- Page 1 and 2: Assessing and Exploiting Web Applic
- Page 3 and 4: Course Contributors Course Authors
- Page 5 and 6: SamuraiWTF • Live testing environ
- Page 7 and 8: SamuraiWTF 2.0 • Complete rebuild
- Page 9 and 10: Setting up Your Course VM • Copy
- Page 11: Testing Methodology Because we are
- Page 15 and 16: First Target: Dojo-Basic Mutillidae
- Page 17 and 18: Testing Plan for Dojo-Basic • Map
- Page 19 and 20: Reconnaissance Steps Copyright 2009
- Page 21 and 22: The MOST Underutilized Step... •
- Page 23 and 24: Mapping Steps Copyright 2009-2012 J
- Page 25 and 26: • nmap 127.42.84.0/29 - Port scan
- Page 27 and 28: Zenmap • Author: Adriano Monteiro
- Page 29 and 30: Firefox • Author: Mozilla Foundat
- Page 31 and 32: • Author: Elbert F Wappalyzer •
- Page 33 and 34: FoxyProxy • Author: Eric H. Jung
- Page 35 and 36: Using Firefox with ZAP • Configur
- Page 37 and 38: Manual Mapping Exercise • Which o
- Page 39 and 40: Viewing Saved Alerts • Keeps trac
- Page 41 and 42: • Author: PortSwigger Ltd. • Si
- Page 43 and 44: Burp Spider • Burp's concept of s
- Page 45 and 46: Discovery Steps Copyright 2009-2012
- Page 47 and 48: • Author: Sullo Nikto • Site: h
- Page 49 and 50: ZAP Application Integration nikto C
- Page 51 and 52: Finding Unlinked Resources • Befo
- Page 53 and 54: Raft's Unlinked Resource Lists •
- Page 55 and 56: w3af • Author: Andres Riancho and
- Page 57 and 58: Using w3af • Choosing the plugins
- Page 59 and 60: • Author: iOpus iMacro • Site:
- Page 61 and 62: CeWL • Author: DigiNinja (Robin W
- Page 63 and 64:
Fuzzing Logins • Use ZAP Fuzzer t
- Page 65 and 66:
When Session Look Random • Try co
- Page 67 and 68:
Session Analysis with Burp • Clea
- Page 69 and 70:
Testing for Injection Flaws • Whe
- Page 71 and 72:
User Agent Switcher • Author: chr
- Page 73 and 74:
Dojo-Basic Exploitation Copyright 2
- Page 75 and 76:
Step 4: Exploitation • Verifying
- Page 77 and 78:
• Author: V@no Cookies Manager+
- Page 79 and 80:
Basic SQL Injection Exploitation
- Page 81 and 82:
SQLMap Exercise • Review the opti
- Page 83 and 84:
Laudanum Exercise • Configure a L
- Page 85 and 86:
BeEF Exercise • Start beef from t
- Page 87 and 88:
Final Target: Samurai Dojo A dojo (
- Page 89 and 90:
STOP!!! The next page contains the
- Page 91 and 92:
Walkthrough: Keys 0-4 • Key 00 =
- Page 93 and 94:
Walkthrough: Keys 10-14 • Key 10
- Page 95 and 96:
Next Steps • We will all continue
- Page 97 and 98:
Instructor Contact Information Raul
- Page 99 and 100:
Appendix A: Recon The most under ut
- Page 101 and 102:
Domain and IP Registrations • Wha
- Page 103 and 104:
Social Networks • Precursor to So
- Page 105 and 106:
• Common tools: DNS Interrogation
- Page 107 and 108:
Fierce Domain Scanner • Author: R
- Page 109 and 110:
• Author: Hrvoje Nikšić & Giuse
- Page 111 and 112:
Appendix C: Scripting With Python C
- Page 113 and 114:
Python Shell • Using an interacti
- Page 115 and 116:
A Tale of Two Libraries urllib2 HTT
- Page 117 and 118:
Using urllib2 The library that does
- Page 119 and 120:
import urllib2 Working with Headers
- Page 121 and 122:
import urllib2, re Filtering Respon
- Page 123 and 124:
import urllib2, re Fuzzing and Brut
- Page 125:
pyCIT Templates • Completed Templ