Thursday, November 7, 2013

5 Best Tools For Hacking Web Applications

In an earlier post, I listed the top 10 general hacking tools. This time, I have listed 5 of the best tools specifically  to hack websites and web applications. Most of these tools are free and are very easy to use.
 If you want to hack a website or web application, knowledge of PHP, ASP, SQL etc are necessary. If you know these languages and technologies, you will be able to hack the website without the need for any tool. These tools make the life of a hacker easy by automating the tasks.
                                                              Image courtesy of chanpipat/
So, here is the list of the top 5 web application hacking tools. Starting off with..

Burp suite is a web proxy tool that can be used to test web application security. It can brute force any login form in a browser. You can edit or modify GET and POST data before sending it to the server. It can also be used to automatically detect SQL injection vulnerabilities. It is a good tool to use both under Windows and Linux environments. It is free, however, if you need the advanced features, you can always buy the premium version.

Acunetix Web Vulnerability Scanner provides a comprehensive environment to automatically  scan a website for vulnerabilities.  It scans the web application as well as the web server. Once Acunetix identifies the vulnerabilities in the website, you can go ahead and exploit it manually or use any of the other tools in this list.  Acunetix is however, a paid software, but if you are resourceful, you will know where to get it for free ;)

ZAP  OWASP is similar to Burp Suite in functionality. However, ZAP is completely free.
According to the official website:
"The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing."

4. Havij

Havij is one of the best Automatic SQL injection tools. It is extremely easy to use, thanks to its GUI. All you have to do is provide a vulnerable link to Havij, and it will spew out database details such as tables, columns and rows.

Mozilla Firefox is a web browser. Why then, is it in this list? That is because every web application hacking will take place through a web browser. And what better browser than Firefox? Google Chrome is too simplistic, Internet explorer is too buggy and slow. Firefox is the preferred web hacking tool because it is fast, supports proxy (to be used with Burp Suite) and supports many  plug-ins  such as cookie editor.

Not successful in hacking that website? Crash it instead with my other article How to perform denial of service to crash a website.