> Step 3Īs there was nothing that popped out of the ordinary so I went on to analyze the packets manually. For me when I carried this out nothing out of the ordinary popped up. These help you reduce the time taken to manually scan the website. Once, the Scanner and Spider are done, then I went through the logs to figure out if I can see any fishy URL which should not have been present or if any critical vulnerabilities popped up during the scan. These are features present in the professional version of Burp Suite, which is extremely helpful. I let them run for a while I try to see if there are any vulnerabilities that might have been reported by Burp Suite in the Target tab under Issues and if there are any. I will utilize the Spider and the Scanner tab to carry out the following tasks. Now, that I have properly gone through the whole website, now I turn on my Burp Suite and spider through the webpage and scan it for vulnerabilities. Hence, it is highly recommended to have a proper understanding of the programming languages, these languages will vary depending on your pen-testing target, it might be a website, so you need to understand HTML, CSS, JavaScript, and other language or it might be a software written in Java so you need to know the secure coding technique of Java language. While you are going through the website you need to identify the places where the web developer might have made mistakes. You need to see what different ways the target can be attacked, what ways can you obtain the maximum profit or get the admin access to the website. This is one of the most important parts of the hack, to understand your target. I saw different features of the website trying to understand what the website is designed for. > Step 1įirst I went to the website which was selling the jersey, I went to the website and did a proper review of the whole web page. I will explain to you briefly how this attack was carried out. Well, this hack is where I bought an online jersey worth nearly 2,000$ in 1$. Well, too much of talking has been done let’s get into the zone and understand how exactly these hacks were carried out. Let me tell you “the hacks of the past!”, the ones which I carried out during my time in the pen-testing and if I am being true to you nearly 75% of the hacks we’re done on Burp Suite and if I would have used the proper extensions I can easily carry out the rest on Burp too.
0 kommentar(er)
