# Web Attacks

## Tools

<table><thead><tr><th width="177">Tool</th><th>Details</th></tr></thead><tbody><tr><td><a href="https://portswigger.net/burp">BurpSuite</a><br><br><a href="https://github.com/xiv3r/Burpsuite-Professional">Burpsuite-Professional</a></td><td>Web Proxy<br><mark style="color:blue;">Extensions</mark>:<br><em>(Active Scan++, Param Miner, Reflected Parameters, HTTP Request Smuggler, Content Type Converter, JS Miner, JS Link Finder, Software Vulnerability Scanner, Retire.js, Autorize, JSON Web Tokens, Upload Scanner, Backslash Powered Scanner, Hackvertor, Turbo Intruder, Scan manual insertion point, Server-Side Prototype Pollution Scanner, JWT Editor, Web Cache Deception Scanner, Agartha, IIS Tilde Enumeration Scanner)</em><br><em>(Burp Clickbandit, Generate CSRF PoC, DOM Invader)</em><br><mark style="color:blue;">Custom Scan</mark>:<br><a href="https://github.com/TheGetch/Burp-Suite-Pro-Scan-Profiles">Burp-Suite-Pro-Scan-Profiles</a></td></tr><tr><td><a href="https://www.zaproxy.org/">ZAP</a></td><td>Web Proxy Open Source</td></tr><tr><td><a href="https://caido.io/">Caido</a></td><td>Other Web Proxy</td></tr><tr><td><a href="https://www.postman.com/">Postman</a></td><td>Used to test APIs.<br><code>CTRL + SHIFT + I</code><br><code>pm.settings.setSetting("offlineAPIClientEnabled",0)</code> <code>pm.mediator.trigger("hideUserSwitchingExperienceModal")</code></td></tr><tr><td><a href="https://beefproject.com/">BeEF</a></td><td>BeEF is short for The Browser Exploitation Framework.<br>It is a penetration testing tool that focuses on the web browser.</td></tr></tbody></table>

## Checks

* Set Target
* WAF
  * wafw00f
* Web scan
  * nikto, wpscan, etc.
* Generic Content Discovery
* Generic Active Scan
* Test:
  * Login / Authentication Method
    * Anti Brute Force
    * JWT
    * OAuth 2.0
    * Request without Auth
  * Cookie Flags & Local Storage
  * Headers
    * Security Headers
    * Host Headers
    * CORS
    * Scan for Hidden Headers
  * Unencrypted Comunications
  * Authorization Mechanisms
    * BAC
    * IDOR
  * Different Method
    * Verb Tampering
    * Trace, Debug, etc.
  * Information Disclosure
  * Request Smuggling
  * API
  * Web Cache Poisoning/Deception
  * Outdated Software
    * Search for CVE and Exploit
  * Parameter
    * Active Scan on specific insertion point
      * Use custom scan&#x20;
    * IDOR
    * SQLi
      * sqlmap
    * NoSQLi
    * XSS
    * XXE
      * Content-Type converter
    * CSRF
    * SSTI
    * Command Injection
    * Insecure Deserializaion
    * File Inclusion/Path Traversal
    * Unrestricted File Upload
    * Prototype Pollution


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ivalexev.gitbook.io/rednote/pentesting-process/web-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.