Getting started with browsers for security testing

Others 2020-04-18 14:22:46 views: null

Introduction to safety testing

Different browsers have different security features, which can cause a vulnerability to trigger different effects on different browsers. This is a compatibility problem in different browsers.

Chrome + Firefox + IE combination
Change the default security test of the browser according to the test needs

How to modify security settings, normal operation

This is mainly to allow the operation of JavaScript and allow pop-up windows. During the xss test, if the pop-up window is not open, the xss script may be intercepted

Common functions for safety testing

  1. Clear the cache:
    Many web browsers have the function of remembering passwords, which leads to users not having to enter the password every time they visit, but for the development and testing of the login interface, this is troublesome because browsing The device records the cache information of the user's login, and the access is successful with one click, so sometimes the cache information affects the test.
    Clear browsing history.
    Incognito mode (incognito window): This will not record cache information and operation traces, browsing history and cookie information.
  2. View webpage source code
    Right mouse button-> view webpage source code, or enter veiw-source in URL: URL
  3. Developer tools: shortcut key F12
  4. Locate the DOM element:
    F12-> Click the small arrow box on the left side of the developer toolbar-> select an area on the page

For example: a hacker clearance game www.hackthissite.org
login: account, password

Browser plugin acquisition

Introduction of commonly used plug-ins:

  1. Hackbar:
    Provides the function of quickly constructing HTTP requests and various encoding conversions.
    Insert picture description here
    However, this Hackbar is expensive after version 2.1.3. If you have resources, you can download version 2.1.3 to use it. I recommend Max here Hackbar (free), the functional interface is almost the same.

  2. Cookie Quick Manager:
    Provides the browser with the ability to quickly modify, add, and delete cookies. The
    xss vulnerability can obtain other user credential information in the cookie. Here, the obtained user credential information can be added to the current session through the editing function of the cookie manager.
    Insert picture description here
    Tips:
    Through the two plug-ins Hackbar and Cookie Quick Manager, we can construct and forge most of the common requests.

  3. Proxy SwitchyOmega:
    used to set proxy, combined with packet capture tool

Rookie Xiaobai's growth path
Published 19 original articles · Like1 · Visits 374
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_45798017/article/details/105130676
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com