After a brief discussion of the hacking procedure
in the previous chapter,
we will now go a long discussion about web hacking in this chapter. As we
all know in today's world both web and mobile applications are the pioneers
of technology. A lot of hackers try to find loopholes and exploit them for
their personal use. So, a thorough understanding of the web is necessary for
security professionals and wannabe hackers.
For this reason, we will go in a practical approach to web hacking tools. We
will discuss web hacking tools like Uniscan in detail. Let us enter into the
world of web hacking. First of all, we will give a small introduction to the
web and protocols.
What is the web?
The web is an interconnected system of networks that displays both static
and dynamic information in the form of web applications nowadays.
What are the protocols?
It is just a way to transmit information between the client and the server .
Http and HTTPS are the famous protocols that are used for web
communication. We will look at six tools that do different tasks.
Scanning of Webservers
Web servers are used to store information in particular. They consist of a lot
of information both static and user-based information.
If a hacker can get
access to a web server, he can exploit any information he wants to.
Usually, hackers do a brief fingerprinting test
about the webserver before
attacking. This is one of the most important hacking processes that need to
be done. If webserver has any potential vulnerability it would be easy to
crack into it using a payload.
There will be a lot of web vulnerabilities that
need to be checked on the
target server. It will be time-consuming to check every one of them
manually. So we can use a tool like Nikto to automate the work.Nikto is one
of the famous web hacking tools that are pre-bundled with Kali Linux. It
scans a webserver using its huge database
that consists of potential
vulnerabilities of web servers.
Here we will describe some of the excellent features of the Nikto web
server scanner.
1) Saving reports XML, HTM L
All the reports that are obtained using the automatic web scanner can be
easily converted to XML and HTML formats.
2) Metasploit usage
Metasploit is a console tool that can be used to make exploits. With this
tool, you can insert Metasploit exploits.
3) Mutation techniques to fish for content on web servers
There are techniques such as the mutation that can easily sniff or duplicate
the content that is present in the web servers. Web servers' fish these things
to display good results.
4) Subdomain guessing
This web scanners also use techniques in a way such that the subdomains
that are present can be easily found out. These
web scanners also sometimes
web servers that are not in the scope.
5) Doing a test based on a tuning paramete r
In this tool when we encounter a vulnerability or bug, we usually test it out.
The testing of it sometimes does in a varied
structure called turning
parameters that has a huge ability to concern the things.
Below is a brief process that takes place when an automatic scanner starts.
