Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Kali Linux Web Penetration Testing Cookbook
Kali Linux Web Penetration Testing Cookbook

Kali Linux Web Penetration Testing Cookbook: Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2

Arrow left icon
Profile Icon Gilberto Najera-Gutierrez
Arrow right icon
$54.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (4 Ratings)
Paperback Feb 2016 296 pages 1st Edition
eBook
$29.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Gilberto Najera-Gutierrez
Arrow right icon
$54.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (4 Ratings)
Paperback Feb 2016 296 pages 1st Edition
eBook
$29.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$29.99 $43.99
Paperback
$54.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux Web Penetration Testing Cookbook

Chapter 2. Reconnaissance

In this chapter, we will cover:

  • Scanning and identifying services with Nmap
  • Identifying a web application firewall
  • Watching the source code
  • Using Firebug to analyze and alter basic behavior
  • Obtaining and modifying cookies
  • Taking advantage of robots.txt
  • Finding files and folders with DirBuster
  • Password profiling with CeWL
  • Using John the Ripper to generate a dictionary
  • Finding files and folders with ZAP

Introduction

Every penetration test, be it for a network or a web application, has a workflow; it has a series of stages that should be completed in order to increase our chances of finding and exploiting every possible vulnerability affecting our targets, such as:

  • Reconnaissance
  • Enumeration
  • Exploitation
  • Maintaining access
  • Cleaning tracks

In a network penetration testing scenario, reconnaissance is the phase where testers must identify all the assets in the network, firewalls, and intrusion detection systems. They also gather the maximum information about the company, the network, and the employees. In our case, for a web application penetration test, this stage will be all about getting to know the application, the database, the users, the server, and the relation between the application and us.

Reconnaissance is an essential stage in every penetration test; the more information we have about our target, the more options we will have when it comes to finding vulnerabilities and exploiting them...

Scanning and identifying services with Nmap

Nmap is probably the most used port scanner in the world. It can be used to identify live hosts, scan TCP and UDP open ports, detect firewalls, get versions of services running in remote hosts, and even, with the use of scripts, find and exploit vulnerabilities.

In this recipe, we will use Nmap to identify all the services running on our target application's server and their versions. We will do this in several calls to Nmap for learning purposes, but it can be done using a single command.

Getting ready

All we need is to have our vulnerable_vm running.

How to do it...

  1. First, we want to see if the server is answering to a ping or if the host is up:
    nmap -sn 192.168.56.102
    
    How to do it...
  2. Now that we know that it's up, let's see which ports are open:
    nmap 192.168.56.102
    
    How to do it...
  3. Now, we will tell Nmap to ask the server for the versions of services it is running and to guess the operating system based on that.
    nmap -sV -O 192.168.56.102
    
    How to do it...
  4. We can see that our vulnerable_vm...

Identifying a web application firewall

A web application firewall (WAF) is a device or a piece of software that checks packages sent to a web server in order to identify and block those that might be malicious, usually based on signatures or regular expressions.

We can end up dealing with a lot of problems in our penetration test if an undetected WAF blocks our requests or bans our IP address. When performing a penetration test, the reconnaissance phase must include the detection and identification of a WAF, intrusion detection system (IDS), or intrusion prevention system (IPS). This is required in order to take the necessary measures to prevent being blocked or banned.

In this recipe, we will use different methods, along with the tools included in Kali Linux, to detect and identify the presence of a web application firewall between our target and us.

How to do it...

  1. Nmap includes a couple of scripts to test for the presence of a WAF. Let's try some on our vulnerable-vm:
    nmap -p 80,443...

Watching the source code

Looking into a web page's source code allows us to understand some of the programming logic, detect the obvious vulnerabilities, and also have a reference when testing, as we will be able to compare the code before and after a test and use that comparison to modify our next attempt.

In this recipe, we will view the source code of an application and arrive at some conclusions from that.

Getting ready

For this recipe, start the vulnerable_vm.

How to do it...

