Cyber Security - Lab 4

 

Practical No.	Practical Name	Session
1	Burp Configuration	Session 1
2	Reconnaissance
3	Manual Testing – Part 1	Session 2
4	Manual Testing – Part 2
5	Kali Linux - tools	Session 3

Practical Session 1 Burp Configuration

Practical Title: Configure the proxy and capture the request

Problem statement   Need to configure the proxy certificate on the browser.

Instructions            Install burp suite          Configure proxy host          Install burp suite certificate

Objective: By the end of this practical, you will be able to successfully capture the requests and edit / modify the same Software/s required, if any: 1. Burp Suite Version 2. ZAP  Version: Hardware required, if any: ___________NA_____ External references, any Burp Suite site : https://cdn.ttgtmedia.com/rms/pdf/SearchSecurity.in_Burp_%20Suite_tutorial_Part_01.pdf

Practical Session 2 Reconnaissance

Practical Title: Reconnaissance

Problem statement   Perform reconnaissance, and gather the following information about the web application – ·         Open Ports ·         Server/Hosting Details ·         Subdomains ·         Security Header Details

Instructions ·         You can user different tools or method to find out above mentioned details.

Objective: By the end of this practical, you will be able to gather information about the host Software/s required, if any: Nmap and Miscellaneous   Hardware required, if any: NA External references, any https://nmap.org/book/port-scanning-options.html

 

Practical Session 3 Manual Testing – Part 1

Practical Title: Test the scope website to identify vulnerabilities

Problem statement   Manual assessment of below vulnerabilities:   ·         Cross Site Scripting ·         HTML Injection ·         SQL Injection

Instructions   Follow the step-by-step approach towards this as explained in the class.

Objective: By the end of this practical, you will be able to successfully exploit the Vulnerabilities. Software/s required, if any: 1. Burp Suite Version 2. ZAP  Version Hardware required, if any: ___________NA_____________________________________________________________ External references, any https://portswigger.net/support/using-burp-to-manually-test-for-reflected-xss https://portswigger.net/support/using-burp-to-test-for-cross-site-request-forgery https://portswigger.net/support/using-burp-to-detect-sql-injection-flaws

  

Practical Session 4 Manual Testing – Part 2

Practical Title: Test the scope website to identify vulnerabilities

Problem statement   Manual assessment of below vulnerabilities:   ·         Directory Listing ·         Improper Error Handling ·         Default Credentials ·         CSRF

Instructions   Follow the step-by-step approach towards this as explained in the class.

Objective: By the end of this practical, you will be able to successfully exploit the Vulnerabilities. Software/s required, if any: 1. Burp Suite Version 2. ZAP Version Hardware required, if any: ___________NA_____________________________________________________________ External references, any https://portswigger.net/support/using-burp-to-manually-test-for-reflected-xss https://portswigger.net/support/using-burp-to-test-for-cross-site-request-forgery https://portswigger.net/support/using-burp-to-detect-sql-injection-flaws

  

Practical Session 5 Kali Linux Tools

Practical Title: Exploring Kali Linux operating system

Problem statement   Exploit Vulnerabilities using tools in Kali Linux ·         SQLMAP ·         Nmap ·         Nessus ·         Information Gathering tools

Instructions   Follow the step-by-step approach towards this as explained in the class.

Objective: By the end of this practical, you will be able to successfully exploit the vulnerabilities. Software/s required, if any: 1. Kali Linux OS Hardware required, if any: ___________NA_____________________________________________________________ External references, any https://www.tutorialspoint.com/kali_linux/index.htm