Web security testing using Burp and Firebug STC 2012 - QAI

More documents

Recommendations

Info

Web security testing using BurpIntruder - Attack types (ctd..)Pitchfork: This uses multiple payload sets. There is a different payload setfor each defined position (up to a maximum of 8). The attack iterates throughall payload sets simultaneously, and inserts one payload into each definedposition. The total number of requests generated by the attack is the numberof payloads in the smallest payload set.Cluster Bomb: This uses multiple payload sets. There is a different payloadset for each defined position (up to a maximum of 8). The attack iteratesthrough each payload set in turn, so that all permutations of payloadcombinations are tested. The total number of requests generated by theattack is the product of the number of payloads in all defined payload sets –this may be extremely large.8ETT | 12/10/2012 | © Robert Bosch Engineering and Business Solutions Limited 2012. All rights reserved, also regarding any disposal,exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Web security testing using BurpPayload sets:Intruder – Select payload1. Preset list2. Runtime file3. Custom iterator4. Character substitution5. Case substitution6. Recursive grep7. Illegal Unicode8. Character9. Blocks10. Numbers11. Dates12. Brute forcer13. Null payloads9ETT | 12/10/2012 | © Robert Bosch Engineering and Business Solutions Limited 2012. All rights reserved, also regarding any disposal,exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
Page 3 and 4: DECISION MODIFICATIVE N° 1 - BP 20
Page 5 and 6: Web security testing using BurpProx
Page 7: Web security testing using BurpIntr
Page 11 and 12: Web security testing using BurpRepe
Page 13 and 14: Web security testing using BurpRepe
Page 15 and 16: Web security testing using BurpComp
Page 17 and 18: Web security testing using FirebugF
Page 19 and 20: Web security testing using FirebugO
Page 21: Web security testing using Burp and

Web security testing using Burp and Firebug STC 2012 - QAI

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?