  1. Browse to http://192.168.56.102.
  2. Select the WackoPicko application.
  3. Right-click on the page and select View Page Source. A new window with the source code of the page will open:
    How to do it...

    With the source code we can discover the libraries or external files that the page is using and where the links go. Also, as can be seen in the preceding image, this page has some hidden input fields. The selected one is MAX_FILE_SIZE; this means that, when we are uploading a file, this field determines the maximum size allowed for the file...

Using Firebug to analyze and alter basic behavior

Firebug is a browser add-on that allows us to analyze the inner components of a web page, such as table elements, cascading style sheets (CSS) classes, frames, and so on. It also has the ability to show us DOM objects, error codes, and request-response communication between the browser and server.

In the previous recipe, we saw how to look into a web page's HTML source code and found a hidden input field that established some default values for the maximum size of a file. In this recipe, we will see how to use the browser's debugging extensions, in this particular case, Firebug for Firefox or OWASP-Mantra.

Getting ready

With vulnerable_vm running, browse to http://192.168.56.102/WackoPicko.

How to do it...

  1. Right-click on Check this file and then select Inspect Element with Firebug.
    How to do it...
  2. There is a type="hidden" parameter on the first input of the form; double-click on hidden.
  3. Replace hidden by text and hit Enter.
    How to do it...
  4. Now double-click...

Introduction


Every penetration test, be it for a network or a web application, has a workflow; it has a series of stages that should be completed in order to increase our chances of finding and exploiting every possible vulnerability affecting our targets, such as:

  • Reconnaissance

  • Enumeration

  • Exploitation

  • Maintaining access

  • Cleaning tracks

In a network penetration testing scenario, reconnaissance is the phase where testers must identify all the assets in the network, firewalls, and intrusion detection systems. They also gather the maximum information about the company, the network, and the employees. In our case, for a web application penetration test, this stage will be all about getting to know the application, the database, the users, the server, and the relation between the application and us.

Reconnaissance is an essential stage in every penetration test; the more information we have about our target, the more options we will have when it comes to finding vulnerabilities and exploiting them...

Scanning and identifying services with Nmap


Nmap is probably the most used port scanner in the world. It can be used to identify live hosts, scan TCP and UDP open ports, detect firewalls, get versions of services running in remote hosts, and even, with the use of scripts, find and exploit vulnerabilities.

In this recipe, we will use Nmap to identify all the services running on our target application's server and their versions. We will do this in several calls to Nmap for learning purposes, but it can be done using a single command.

Getting ready

All we need is to have our vulnerable_vm running.

How to do it...

  1. First, we want to see if the server is answering to a ping or if the host is up:

    nmap -sn 192.168.56.102
    
  2. Now that we know that it's up, let's see which ports are open:

    nmap 192.168.56.102
    
  3. Now, we will tell Nmap to ask the server for the versions of services it is running and to guess the operating system based on that.

    nmap -sV -O 192.168.56.102
    
  4. We can see that our vulnerable_vm has Linux...

Left arrow icon Right arrow icon

Key benefits

  • Familiarize yourself with the most common web vulnerabilities a web application faces, and understand how attackers take advantage of them
  • Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits
  • Learn how to prevent vulnerabilities in web applications before an attacker can make the most of it

Description

Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform and operating system that provides a huge array of testing tools, many of which can be used specifically to execute web penetration testing. This book will teach you, in the form step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure, for you and your users. Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. Finally, we will put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities.

Who is this book for?

This book is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. You should know the basics of operating a Linux environment and have some exposure to security technologies and tools.

