Cross-Site Scripting 250
Cross-Site Request Forgery 251
Session Hijacking 253
Using Proxies 255
Burp Suite 255
Zed Attack Proxy 259
WebScarab 265
Paros Proxy 266
Proxystrike 268
Automated Web Attacks 269
Recon 269
Vega 272
nikto 274
dirbuster and gobuster 276
Java-Based Application Servers 278
SQL-Based Attacks 279
Assorted Tasks 283
Summary 285
Useful Resources 285
9.
Cracking Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Password Storage 287
Security Account Manager 289
PAM and Crypt 290
Acquiring Passwords 291
Local Cracking 294
John the Ripper 296
Rainbow Tables 298
HashCat 304
Remote Cracking 306
Hydra 306
Patator 308
Web-Based Cracking 309
Summary 313
Useful Resources 313