Explore a comprehensive 44-minute conference talk from AppSecUSA 2017 that introduces HUNT, a powerful Burp Suite extension designed to enhance web hacking and manual testing. Learn how this data-driven tool leverages real-world vulnerability data to provide parameter-level suggestions for identifying critical issues like SQL Injection, Command Injection, and File Inclusion vulnerabilities. Discover how HUNT aims to organize common web hacking methodologies within Burp Suite, making it easier to assess large, complex applications more thoroughly. Gain insights into the tool's core functionality, data-driven design, and its potential to turbocharge web hacking without sacrificing efficiency.
HUNT: Data-Driven Web Hacking and Manual Testing
Overview
Syllabus
Intro
Contributions
The Problems
Current Solutions
Introducing HUNT
Level 1 - HUNT Scanner
Bug Location (Tribal Knowledge)
Vulnerability Locations
Advisory
SQL Injection
Server Side Request Forgery AAA
Insecure Direct Object Reference
Server Side Template Injection
Debug & Logic Parameters
HUNT Scanner Implementation
Level 2 - HUNT Methodology
Methodologies
Description
Multiple Request/Response
Resources
Notes
Methodology Implementation
Plugin Installation
Installation - Plugin
Setting Target Scope
Setting Passive Scanner Scope
Running the Passive Scanner
Scanner Extensibility
Methodology Extensibility
Taught by
OWASP Foundation
Related Courses
-
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
4.6 -
Web Security Academy Learning Path
-
Learn web application penetration testing from %00
-
Offensive Hacking Unfolded - Become a Pro Pentester
-
Penetration Testing and Ethical Hacking
-
Complete Website Ethical Hacking and Penetration Testing
