- The Guide to Finding and Reporting Web Vulnerabilities
- About the Author
- About the Tech Reviewer
- Foreword
- Introduction
- Who This Book Is For
- What Is In This Book
- Happy Hacking!
- 1 Picking a Bug Bounty Program
- 2 Sustaining Your Success
- 3 How the Internet Works
- 4 Environmental Setup and Traffic Interception
- 5 Web Hacking Reconnaissance
- 6 Cross-Site Scripting
- 7 Open Redirects
- 8 Clickjacking
- 9 Cross-Site Request Forgery
- 10 Insecure Direct Object References
- 11 SQL Injection
- 12 Race Conditions
- 13 Server-Side Request Forgery
- 14 Insecure Deserialization
- 15 XML External Entity
- 16 Template Injection
- 17 Application Logic Errors and Broken Access Control
- 18 Remote Code Execution
- 19 Same-Origin Policy Vulnerabilities
- 20 Single-Sign-On Security Issues
- 21 Information Disclosure
- 22 Conducting Code Reviews
- 23 Hacking Android Apps
- 24 API Hacking
- 25 Automatic Vulnerability Discovery Using Fuzzers
Adding to Your Automated Testing Toolkit
Automated testing tools like fuzzers or scanners can help you discover some bugs, but they often hinder your learning progress if you don’t take the time to understand how each tool in your testing toolkit works. Thus, before adding a tool to your workflow, be sure to take time to read the tool’s documentation and understand how it works. You should do this for all the recon and testing tools you use.
自动化测试工具(如 Fuzzer 或扫描器)可以帮助你发现一些漏洞,但是如果你不花时间理解测试工具包中每个工具的工作原理,它们往往会阻碍你的学习进程。因此,在将工具添加到工作流程之前,请确保花时间阅读工具的文档并理解其工作原理。对于您使用的所有侦查和测试工具都应该这样做。
Besides reading the tool’s documentation, I also recommend reading its source code if it’s open source. This can teach you about the methodologies of other hackers and provide insight into how the best hackers in the field approach their testing. Finally, by learning how others automate hacking, you’ll begin learning how to write your own tools as well.
除了阅读工具的文档之外,我还建议阅读其源代码(如果是开源的话)。这可以让你了解其他黑客的方法,并深入了解领域中最好的黑客如何进行测试。最后,学习其他人如何自动化黑客攻击,你也将开始学习如何编写自己的工具。
Here’s a challenge for you: read the source code of the tools Sublist3r ( https://github.com/aboul3la/Sublist3r/ ) and Wfuzz ( https://github.com/xmendez/wfuzz/ ). These are both easy-to-understand tools written in Python. Sublist3r is a subdomain enumeration tool, while Wfuzz is a web application fuzzer. How does Sublist3r approach subdomain enumeration? How does Wfuzz fuzz web applications? Can you write down their application logic, starting from the point at which they receive an input target and ending when they output their results? Can you rewrite the functionalities they implement using a different approach?
这是个挑战:阅读 Sublist3r (https://github.com/aboul3la/Sublist3r/) 和 Wfuzz (https://github.com/xmendez/wfuzz/) 工具的源代码。这两个都是用 Python 编写的易于理解的工具。Sublist3r 是一个子域名枚举工具,而 Wfuzz 是一个 Web 应用程序模糊测试工具。Sublist3r 如何处理子域名枚举?Wfuzz 如何模糊测试 Web 应用程序?您能写下它们的应用逻辑吗,从它们接收输入目标开始,直到输出结果结束?您能否使用不同的方法重新编写它们实现的功能?
Once you’ve gained a solid understanding of how your tools work, try to modify them to add new features! If you think others would find your feature useful, you could contribute to the open source project: propose that your feature be added to the official version of the tool.
一旦你掌握了工具的使用方法,尝试修改它们以新增功能!如果你认为其他人会觉得你的功能有用,你可以为开源项目做出贡献:建议将你的功能添加到工具的官方版本中去。
Understanding how your tools and exploits work is the key to becoming a master hacker. Good luck and happy hacking!
了解你的工具和攻击手段的工作方式是成为大师黑客的关键。祝你好运并愉快地进行黑客活动!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论