Ethical Hacking Tools

Hacking tools, if used properly and legally,  are mostly tools used for web testing and debugging. Thus, they are sometimes called "ethical hacking tools".

3 Ways of Hacking Web Applications

  • GUI-based Hacking: Using the GUI of browser or its extensions, directly manipulating the applications.
  • URI Hacking: Tampering with the URL.
  • HTTP Hacking: Tampering with HTTP elements such as methods, headers, and body not contained in the URL.

Ethical Hacking Tools

   The Web Browsers
  • The web browser is the basic tool to perform web applications attack, because it is the designated, end-user oriented front-end that communicates with the back-end.
  • The attack is done through tampering the URL in the address bar.
  • There are two drawbacks:
    • Some browsers are designed to trim user URL from behind-the-scenes. For instance, both IE and Firefox strip out dot-dot-slashes.
    • The contents of PUT requests cannot be manipulated directly from the address bar.
   Browser Extensions
   HTTP Proxies
  • They are stand-alone programs (not plug-ins) that run as a local HTTP service to intercept HTTP/S communications and enable the use to analyze or tamper with the data before submitting.
  • They are capable of analyzing and tampering with non-browser HTTP clients.
  • Burp Suite, a Java application, is a popular HTTP proxy that contains different tools, such as a proxy server, a web spider, an intruder and a so-called repeater, with which requests can be automated. Demo
   Command-line Tools
  • They are good for scripting and iterative attacks and they can work on the data packets, but require knowledge of proprietary command language.

List of Tools

    SQL Injection
    Cross-Site Scripting
    IE Extensions
    Firefox Extensions
    HTTP/S Proxy Tools
    Command-line HTTP/S Tools
   Web Authentication
    XML Web Services