Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Web Penetration Testing with Kali Linux 2.0, Second Edition
Web Penetration Testing with Kali Linux 2.0, Second Edition

Web Penetration Testing with Kali Linux 2.0, Second Edition: Build your defense against web attacks with Kali Linux 2.0

Arrow left icon
Profile Icon Juned Ahmed Ansari
Arrow right icon
₱1571.99 ₱2245.99
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (6 Ratings)
eBook Nov 2015 312 pages 1st Edition
eBook
₱1571.99 ₱2245.99
Paperback
₱2806.99
Subscription
Free Trial
Arrow left icon
Profile Icon Juned Ahmed Ansari
Arrow right icon
₱1571.99 ₱2245.99
Full star icon Full star icon Full star icon Full star icon Empty star icon 4 (6 Ratings)
eBook Nov 2015 312 pages 1st Edition
eBook
₱1571.99 ₱2245.99
Paperback
₱2806.99
Subscription
Free Trial
eBook
₱1571.99 ₱2245.99
Paperback
₱2806.99
Subscription
Free Trial

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Web Penetration Testing with Kali Linux 2.0, Second Edition

Chapter 2. Setting up Your Lab with Kali Linux

Preparation is the key to everything. It becomes even more important when working on a penetration testing engagement, where you get a limited amount of time to do the reconnaissance, scanning, exploitation, and finally gain access and present the customer with a detailed report. Each penetration test that you conduct would be different in nature and would require a different approach from a test that you earlier conducted. Tools play a major role in it, and you need to prepare your toolkit beforehand and have hands-on experience of all the tools that you will need to execute the test.

In this chapter, we will cover the following topics:

  • Overview of Kali Linux and changes from the previous version
  • Different ways of installing Kali Linux
  • Virtualization versus installation on physical hardware
  • Walkthrough and configuration of important tools in Kali Linux
  • Installing Tor and configuration

Kali Linux

Kali Linux is security-focused Linux distribution based on Debian. It's a rebranded version of the famous Linux distribution known as Backtrack, which came with a huge repository of open source hacking tools for network, wireless, and web application penetration testing. Although Kali Linux contains most of the tools from Backtrack, the main aim of Kali Linux is to make it portable so that it could be installed on devices based on the ARM architectures such as tablets and Chromebook, which makes the tools available at your disposal with much ease.

Using open source hacking tools comes with a major drawback: they contain a whole lot of dependencies when installed on Linux and they need to be installed in a predefined sequence. Moreover, authors of some tools have not released accurate documentation, which makes our life difficult.

Kali Linux simplifies this process; it contains many tools preinstalled with all the dependencies and is in ready to use condition so that you can...

Important tools in Kali Linux

Once you have Kali Linux up and running, you can start playing with the tools. Since this book is on web application hacking, all the major tools that we would be spending most of our time are under Applications | Web Application. Following screenshot shows the tools present under Web Application:

Important tools in Kali Linux

In Kali Linux 2.0, tools under Web Applications are further divided into four categories as listed here:

  • Web application proxies
  • Web vulnerability scanners
  • Web crawlers and directory browsing
  • CMS and framework identification

Web application proxies

A HTTP proxy is one of the most important tools in the kit of a web application hacker and Kali Linux includes several of those. A feature that you miss in one proxy would surely be there in some other proxy which highlights the real advantage of Kali Linux with it vast repository of tools.

A HTTP proxy is a software that sits in between the browser and the website intercepting all the traffic that flows between them. The main...

Using Tor for penetration testing

The main aim of a penetration test is to hack into a web application in a way that a real-world malicious hacker would do it. Tor provides an interesting option to emulate the steps that a black hat hacker uses to protect his or her identity and location. Although an ethical hacker trying to improve the security of a web application should be not be concerned about hiding his or her location, by using Tor it gives you an additional option of testing the edge security systems such as network firewalls, web application firewalls, and IPS devices.

Black hat hackers try every method to protect their location and true identity; they do not use a permanent IP address and constantly change it in order to fool the cybercrime investigators. You would find port scanning requests from a different range of IP addresses and the actual exploitation having the source IP address that your edge security systems are logging for the first time. With the necessary written approval...

Summary

This chapter was all about Kali Linux. We started by understanding the different ways in which Kali Linux can be installed and scenarios where we would be using it. Virtualizing Kali Linux is an attractive option and we discussed the pro and cons for it. Once we had Kali Linux up and running, we did an overview of the major hacking tools that we would be using to test web applications. Burp suite is a really interesting and feature-rich tool that we would be using throughout the book. We then discussed web vulnerability scanners that are of great use to identify flaws and configuration issues in well-known web servers. Finally, we set up Tor and Privoxy to emulate a real world attacker that would hide his or her real identity and location.

In the next chapter, we would perform reconnaissance, scan web applications, and identify underlying technologies used that would act as a base for further exploitation.

