Web hacking 101 How to Earn Money Hacking Ethically


Chapter Overview

Chapter 2
                     is an introductory background to how the internet works, including HTTP requests and responses and HTTP methods.

Chapter 3
                   covers Open Redirects, an interesting vulnerability that involves exploiting a site to direct users to visit another site which allows an attacker to exploit a user’s trust in the vulnerable site.

Chapter 4
                   covers HTTP Parameter Pollution and in it, you'll learn how to find systems that may be vulnerable to passing along unsafe input to third party sites.

Chapter 5
                     covers Cross-Site Request Forgery vulnerabilities, walking through examples that show how users can be tricked into submitting information to a website they are logged into unknowingly.

Chapter 6
                    covers HTML Injections and in it, you’ll learn how being able to inject HTML into a web page can be used maliciously. One of the more interesting takeaways is how you can use encoded values to trick sites into accepting and rendering the HTML you submit, bypassing filters.

Chapter 7
                      covers Carriage Return Line Feed Injections and in it, looking at examples of submitting carriage return, line breaks to sites and the impact it has on rendered content.

Chapter 8
                      covers Cross-Site Scripting, a massive topic with a huge variety of ways to achieve exploits. Cross-Site Scripting represents huge opportunities and an entire book could and probably should, be written solely on it. There is a tonne of examples I could have included here so I try to focus on the most interesting and helpful for learning.

Chapter 9
                      covers Server-Side Template Injection, as well as client-side injections. These types of vulnerabilities take advantage of developers injecting user input directly into templates when submitted using the template syntax. The impact of these vulnerabilities depends on where they occur but can often lead to remote code executions.

Chapter 10
                     covers structured query language (SQL) injections, which involve manipulating database queries to extract, update or delete information from a site...

Chapter 11
                        covers Server Side Request Forgery which allows an attacker to user a remote server to make subsequent HTTP requests on the attacker’s behalf

Chapter 12
                           covers XML External Entity vulnerabilities resulting from a sites parsing of extensible markup language (XML). These types of vulnerabilities can include things like reading private files, remote code execution, etc.

Chapter 13
                           covers Remote Code Execution, or the ability for an attacker to execute arbitrary code on a victim server. This type of vulnerability is among the most dangerous since an attacker can control what code is executed and is usually rewarded as such.

Chapter 14
                     covers memory-related vulnerabilities, a type of vulnerability that can be tough to find and are typically related to low-level programming languages. However, discovering these types of bugs can lead to some pretty serious vulnerabilities.

Chapter 15
                      covers Sub Domain Takeovers, something I learned a lot about researching this book and should be largely credited to Mathias, Frans, and the Dectectify team. Essentially here, a site refers to a subdomain hosting with a third-party service but never actually claims the appropriate address from that service. This would allow an attacker to register the address from the third party so that all traffic, which believes it is on the victim’s domain, is actually on an attacker’s.

Chapter 16
                       covers Race Conditions, a vulnerability that involves two or more processes performing action based on conditions that should only permit one action to occur. For example, think of bank transfers, you shouldn’t be able to perform two transfers of $500 when your balance is only $500. However, a race condition vulnerability could permit it.

Chapter 17
                       covers Insecure Direct Object Reference vulnerabilities whereby an attacker can read or update objections (database records, files, etc) which they should not have permission to.

Chapter 18
                        covers application logic based vulnerabilities. This chapter has grown into a catch-all for vulnerabilities I consider linked to programming logic flaws. I’ve found these types of vulnerabilities may be easier for a beginner to find instead of looking for weird and creative ways to submit malicious input to a site.

Chapter 19
                          covers the topic of how to get started. This chapter is meant to help you consider where and how to look for vulnerabilities as opposed to a step by step guide to hacking a site. It is based on my experience and how I approach sites...

Chapter 20
                       is arguably one of the most important book chapters as it provides advice on how to write an effective report. All the hacking in the world means nothing if you can’t properly report the issue to the necessary company. As such, I scoured some big-name bounty paying companies for their advice on how best to report and got advice from Hacker One. Make sure to pay close attention here.

Chapter 21
                       switches gears. Here we dive into recommended hacking tools. The initial draft of this chapter was donated by Michiel Prins from Hacker One. Since then it’s grown to a living list of helpful tools I’ve found and used.

Chapter 22
                        is dedicated to helping you take your hacking to the next level. Here I walk you through some awesome resources for continuing to learn. Again, at the risk of sounding like a broken record, big thanks to Michiel Prins for contributing to the original list which started this chapter.

Chapter 23
                           concludes the book and covers off some key terms you should know while hacking. While most are discussed in other chapters, some aren’t so I’d recommend taking a read here.








Also, Subscribe to my youtube channel