Web Attacks

Tools

Tool	Details
BurpSuite Burpsuite-Professional	Web Proxy Extensions: (Active Scan++, Param Miner, Reflected Parameters, HTTP Request Smuggler, Content Type Converter, JS Miner, JS Link Finder, Software Vulnerability Scanner, Retire.js, Autorize, JSON Web Tokens, Upload Scanner, Backslash Powered Scanner, Hackvertor, Turbo Intruder, Scan manual insertion point, Server-Side Prototype Pollution Scanner, JWT Editor, Web Cache Deception Scanner, Agartha, IIS Tilde Enumeration Scanner) (Burp Clickbandit, Generate CSRF PoC, DOM Invader) Custom Scan: Burp-Suite-Pro-Scan-Profiles
ZAP	Web Proxy Open Source
Caido	Other Web Proxy
Postman	Used to test APIs. CTRL + SHIFT + I pm.settings.setSetting("offlineAPIClientEnabled",0) pm.mediator.trigger("hideUserSwitchingExperienceModal")

Checks

• Set Target

• WAF

  • wafw00f

• Web scan

  • nikto, wpscan, etc.

• Generic Content Discovery

• Generic Active Scan

• Test:

  • Login / Authentication Method

    • JWT

    • OAuth 2.0

    • Request without Auth

  • Headers

    • Security Headers

    • Host Headers

    • CORS

    • Scan for Hidden Headers

  • Unencrypted Comunications

  • Authorization Mechanisms

    • BAC

    • IDOR

  • Different Method

    • Verb Tampering

    • Trace, Debug, etc.

  • Information Disclosure

  • Request Smuggling

  • API

  • Web Cache Poisoning/Deception

  • Outdated Software

    • Search for CVE and Exploit

  • Parameter

    • Active Scan on specific insertion point

      • Use custom scan

    • IDOR

    • SQLi

      • sqlmap

    • NoSQLi

    • XSS

    • XXE

      • Content-Type converter

    • CSRF

    • SSTI

    • Command Injection

    • Insecure Deserializaion

    • File Inclusion/Path Traversal

    • Unrestricted File Upload

    • Prototype Pollution