- The Guide to Finding and Reporting Web Vulnerabilities
- About the Author
- About the Tech Reviewer
- Foreword
- Introduction
- Who This Book Is For
- What Is In This Book
- Happy Hacking!
- 1 Picking a Bug Bounty Program
- 2 Sustaining Your Success
- 3 How the Internet Works
- 4 Environmental Setup and Traffic Interception
- 5 Web Hacking Reconnaissance
- 6 Cross-Site Scripting
- 7 Open Redirects
- 8 Clickjacking
- 9 Cross-Site Request Forgery
- 10 Insecure Direct Object References
- 11 SQL Injection
- 12 Race Conditions
- 13 Server-Side Request Forgery
- 14 Insecure Deserialization
- 15 XML External Entity
- 16 Template Injection
- 17 Application Logic Errors and Broken Access Control
- 18 Remote Code Execution
- 19 Same-Origin Policy Vulnerabilities
- 20 Single-Sign-On Security Issues
- 21 Information Disclosure
- 22 Conducting Code Reviews
- 23 Hacking Android Apps
- 24 API Hacking
- 25 Automatic Vulnerability Discovery Using Fuzzers
5 Web Hacking Reconnaissance
The first step to attacking any target is conducting reconnaissance , or simply put, gathering information about the target. Reconnaissance is important because it’s how you figure out an application’s attack surface. To look for bugs most efficiently, you need to discover all the possible ways of attacking a target before deciding on the most effective approach.
攻击任何目标的第一步是进行侦察,或者简单地说,收集有关目标的信息。侦察是重要的,因为它是您确定应用程序攻击面的方式。为了最有效地寻找漏洞,您需要在决定最有效的方法之前发现攻击目标的所有可能方法。
If an application doesn’t use PHP, for instance, there’s no reason to test it for PHP vulnerabilities, and if the organization doesn’t use Amazon Web Services (AWS), you shouldn’t waste time trying to crack its buckets. By understanding how a target works, you can set up a solid foundation for finding vulnerabilities. Recon skills are what separate a good hacker from an ineffective one.
如果一个应用程序不使用 PHP,那么就没有理由为其测试 PHP 漏洞,如果组织不使用 Amazon Web Services(AWS),您就不应该浪费时间尝试破解其存储桶。通过了解目标的工作原理,您可以为发现漏洞建立坚实的基础。侦察技能是区分好的黑客和无效的黑客的关键。
In this chapter, I’ll introduce the most useful recon techniques for a bug bounty hunter. Then I’ll walk you through the basics of writing bash scripts to automate recon tasks and make them more efficient. Bash is a shell interpreter available on macOS and Linux systems. Though this chapter assumes you’re using a Linux system, you should be able to install many of these tools on other operating systems as well. You need to install some of the tools we discuss in this chapter before using them. I have included links to all the tools at the end of the chapter.
在这一章节,我将介绍适用于漏洞赏金猎人最有用的侦查技巧。然后,我将向您介绍编写 Bash 脚本以自动化侦查任务并使其更加高效的基础知识。Bash 是可在 macOS 和 Linux 系统上使用的 shell 解释器。尽管本章假设您使用的是 Linux 系统,但您也应该能够在其他操作系统上安装许多这些工具。在使用这些工具之前,您需要安装本章中讨论的一些工具。我已在本章末尾附上了所有工具的链接。
Before you go on, please verify that you’re allowed to perform intrusive recon on your target before you attempt any techniques that actively engage with it. In particular, activities like port scanning, spidering, and directory brute-forcing can generate a lot of unwanted traffic on a site and may not be welcomed by the organization.
在继续之前,请先确认你有权进行有侵入性的侦察行为,再尝试那些会主动对目标发起攻击的技术。特别是像端口扫描、蜘蛛爬行和目录爆破等活动,可能会在网站上产生大量不必要的流量,并可能不被该组织所欢迎。
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论