Adrian Pruteanu adopts the mindset of both a defender and an attacker in this practical guide to web application testing. By giving key insights into attack vectors and defenses, Becoming the Hacker builds your ability to analyze from both viewpoints and create robust defense strategies.

• Cover
• Copyright
• Packt upsell
• Contributors
• Table of Contents
• Preface
• Chapter 1 - Introduction to Attacking Web Applications
  • Rules of engagement
    • Communication
    • Privacy considerations
    • Cleaning up
  • The tester's toolkit
    • Kali Linux
    • Kali Linux alternatives
  • The attack proxy
    • Burp Suite
    • Zed Attack Proxy
  • Cloud infrastructure
  • Resources
  • Exercises
  • Summary
• Chapter 2 - Efficient Discovery
  • Types of assessments
  • Target mapping
    • Masscan
    • WhatWeb
    • Nikto
    • CMS scanners
  • Efficient brute-forcing
    • Content discovery
      • Burp Suite
      • OWASP ZAP
      • Gobuster
    • Persistent content discovery
    • Payload processing
  • Polyglot payloads
    • Same payload, different context
    • Code obfuscation
  • Resources
  • Exercises
  • Summary
• Chapter 3 - Low-Hanging Fruit
  • Network assessment
    • Looking for a way in
    • Credential guessing
  • A better way to shell
  • Cleaning up
  • Resources
  • Summary
• Chapter 4 - Advanced Brute-forcing
  • Password spraying
    • LinkedIn scraping
    • Metadata
    • The cluster bomb
  • Behind seven proxies
    • Torify
    • Proxy cannon
  • Summary
• Chapter 5 - File Inclusion Attacks
  • RFI
  • LFI
  • File inclusion to remote code execution
  • More file upload issues
  • Summary
• Chapter 6 - Out-of-Band Exploitation
  • A common scenario
  • Command and control
  • Let’s Encrypt Communication
  • INet simulation
  • The confirmation
  • Async data exfiltration
  • Data inference
  • Summary
• Chapter 7 - Automated Testing
  • Extending Burp
    • Authentication and authorization abuse
      • The Autorize flow
    • The Swiss Army knife
      • sqlmap helper
      • Web shells
  • Obfuscating code
  • Burp Collaborator
    • Public Collaborator server
      • Service interaction
      • Burp Collaborator client
    • Private Collaborator server
  • Summary
• Chapter 8 - Bad Serialization
  • Abusing deserialization
  • Attacking custom protocols
    • Protocol analysis
    • Deserialization exploit
  • Summary
• Chapter 9 - Practical Client-Side Attacks
  • SOP
  • Cross-origin resource sharing
  • XSS
    • Reflected XSS
    • Persistent XSS
    • DOM-based XSS
  • CSRF
  • BeEF
    • Hooking
    • Social engineering attacks
    • The keylogger
    • Persistence
    • Automatic exploitation
    • Tunneling traffic
  • Summary
• Chapter 10 - Practical Server-Side Attacks
  • Internal and external references
  • XXE attacks
    • A billion laughs
    • Request forgery
      • The port scanner
    • Information leak
    • Blind XXE
    • Remote code execution
      • Interactive shells
  • Summary
• Chapter 11 - Attacking APIs
  • API communication protocols
    • SOAP
    • REST
  • API authentication
    • Basic authentication
    • API keys
    • Bearer authentication
    • JWTs
      • JWT quirks
    • Burp JWT support
  • Postman
    • Installation
    • Upstream proxy
    • The environment
    • Collections
    • Collection Runner
  • Attack considerations
  • Summary
• Chapter 12 - Attacking CMS
  • Application assessment
    • WPScan
    • sqlmap
    • Droopescan
    • Arachni web scanner
  • Backdooring the code
    • Persistence
    • Credential exfiltration
  • Summary
• Chapter 13 - Breaking Containers
  • Vulnerable Docker scenario
  • Foothold
  • Situational awareness
  • Container breakout
  • Summary
• Other Books You May Enjoy
• Index