Left arrow icon Right arrow icon

Description

Kali Linux 2.0 is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. It contains several hundred tools aimed at various information security tasks such as penetration testing, forensics, and reverse engineering. At the beginning of the book, you will be introduced to the concepts of hacking and penetration testing and will get to know about the tools used in Kali Linux 2.0 that relate to web application hacking. Then, you will gain a deep understanding of SQL and command injection flaws and ways to exploit the flaws. Moving on, you will get to know more about scripting and input validation flaws, AJAX, and the security issues related to AJAX. At the end of the book, you will use an automated technique called fuzzing to be able to identify flaws in a web application. Finally, you will understand the web application vulnerabilities and the ways in which they can be exploited using the tools in Kali Linux 2.0.

Who is this book for?

If you are already working as a network penetration tester and want to expand your knowledge of web application hacking, then this book tailored for you. Those who are interested in learning more about the Kali Sana tools that are used to test web applications will find this book a thoroughly useful and interesting guide.

What you will learn

  • Set up your lab with Kali Linux 2.0
  • Identify the difference between hacking a web application and network hacking
  • Understand the different techniques used to identify the flavor of web applications
  • Expose vulnerabilities present in web servers and their applications using serverside attacks
  • Use SQL and crosssite scripting (XSS) attacks
  • Check for XSS flaws using the burp suite proxy
  • Find out about the mitigation techniques used to negate the effects of the Injection and Blind SQL attacks

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Nov 26, 2015
Length: 312 pages
Edition : 1st
Language : English
ISBN-13 : 9781783554003
Vendor :
Offensive Security
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Nov 26, 2015
Length: 312 pages
Edition : 1st
Language : English
ISBN-13 : 9781783554003
Vendor :
Offensive Security
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 8,114.97
Web Penetration Testing with Kali Linux 2.0, Second Edition
₱2806.99
Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition
₱2500.99
Kali Linux Web Penetration Testing Cookbook
₱2806.99
Total 8,114.97 Stars icon

Table of Contents

11 Chapters
1. Introduction to Penetration Testing and Web Applications Chevron down icon Chevron up icon
2. Setting up Your Lab with Kali Linux Chevron down icon Chevron up icon
3. Reconnaissance and Profiling the Web Server Chevron down icon Chevron up icon
4. Major Flaws in Web Applications Chevron down icon Chevron up icon
5. Attacking the Server Using Injection-based Flaws Chevron down icon Chevron up icon
6. Exploiting Clients Using XSS and CSRF Flaws Chevron down icon Chevron up icon
7. Attacking SSL-based Websites Chevron down icon Chevron up icon
8. Exploiting the Client Using Attack Frameworks Chevron down icon Chevron up icon
9. AJAX and Web Services – Security Issues Chevron down icon Chevron up icon
10. Fuzzing Web Applications Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
(6 Ratings)
5 star 66.7%
4 star 0%
3 star 16.7%
2 star 0%
1 star 16.7%
Filter icon Filter
Top Reviews

Filter reviews by




ryan Mar 09, 2016
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a very thorough book. Plenty of examples of everything. Each idea and point is explained extremely well too. I could not be happier with this. It certainly has allowed me to expand my horizon in the security field.
Amazon Verified review Amazon
Perry Nally Jan 19, 2016
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great read. If you are new to either web penetration testing or kali linux, you'll learn a ton of very useful tools and techniques on how to determine hack-ability of a website. If you're not new to this, you'll be able to use this book as a great reference. YOu get tons of info and how-to's for each vulnerability. You get right to the nitty-gritty. The author attempt to help you get into the mind set of a person who would hack your site which helps to determine the various attack vectors. There were a few vectors mentioned that I did not think of, including some very useful shortcuts along the way. You could never really say this type of book is ever really "complete", but this is the most complete book I've read on the subject to date. Highly recommend it if you are on the fence.
Amazon Verified review Amazon
NG CHING WA (HotMail) Jan 13, 2016
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is very structural for both beginner and advanced forensic practitioners. There are detailed working steps to guide reader in applying Kali Linux in Penetration Test...Daniel
Amazon Verified review Amazon
Hugo Dec 22, 2015
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I liked this book because the author gives a good immersion on the theme, he introduces about the ecosystem of web applications, the needs of security, the structure, major flaws and the possible attackers. The steps to execute the penetration test are crucial and he presented the points that you need to carry on, exploring the flaws with the possible doors and the best tools. Security technology is an activity where you can never stop, you have to have caution and your team prepared to solve the flaws fast as possible.This book makes me understand what I need to do, what is more important, this subject is so dynamic that you never feel totally comfortable to deal with, but now I can see what an efficient pen test is like. So this book delivers what it promises and I would recommend for anyone who work or are interested on this topic, this book is very worthwhile.
Amazon Verified review Amazon
Xilobyte6 Feb 17, 2017
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
The author makes a good attempt at explaining the different tools. One will need to read this book though several times to be able to formulate a standardise plan. Upon rereading it, you find that some of these tools and modules do not even exist in a default Kali install nor is there any method in the book to acquire them. So this data is extremely important to include if you are going to talk about a particular module. Next, going from pages 82-84, there is a jump in context. We are reading about nmap and such one moment then all of a sudden we have jumped into the middle of another framework. Something has been edited out here. If I compare this book to other similar books that I am reading at the same time on this same subject, I would say, move on to another book instead. This one is simply trying to cover way too much with not enough effort. All they had to do was leave the book on the table a little long and develop it more.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.