What you will learn

  • Set up a penetration testing laboratory in a secure way
  • Find out what information is useful to gather when performing penetration tests and where to look for it
  • Use crawlers and spiders to investigate an entire website in minutes
  • Discover security vulnerabilities in web applications in the web browser and using command-line tools
  • Improve your testing efficiency with the use of automated vulnerability scanners
  • Exploit vulnerabilities that require a complex setup, run custom-made exploits, and prepare for extraordinary scenarios
  • Set up Man in the Middle attacks and use them to identify and exploit security flaws within the communication between users and the web server
  • Create a malicious site that will find and exploit vulnerabilities in the user s web browser
  • Repair the most common web vulnerabilities and understand how to prevent them becoming a threat to a site s security
Estimated delivery fee Deliver to Chile

Standard delivery 10 - 13 business days

$19.95

Premium delivery 3 - 6 business days

$40.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 29, 2016
Length: 296 pages
Edition : 1st
Language : English
ISBN-13 : 9781784392918
Vendor :
Offensive Security
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Chile

Standard delivery 10 - 13 business days

$19.95

Premium delivery 3 - 6 business days

$40.95
(Includes tracking information)

Product Details

Publication date : Feb 29, 2016
Length: 296 pages
Edition : 1st
Language : English
ISBN-13 : 9781784392918
Vendor :
Offensive Security
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 164.97
Web Penetration Testing with Kali Linux 2.0, Second Edition
$54.99
Kali Linux Web Penetration Testing Cookbook
$54.99
Mastering Kali Linux Wireless Pentesting
$54.99
Total $ 164.97 Stars icon

Table of Contents

11 Chapters
1. Setting Up Kali Linux Chevron down icon Chevron up icon
2. Reconnaissance Chevron down icon Chevron up icon
3. Crawlers and Spiders Chevron down icon Chevron up icon
4. Finding Vulnerabilities Chevron down icon Chevron up icon
5. Automated Scanners Chevron down icon Chevron up icon
6. Exploitation – Low Hanging Fruits Chevron down icon Chevron up icon
7. Advanced Exploitation Chevron down icon Chevron up icon
8. Man in the Middle Attacks Chevron down icon Chevron up icon
9. Client-Side Attacks and Social Engineering Chevron down icon Chevron up icon
10. Mitigation of OWASP Top 10 Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5
(4 Ratings)
5 star 50%
4 star 50%
3 star 0%
2 star 0%
1 star 0%
jfranz Dec 08, 2016
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book is a great example of a seasoned Web Pentester and his methodologies for auditing web applications. The chapters examples are clearly outlined with corresponding modules that "walk" the user through all phases of a web pentest. He makes web pentesting available to anyone with a little bit of time, a Kali VM and OWASP project VM. If your a novice looking for a solid foundation intro into web pentesting then I would highly recommend this book.
Amazon Verified review Amazon
alicia bianca carew Mar 17, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great Kali Linux Book Step By Step
Amazon Verified review Amazon
Beau Bullock Mar 30, 2016
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
I perform pentests against web applications on a regular basis amongst other types of pentesting including internal network assessments, external network assessments, phishing, wireless, C2, pivot tests and more. In the past two years I've pentested around 40 different web applications for various organizations. I read the Kali Linux Web Penetration Testing Cookbook, and wanted to share my thoughts on the book.TL;DRThis is a great book for introducing webapp attack vectors to new pentesters. There might be a section or two that seasoned pentesters find useful. I felt the author did a great job describing the tools and techniques in the book. The book lacks details into the underlying web protocols so don't expect to be an "expert" of all the intricacies involved in web applications after reading this book. I also feel there were a few items included that were a bit off topic and probably should not have been included in this book. That said, I give this book a 4 out of 5.-----------Ok... the longer version is next. I've provided a brief outline of what is included in each chapter below, as well as what I felt was either awesome about the chapter or what I felt was missing in the "Comments" section.PREFACE-The author describes the book as being designed for many types of readers including those who want to go beyond general computer science study, application developers, and even seasoned security pros.-States the book will include some possible intermediate or advanced exploitation by chaining attacks together.Chapter 1 - Setting Up Kali-Downlading Kali, and updating it-Using OWASP Mantra - firefox plugin-Setup Iceweasal with addons (tamperdata etc.)-Using Owasp-bwa vm and BWapp Bee-box as target vuln machines-Download Windows 7 IE8 VM as client for MitM attacksComments:There were no instructions on installing Kali. The book jumps straight from downloading it to updating it. Some readers might have trouble installing it. Also, the book is focused on installing Kali as the host OS. I would bet that the majority of readers who are jumping into web application pentesting will probably want to install Kali as VM. I was very happy to see that the author is putting the modern.ie VM's to good use.Chapter 2 - Reconnaissance-Nmap - shows basic network scan-WAF detection with Nmap script http-waf-detect, http-waf-fingerprint, and wafw00f-Looking at the source code of a page to identify vulnerabilities. Locating hidden fields that might be alterable-Cookies manager+ to edit cookie values-Looking in robots.txt for hidden dirs.-Dirbuster to find hidden dirs - demos a basic wordlist but doesn't mention Dirbuster's wordlists (mentioned later when demoing Zap proxy forced browse)-Cewl for creating wordlists from site content.-Using John and the wordlist generated by Cewl to mangle a more complex wordlist with John's rules.-Zap forced browseComments:This chapter does a decent job of covering recon for a webapp but I might add that during recon for a webapp Google can be your best friend. I discuss that in more detail in the next comments section. Also, Builtwith.com is a good resource for finding what technologies a webapp is utilizing.Chapter 3 - Crawlers and Spiders-Use wget and HTTrack to download website for offline analysis-Using Zap and Burp to spider a site-Burp's repeater to repeat requests-Using webscarab to spiderComments:Three different tools were demonstrated to perform the same task of spidering a site. Two tools were demonstrated to make a local copy of the site. The author did not mention what the purpose of creating a copy of the site was for or why this is useful. This section could be improved by spending less time on separate tools and more on focusing the spider engine. There are times where sites are so big that you may want to limit the spider's scope to only a certain directory and to only recurse a certain depth.I would also add that Google has already done a good job of this. Using "Google hacking" techniques a pentester can find sensitive directories, and files without spidering at all. This can be a most valuable technique when the goal is to be stealthy.Chapter 4 - Finding Vulnerabilities-Hackbar Firefox addon - second address bar that is not affected by redirections, and allows POST modification-TamperData to modify requests-Using Zap and Burp to intercept and modify requests-Identifying XSS-Uses DVWA XSS reflection exercise with basic alert script-Error based SQLi with DVWA-Blind SQLi-Session cookie vulns - Mentions secure and httponly flag-Using sslscan to get SSL info from a site-Testing for LFI and RFI-Detecting Poodle with Nmap scriptComments:While some more demonstrative examples are included later on in the book there was no information about why XSS is bad in this section. It could have provided