
Types:
- Stored XSS
- Reflected XSS
- DOM-based XSS
- Blind XSS
xsser is an automatic framework for detecting and exploiting XSS vulnerabilities in web-based applications.
Secrets
Following tools can be used to scan git repos and filesystem for secrets with regex or Shannon entropy) .
Cryptography
Many times insecure encryption or hashing algorithms are used. Tools below can be used to decrypt or reverse hashes back to their possible original strings via a rainbow table lookup.
Note: For sensitive data, always use an offline tool.
Hashing
- hashcat.net/hashcat
- openwall.com/john
- darknet.org.uk/2006/09/brutus-password-crac..
- foofus.net/goons/jmk/medusa/medusa.html
- project-rainbowcrack.com
- md5.gromweb.com
Encryption
Encoding
Encoding is necessary at times to be able to circumvent logic that that decodes some payload. For example HTML is expected to be escaped when returned from a database.
- Online Tools
- Html Encoding
- Base64
- Notepad++ Plugin Mime Tools
- Base62
- Hex
FYI: Encoding is not encryption. If you use Base64 encoding for sensitive data, you're gonna have a bad day.
Json Web Tokens (JWT)
Noted here since these are base64 encoded and signed for authenticity.
Decompilers
Probably not used much in Web Application hacking unless, you get the binaries, but a useful tools nonetheless:
Reverse Engineering
TBD
Dorking
Utilizing search engines to do your bidding. Secrets and other information that is surprisingly accessible.
Sandboxes
Sometimes you may be using tools that are not deemed safe or working with untrusted applications that could contain malware or viruses. A sandbox/isolated environment either through a VM, container, or sandbox is helpful:
Next
References
- edricteo.com/sqlmap-commands
- owasp.org/www-project-o-saft
- cryptowiki.net/index.php?title=Perfectly-se..
- en.wikipedia.org/wiki/Entropy_(information_..
- machinelearningmastery.com/what-is-informat...
- medium.com/udacity/shannon-entropy-informat..
- khanacademy.org/computing/computer-science/..
- resources.infosecinstitute.com/topic/androi..
- medium.com/volosoft/running-penetration-tes..
- zaproxy.org/zap-in-ten