Objective

Test the security of your WiFi password by attacking it

Distributions

This will work with any Linux distribution, but it's recommended that you use Kali.

Requirements

A working Linux distribution with a WiFi adapter and root privileges.

Difficulty

Easy

Conventions

  • # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - requires given linux commands to be executed as a regular non-privileged user

Introduction

Most people have terrible passwords, and WiFi is no exception. Your WiFi password is your primary line of defense against unwanted access to your network. That access can result in a whole host of other nasty things because an attacker can monitor the traffic on your network and even gain direct access to your computers.

The best way to prevent such an intrusion is to use the same tools an attacker would to test the security of your WiFi password.

burp web penetration testing guide

Introduction

It's important to remember that Burp Suite is a software suite, and that's why a whole series was needed to cover even just the basics. Because it is a suite, there are also more tools bundled in that work in conjunction with one another and the proxy that you're already familiar with. These tools can make testing any number of aspects of a web application much simpler.

This guide isn't going to go into every tool, and it isn't going into too much depth. Some of the tools in Burp Suite are only available with the paid version of the suite. Others generally aren't used as frequently. As a result, some of the more commonly used ones were selected to give you the best practical overview possible.

All of these tools can be found on the top row of tabs in Burp Suite. Like the proxy, many of them has sub-tabs and sub-menus. Feel free to explore before getting into the individual tools.

brute force test penetration web kali burp

Introduction

In this third part of the Burp Suite series, you will learn how to actually collect proxied traffic with Burp Suite and use it launch and actual brute force attack. It will run somewhat parallel to our guide on Testing WordPress Logins with Hydra. In this case, though, you will use Burp Suite to gather information on WordPress.

The purpose of this guide is to illustrate how the information gathered by Burp Suite's proxy can be used to conduct a penetration test. Do Not use this on any machines or networks that you do not own.

For this guide, you will also need Hydra installed. It's not going to go into depth on how to use Hydra, you can check out our Hydra SSH guide for that. Kali Linux already has Hydra installed by default, so if you're using Kali, don't worry. Otherwise, Hydra should be in your distro's repositories.

web penetration testing tool on kali linux

Introduction

In this second part of the Burp Suite series you will lean how to use the Burp Suite proxy to collect data from requests from your browser. You will explore how an intercepting proxy works and how to read the request and response data collected by Burp Suite.

The third part of the guide will take you through a realistic scenario of how you would use the data collected by the proxy for a real test.

There are more tools built in to Burp Suite that you can use the data that you collect with, but those will be covered in the fourth and final part of the series.

burp web penetration testing guide

Introduction

When it comes to testing the security of web applications, you'd have a hard time finding a set of tools better than Burp Suite from Portswigger web security. It allows you to intercept and monitor web traffic along with detailed information about the requests and responses to and from a server.

There are way too many features in Burp Suite to cover in just one guide, so this one will be broken down into four parts. This first part will cover setting up Burp Suite and using it as a proxy for Firefox. The second one will cover how to gather information and use the Burp Suite proxy. The third part goes into a realistic testing scenario using information gathered through the Burp Suite proxy. The fourth guide will cover many of the other features that Burp Suite has to offer.

In this guide, you will practice using Burp Suite on a self-hosted instance of WordPress. If you need help setting it up, check out your Debian guide.

ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME or create a JOB ALERT on LinuxCareers.com job portal.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.