a test case to demonstrate risk. There are a number of vulnerabilities that could be discovered through manual testing that were left out from this section. None of the following vulnerabilities were covered: CSRF (covered in advanced exploit chapter later on, but how to discover it), username harvesting, account lockout controls, session fixation, weak session token entropy, privilege escalation across access roles, insecure direct object reference (again, included later on in the book), etc.I really like how the author is demonstrating some manual techniques prior to jumping into automated scanning.Chapter 5 - Automated Scanners-Nikto scanner-Wapiti scanner-Zap automated scanner-Using w3af scanner-w3af has command line interface in addition to GUI-vega vulnerability scanner - has ability to do auth to webapp but lacks reporting-Using wmap as a scannerComments:Automated scanners can help speed up the process of a pentest. Being familiar with different types of scanners can help in various situations so I appreciate the inclusion of multiple tools. Although many tools were listed, I didn't feel that any real insight into what to do with the output of the scans was given.Chapter 6 - Exploitation - Low Hanging Fruits-Uploading a PHP webshell to execute commands on the server-Command injection - appending system commands to get Netcat shell is demonstrated-XML External Entity Injection - very nice description and example of XXE. Also, the author demonstrates how it can be used to run commands when combined with a webshell upload vuln.-Brute forcing passwords with THC-HYDRA-Brute forcing passwords with Burp Intruder and wordlists-Exploiting stored XSS to get a victims browser to visit an attacker hosted webserver with a PHP script to store cookies-Nice manual SQLi walkthrough-SQLMap for automated sqli-Bruteforcing Tomcat logins with Metasploit module-Tomcat war file upload with Laudanum web shellComments:I thought this section was probably the most valuable of the entire book with the next chapter being second. Good examples of some common exploit vectors were provided. Later on in the book the author dives into man-in-the-middle attacks and social engineering. I feel that these sections could have been left out and the author could have expanded chapters 6 and 7 as these two are truly the core of webapp testing. Having real world scenarios and potential exploit techniques really can help demonstrate to a reader what the risk is with certain vulnerabilities. I think the author did a fantastic job here.Chapter 7 - Advanced Exploitation-Using Searchsploit to locate exploits in ExploitDB-Exploiting Heartbleed-Hooking a browser with Beef-Manual blind SQL injection-Using Sqlmap to gather data like current DB user and password hashes-Decent CSRF walkthrough-Decent Shellshock walkthrough-Cracking passwords with John and oclHashcatComments:More good examples were provided as in chapter 6. I think more information could have been provided regarding discovering particular vulnerabilities such as ShellShock, and CSRF.Chapter 8 - MitM attacks-Using Ettercap to arp poison the network to MitM two systems-Capturing packets with Wireshark-Ettercap filters to replace data in web requests-Use sslsplit to decrypt traffic after mitm (victim gets cert error)-Spoofing dns to redirect requestsComments:I'm not sure that I feel this chapter was necessary in this book. When approaching a web application pentest it is rare that the tester would need to demonstrate the risk of a MitM attack. The fact a user system can be attacked to create a MitM situation does not mean a vulnerability in the web application being tested exists. These are really "Network Pentest" techniques.Chapter 9 - Client Side Attacks and Social Engineering-Harvesting login credentials with a scraped site using SET-Creating a login harvester that actually logs the user into the real site.-Creating a reverse shell Meterpreter exe-Browser autopwn Metasploit module-Social engineering a user to run a malicious beef hookComments:Again, I'm not sure this chapter belongs here. There is a section in this chapter that explains how to create a Meterpreter payload, host the payload on an attacker's webserver, and then get a target to download it via social engineering. What does this have to do with webapp testing? I think between this chapter and the last the author could have expanded quite a bit on both webapp attack vectors, and the underlying protocols at use.Chapter 10 - Fixing OWASP Top 10-This chapter walks through the OWASP top 10 vulnerabilities and how to fix them.Comments: This chapter redeemed chapters 8 and 9 for me. It is rare that a "pentesting" book includes a very detailed chapter on actually fixing the vulnerabilities discovered through the techniques presented in the book. This chapter does this. As penetration testers we need to not only find the vulnerabilities, but also provide the best recommendations we can to fix them to the clients we are working with.Conclusion -The Good:-The author portrays each concept taught in the book very well. His teaching style is very easy to understand and I think anyone can pick this book up and start learning.-Many tools related to webapp pentesting that are built into Kali Linux are demonstrated.-The majority of common vulnerabilities found in web applications are demonstrated.-New web application testers will learn a ton!-Seasoned web application testers might find a new trick or two.-Great demonstrations of manual exploit techniques.-For each of the tools demonstrated the author provides a number of additional options that may be useful.-Chapter on fixing OWASP top 10 vulnerabilities is awesome. More pentesting books should include recommendations for fixing the vulnerabilities we find.The Bad:-No steps to install Kali-No mention of Google Hacking-Some common vulnerabilities were left out of the vulnerability discovery section including username harvesting, account lockout controls, session fixation, etc.-No WPScan (Wordpress attack tool)-MitM and Social Engineering chapters could have been replaced by more web application testing content
Amazon Verified review Amazon
Amazon Customer Jul 07, 2016
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
not bad
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela