the-web-application-hackers-handbook

CHAPTER
14
Automating Customized Attacks
This chapter does not introduce any new categories of vulnerabilities. Rather, it
examines one key element in an effective methodology for hacking web applications
— the use of automation to strengthen and accelerate customized attacks.
The range of techniques involved can be applied throughout the application and
to every stage of the attack process, from initial mapping to actual exploitation.
Every web application is different. Attacking an application effectively involves
using various manual procedures and techniques to understand its behavior
and probe for vulnerabilities. It also entails bringing to bear your experience
and intuition in an imaginative way. Attacks typically are customized in nature,
tailored to the particular behavior you have identified and to the specific ways in
which the application enables you to interact with and manipulate it. Performing
customized attacks manually can be extremely laborious and is prone to mistakes.
The most successful web application hackers take their customized attacks a
step further and find ways to automate them to make them easier, faster, and
more effective.
This chapter describes a proven methodology for automating customized
attacks. This methodology combines the virtues of human intelligence and
computerized brute force, usually with devastating results. This chapter also
examines various potential obstacles that may hinder the use of automation,
and ways in which these obstacles can be circumvented.
571