Tải bản đầy đủ - 0trang
8 Installing the ViewState Decoder
2.9 Installing cURL
The cURL tool is a command-line utility that supports an array of web protocols and
components. It can be used as a browser-without-a-browser; it implements browserlike features, yet may be called from any ordinary shell. It handles cookies, authentication, and web protocols better than any other command-line tool.
To Install cURL, navigate to http://curl.haxx.se/download.html.
Select the download option appropriate to your operating system, download the zip
file, and unzip it to the location of your choice.
Navigate to that directory in a terminal or shell, and you may execute cURL from there.
Like many command-line utilities, cURL has a great number of options and arguments.
cURL’s authors recognized this and put together a brief tutorial, available at http://curl
You may also download cURL as part of your Cygwin installation.
2.10 Installing Pornzilla
Pornzilla isn’t an individual tool, but rather a collection of useful Firefox bookmarklets
and extensions. While ostensibly this collection is maintained for more prurient purposes, it provides a number of convenient tools useful for web application security
Pornzilla is not installed as a cohesive whole. You may find all of the components at
To install a bookmarklet, simply drag the link to your bookmark toolbar or bookmark
To install an extension, follow the links and install the extension as you would any
24 | Chapter 2: Installing Some Free Tools
The collection of tools really does provide a number of convenient abilities, unrelated
to the intended use of the collection itself. For example:
• RefSpoof modifies HTTP Referer information, possibly bypassing insecure login
• Digger is a directory traversal tool.
• Spiderzilla is a website spidering tool.
• Increment and Decrement tamper with URL parameters.
None of these tools will install, download, or display pornography unless specifically used for that purpose. None of the individual bookmarklets or extensions contain inappropriate language, content, or
instructions. We assure you that the tools themselves are agnostic; it is
the use of the tools that determines what is displayed. The tools themselves do not violate any U.S. obscenity laws, although they may violate
2.11 Installing Cygwin
Cygwin allows you to use a Linux environment within Windows. It is useful for running
all the utilities and scripts built for Linux, without having requiring a full Linux installation. It’s not only useful to have around, it’s necessary to install other tools we
If you’re already working on a Unix, Linux, or Mac OS machine—you don’t need
Cygwin. You already have the environment you need via the standard terminal.
Download the Cygwin installer from http://www.cygwin.com/, and execute it.
Select the “Install from the Internet” option when asked to choose an installation type.
You may select where to install Cygwin—note that this will also set the simulated root
directory, when accessed from within Cygwin. Once you’ve set appropriate options
regarding users and your Internet connection, you’ll need to select a mirror for downloading packages.
Packages are all the various scripts and applications pre-compiled and available for
Cygwin. All of the mirrors should be identical; pick whichever one works for you. If
one is down, try another. Cygwin will then download a list of available packages. It
presents the packages available in a hierarchy, grouped by functionality. Figure 2-2
2.11 Installing Cygwin | 25
Figure 2-2. Selecting Cygwin packages
shows the package selection list. We recommend you select the entire Perl directory,
as well as the curl and wget applications from the web directory.
You may also download development tools and editors of your choice, particularly if
you’d like to compile other applications or write custom scripts from within the Linux
Once you’ve selected the appropriate packages, Cygwin will download and install them
automatically. This can take some time. Once the installation is complete, fire up the
Cygwin console and you may use any of the installed packages.
Run Cygwin setup again at any time to install, modify, or removes packages, using the
exact same sequence as the first install.
Cygwin provides a Unix-like environment from within Windows, without requiring a
restart, dual-boot, or virtualized machine. This does mean that binaries compiled for
other Unix variants will not necessary work within Cygwin; they will need to be recompiled for or within Cygwin itself.
In order to create a Unix-compatible file structure, Cygwin will consider the folder
where it is installed as the root folder, and then provide access to your other drives and
folders via the cygdrive folder.
26 | Chapter 2: Installing Some Free Tools
Note that Cygwin lacks many of the protections associated with partitioned, dual-boot
environments or virtual machines. Within Cygwin, you have access to all of your files
and folders. There will be nothing to prevent you from modifying these files, and actions
may be irreversible. For those of you used to the Windows environment, note that there
isn’t even a Recycle Bin.
2.12 Installing Nikto 2
Nikto is the most widely used of the few open source, freely available web vulnerability
scanners. It comes configured to detect a variety of problems with minimal manual
Nikto is, at heart, a Perl script. Download it at http://www.cirt.net/nikto2.
You’ll need to unzip that package and run Nikto from within Cygwin (see Recipe 2.11) or another Unix-like environment.
Nikto has one external dependency, which is the LibWhisker module. You may download the latest version of LibWhisker at http://sourceforge.net/projects/whisker/.
Once you’ve unzipped both files into the same directory, you may call Nikto via Perl
from the command line, as in:
perl nikto.pl -h 192.168.0.1
Nikto is quite extensible, and is built to incorporate tests beyond just the basic functionality. For details on integration Nikto with Nessus, SSL, or NMAP, see Nikto’s
documentation at http://cirt.net/nikto2-docs/index.html.
From a testing perspective, Nikto serves as an automation script that has been written
for you. For the tests that is is built to handle, it will test faster and with more combinations than you could. It frees you to focus your intuition and efforts into more complex or risky areas. On the other hand, running a set of stock automated tests doesn’t
guarantee high accuracy or coverage. It may not find a high percentage of bugs. When
it does identify issues, they may not be true problems, and will require some investigation. It is not truly a “fire-and-forget” solution—you’ll have to investigate the results
and determine if what it found was useful.
2.12 Installing Nikto 2 | 27
2.13 Installing Burp Suite
The Burp Suite is a collection of web application security tools, not unlike OWASP’s
WebScarab. It includes components to intercept, repeat, analyze, or inject web application requests.
Download the Burp Suite from http://portswigger.net/suite/download.html.
Unzip the Burp Suite folder, and run the JAR file. The JAR file typically has the version
number in it, like burpsuite_v1.1.jar. As a Java application, it shouldn’t matter which
operating system you’re using, as long as you have the Java Runtime Environment
The Burp Suite is the “least free” tool we recommend. It is not open source, and the
Intruder component is disabled until you purchase a license. While the Intruder component is necessary to develop complex attacks for penetration testing, the basic functionality is more than enough if your goal is not to fully exploit the application.
The Burp Suite combines several tools:
Intercepts requests, just like any other web proxy. It is the starting point for using
the rest of Burp Suite.
Will crawl your web application, logging each page it touches. It will use supplied
credentials to log in, and it will maintain cookies between connections.
Performs analysis on the predictability of session tokens, session identifiers, or
other keys that require randomness for security.
Allows one to tweak and resubmit a previously recorded request.
2.14 Installing Apache HTTP Server
The Apache HTTP Server is an open source web server that is currently the most popular HTTP server on the World Wide Web. You may need to set up an HTTP server
to carry out some of the advanced cross-site scripting (XSS) exploits discussed in
28 | Chapter 2: Installing Some Free Tools