Dr. Hidaia Mahmood Alassouli & Dr. Hidaia Mahmood Alassouli 
Penetration Testing of Computer Networks Using Burpsuite and Various Penetration Testing Tools 

Burp Suite is an integrated platform/graphical tool for performing security testing of web applications. Burp suite is a java application that can be used to secure or crack web applications. The suite consists of different tools, like a proxy server, a web spider an intruder and a so-called repeater, with which requests can be automated. You can use Burp’s automated and manual tools to obtain detailed information about your target applications.
Damn Vulnerable Web App (DVWA) is a PHP/My SQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
In this report I am using a combination of Burp tools to detect and exploit vulnerabilities in Damn Vulnerable Web App (DVWA) with low security. By default, Burp Scanner scans all requests and responses that pass through the proxy. Burp lists any issues that it identifies under Issue activity on the Dashboard. You can also use Burp Scanner to actively audit for vulnerabilities. Scanner sends additional requests and analyzes the application’s traffic and behavior to identify issues.
Various examples are outlined in this report for different types of vulnerabilities such as: SQL injection, Cross Site Request Forgery (CSRF), Cross-site scripting, File upload, Local and Remote File Inclusion. I tested various types of penetration testing tools in order to exploit different types of vulnerabilities. The report consists from the following parts:
1. Installing and Configuring Burp Suite
2. Burp Suite Intruder.
3. Installing XMAPP and DVWA App in Windows System.
4. Installing PHP, My SQL, Apache2, Python and DVWA App in Kali Linux.
5. Scanning Kali-Linux and Windows Using .
6. Understanding Netcat, Reverse Shells and Bind Shells.
7. Adding Burps Certificate to Browser.
8. Setting up Target Scope in Burp Suite.
9. Scanning Using Burp Suite.
10. Scan results for SQL Injection Vulnerability with Burp Suite and Using SQLMAP to Exploit the SQL injection.
11. Scan Results for Operating System Command Injection Vulnerability with Burp Suite and Using Commix to Exploit the OS Command Injection.
12. Scan Results for Cross Side Scripting (XSS) Vulnerability with Burp Suite, Using Xserve to exploit XSS Injection and Stealing Web Login Session Cookies through the XSS Injection.
13. Exploiting File Upload Vulnerability.
14: Exploiting Cross Site Request Forgery (CSRF) Vulnerability.
15. Exploiting File Inclusion Vulnerability.
16. References.

Mengenai Pengarang

I am Dr. Hidaia Mahmood Mohamed Alassouli. I completed my Ph D degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from Gaza Strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator. I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering. I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http://www.anticorruption.000space.com I am an Author publishing books on kdp.amazon.comand many other book stores such as Google, Apple.com, writinglife.kobo.com, Lulu.com, feiyr.com, blurb.com, bookrix.com, barnesandnoble.com, notionpress.com, ingramspark.com and others . My personal website: http://www.hidaia-alassouli.000space.com My Amazon Author Central: https://www.amazon.com/-/e/B07BH5HS7LEmail: hidaia_alassouli@hotmail.com