Firefox Web App Secc Add-Ons

Firefox browser'ına kurulan ve web güvenliği taramalarında kullanılacan / yardımcı olan eklentiler listelenir. Bu liste yeni eklentiler öğrenildikçe güncellenecektir. Ayrıca eklentilerin ne işe yaradığı da zamanla ilave edilecektir.

• Add N Edit Cookies
• Cookie Monster
• DOM Inspector
• Firebug
• FoxyProxy
• Groundspeed
• Live HTTP Headers
• Web Developer

Burp Intruder Attack Types

• Sniper:
• Uses a single set of payloads.
• It targets each position in turn, and inserts each payload into that position in turn. Positions which are not targeted during a given request are not affected – the position markers are removed and any text which appears between them in the template remains unchanged.
• This attack type is useful for testing a number of data fields individually for a common vulnerability (e.g. cross-site scripting).
• Total number of requests = number of positions * number of payloads in the payload set.
• Battering Ram:
• This uses a single set of payloads.
• It iterates through the payloads, and inserts the same payload into all of the defined positions at once.
• This attack type is useful where an attack requires the same input to be inserted in multiple places within the HTTP request (e.g. a username within the Cookie header and within the message body).
• Total number of requests = number of payloads in the payload set.
• Pitch Fork:
• This uses multiple payload sets. There is a different payload set for each defined position (up to a maximum of 8).
• The attack iterates through all payload sets simultaneously, and inserts one payload into each defined position. I.e., the first request will insert the first payload from payload set 1 into position 1 and the first payload from payload set 2 into position 2; the second request will insert the second payload from payload set 1 into position 1 and the second payload from payload set 2 into position 2, etc.
• This attack type is useful where an attack requires different but related input to be inserted in multiple places within the HTTP request (e.g. a username in one data field, and a known ID number corresponding to that username in another data field). 
• Total number of requests = number of payloads in the smallest payload set.
• Cluster Bomb:
• This uses multiple payload sets. There is a different payload set for each defined position (up to a maximum of 8).
• The attack iterates through each payload set in turn, so that all permutations of payload combinations are tested. I.e., if there are two payload positions, the attack will place the first payload from payload set 1 into position 1, and iterate through all the payloads in payload set 2 in position 2; it will then place the second payload from payload set 1 into position 1, and iterate through all the payloads in payload set 2 in position 2.
• This attack type is useful where an attack requires different and unrelated input to be inserted in multiple places within the HTTP request (e.g. a username in one parameter, and an unknown password in another parameter).
• Total number of requests = product of the number of payloads in all defined payload sets (This may be extremely large)