I like webapps, don’t you? Webapps have got to be the best way to learn about security. Why? Because they’re self-contained and so very transparent.
You don’t need a big ol’ lab before you can play with them. You can run them in a single tiny VM or even tiny-er Docker image on your laptop. And so long as you’re attacking your own stuff, it’s easy to stay out of trouble. You’re up and running in the time it takes for a single download.
And the transparent part? Ever since “view source” in the earliest web browsers, it’s been easy to see exactly what’s going on in a webapp and in the browser. Every webapp you ever use has no choice but to give you the (client-side) source code! It’s almost like there’s no such thing as a “black box” webapp pentest if you think about it…
Anyhow – the Developer Tools in Firefox (and Chrome) are what happens when you take “view source” and add 25 years or so of creativity and power.
Maybe we’ll convince you that you can realistically do a big chunk of a webapp pentest without ever leaving the browser.
Join the BHIS Discord channel — https://discord.gg/aHHh3u5
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_HowToDeveloperToolsWebappPentesting.pdf
0:00 – A Shady-White Slideshow with “FREE TOOLS!” On the Sign
0:38 – The Way Back Machine
11:00 – Always Be Learning
18:01 – The Path to the Developer Tools
24:37 – Console Separately From a Window
30:40 – The Network Tab
36:23 – Storage Tab
38:20 – All The Cookies
40:38 – The Inspector Gadget Thingy
45:05 – Debugger
45:26 – Customize the Tools
45:36 – Console Tricks
Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.