Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests

Описание к видео Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests

Join us in the Black Hills InfoSec Discord server here:   / discord   to keep the security conversation going!

Learn modern webbapp pentesting with BB King from Antisyphon
Training: https://www.antisyphontraining.com/mo...

0:00 - A Shady-White Slideshow with "FREE TOOLS!" On the Sign
0:38 - The Way Back Machine
11:00 - Always Be Learning
18:01 - The Path to the Developer Tools
24:37 - Console Separately From a Window
30:40 - The Network Tab
36:23 - Storage Tab
38:20 - All The Cookies
40:38 - The Inspector Gadget Thingy
45:05 - Debugger
45:26 - Customize the Tools
45:36 - Console Tricks

Description: Like webapps, don't you? Webapps have got to be the best way to learn about security. Why? Because they're self-contained and so very transparent.

You don't need a big ol' lab before you can play with them. You can run them in a single tiny VM or even tiny-er Docker image on your laptop. And so long as you're attacking your own stuff, it's easy to stay out of trouble. You're up and running in the time it takes for a single download.

And the transparent part? Ever since "view source" in the earliest web browsers, it's been easy to see exactly what's going on in a webapp and in the browser. Every webapp you ever use has no choice but to give you the (client-side) source code! It's almost like there's no such thing as a "black box" webapp pentest, if you think about it...

Anyhow - the Developer Tools in Firefox (and Chrome) are what happens when you take "view source" and add 25 years or so of creativity and power.

We'll look at the Developer Tools in the latest Firefox with a pentester's eye. Inspect and change the DOM (Document Object Model), take screenshots, find and extract key bits of data, use the console to run Javascript in the site's origin context and even pause script execution in the debugger if things go too fast...

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-...

Black Hills Infosec Socials
Twitter:   / bhinfosecurity  
Mastodon: https://infosec.exchange/@blackhillsi...
LinkedIn:   / antisyphon-training  
Discord:   / discord  

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.mysh...

Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/ser...
Penetration Testing: https://www.blackhillsinfosec.com/ser...
Incident Response: https://www.blackhillsinfosec.com/ser...

Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pa...
Live Training: https://www.antisyphontraining.com/co...
On Demand Training: https://www.antisyphontraining.com/on...

Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube:    / wildwesthackinfest  
Active Countermeasures YouTube:    / activecountermeasures  
Antisyphon Training YouTube:    / antisyphontraining  

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

#bhis #infosec

Комментарии

Информация по комментариям в разработке

Похожие видео