Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag United Kingdom
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Argentina
Country selected
country flag Austria
Country selected
country flag Belgium
Country selected
country flag Bulgaria
Country selected
country flag Chile
Country selected
country flag Colombia
Country selected
country flag Cyprus
Country selected
country flag Czechia
Country selected
country flag Denmark
Country selected
country flag Ecuador
Country selected
country flag Egypt
Country selected
country flag Estonia
Country selected
country flag Finland
Country selected
country flag Greece
Country selected
country flag Hungary
Country selected
country flag Indonesia
Country selected
country flag Ireland
Country selected
country flag Italy
Country selected
country flag Japan
Country selected
country flag Latvia
Country selected
country flag Lithuania
Country selected
country flag Luxembourg
Country selected
country flag Malaysia
Country selected
country flag Malta
Country selected
country flag Mexico
Country selected
country flag Netherlands
Country selected
country flag New Zealand
Country selected
country flag Norway
Country selected
country flag Philippines
Country selected
country flag Poland
Country selected
country flag Portugal
Country selected
country flag Romania
Country selected
country flag Singapore
Country selected
country flag Slovakia
Country selected
country flag Slovenia
Country selected
country flag South Africa
Country selected
country flag South Korea
Country selected
country flag Sweden
Country selected
country flag Switzerland
Country selected
country flag Taiwan
Country selected
country flag Thailand
Country selected
country flag Turkey
Country selected
country flag Ukraine
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux Web Penetration Testing Cookbook

You're reading from   Kali Linux Web Penetration Testing Cookbook Identify, exploit, and prevent web application vulnerabilities with Kali Linux 2018.x

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher Packt
ISBN-13 9781788991513
Length 404 pages
Edition 2nd Edition
Languages
Tools
Concepts
Arrow right icon
Author (1):
Arrow left icon
Gilberto Najera-Gutierrez Gilberto Najera-Gutierrez
Author Profile Icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
Read more
See other products by Gilberto Najera-Gutierrez
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Setting Up Kali Linux and the Testing Lab FREE CHAPTER 2. Reconnaissance 3. Using Proxies, Crawlers, and Spiders 4. Testing Authentication and Session Management 5. Cross-Site Scripting and Client-Side Attacks 6. Exploiting Injection Vulnerabilities 7. Exploiting Platform Vulnerabilities 8. Using Automated Scanners 9. Bypassing Basic Security Controls 10. Mitigation of OWASP Top 10 Vulnerabilities 11. Other Books You May Enjoy

Obtaining session cookies through XSS

In the previous recipe, we did a very basic proof of concept for an XSS exploitation. Also, in previous chapters, we saw how a session cookie can be used by an attacker to steal a valid user's session. XSS vulnerabilities and session cookies that are not protected by the HttpOnly flag can be a deadly combination for a web application's security.

In this recipe, we will see how an attacker can exploit an XSS vulnerability to grab a user's session cookie.

How to do it...

The attacker needs to have a server to receive the exfiltrated data (session cookies, in this case), so we will use a simple Python module to set it up. These are the steps:

  1. To start a basic HTTP server with...
lock icon The rest of the chapter is locked
arrow left Previous Section
Section 5 of 10
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €18.99/month. Cancel anytime

Authors (1)

Profile icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez is an experienced penetration tester currently working for one of the top security testing service providers in Australia. He obtained leading security and penetration testing certifications, namely Offensive Security Certified Professional (OSCP), EC-Council Certified Security Administrator (ECSA), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).
Read more
See other products by Gilberto Najera-Gutierrez

Other recommended products

Related to this chapter
Left arrow icon
Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux
Read more
This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.
Read more
Feb 2018 14h 12m
Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux
Read more
This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.
Read more
Feb 2018 14h 12m
Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux
Read more
This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.
Read more
Feb 2018 14h 12m
Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux
Read more
This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.
Read more
Feb 2018 14h 12m
Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux
Read more
This book covers everything you need to set up a Kali Linux lab, the latest generation of the BackTrack Linux penetration testing and security auditing Linux distribution. Learn how to use the hundred tools Kali Linux has so you can manage security tasks such as penetration testing, forensics, and reverse engineering.
Read more
Feb 2018 14h 12m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Burp Suite Cookbook
Burp Suite Cookbook
Read more
The purpose of the Burp Suite Cookbook is to provide web application penetration testers with hands-on examples of how to use Burp Suite to perform web assessments. The book gives detailed screenshots demonstrating how to perform various attacks in Burp including Cross-site Scripting (XSS), SQL Injection, Cross-site Request Forgery, XML External Entity (XXE), and many more.
Read more
Sep 2018 11h 56m
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Right arrow icon