Web security testing using Burp and Firebug STC 2012 - QAI

More documents

Recommendations

Info

Web security testing using BurpRepeater (ctd..)In the Repeater tool we can modify therequest however we want and click onthe “go” button. The response will beshown in the bottom pane.The error message we received in theresponse shown above was:Incorrect username: Invalid XPathexpression://users/user[username=''']/passwordExpected: ]12ETT | 12/10/2012 | © Robert Bosch Engineering and Business Solutions Limited 2012. All rights reserved, also regarding any disposal,exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Web security testing using BurpRepeater (ctd..)When we use the Repeater to submit arequest where the username value is ‘ or ’1′=’1 we get a different error. The error tellsus the password (blank in the request) wesubmitted was incorrect. The XPATH querywill now look something like this://users/user[username=' ' or '1' ='1']/passwordSince we know the user name now, we canbrute force the password using intruder.13ETT | 12/10/2012 | © Robert Bosch Engineering and Business Solutions Limited 2012. All rights reserved, also regarding any disposal,exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Page 3 and 4: DECISION MODIFICATIVE N° 1 - BP 20
Page 5 and 6: Web security testing using BurpProx
Page 7 and 8: Web security testing using BurpIntr
Page 9 and 10: Web security testing using BurpPayl
Page 11: Web security testing using BurpRepe
Page 15 and 16: Web security testing using BurpComp
Page 17 and 18: Web security testing using FirebugF
Page 19 and 20: Web security testing using FirebugO
Page 21: Web security testing using Burp and

Web security testing using Burp and Firebug STC 2012 - QAI

Create successful ePaper yourself

Delete template?

Save as template?