The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

perform some custom analysis of the application’s responses to help identify

interesting cases that may indicate the presence of a vulnerability or merit fur-

ther investigation. You can specify strings or regex expressions that responses

will be searched for. You can set customized strings to control extraction of

data from the server’s responses. And you can make Intruder check whether

each response contains the attack payload itself, to help identify cross-site

scripting and other response injection vulnerabilities.

Having configured payload positions, payload sources, and any required

analysis of server responses, you are ready to launch your attack. Let’s take a

quick look at how Intruder can be used to deliver some common bespoke

automated attacks.

Download 5,76 Mb.

Do'stlaringiz bilan baham: