Footprirvting a Target Network .p15

Lab 8

Collecting Information about a Target Website Using Firebug

Firebug integrates nith F1'refox, providing a lot of development tools all on 'ingjon to
edit, debug, and monitor CSS, HTML, and JavaScript live in any n ׳eb page.

Lab Scenario

As you all know, email is one of the important tools that has been created. Unfortunately, attackers have misused emails to send spam to communicate 111 secret and lude themselves behind the spam emails, while attempting to undermine business dealings. 111 such instances, it becomes necessary for penetration testers to trace an email to find the source of email especially where a crime has been committed using email. You have already learned in the previous lab how to find the location by tracing an email using eMailTr acker Pro to provide such information as city, state, country, etc. from where the email was acftiallv sent.

The majoritv of penetration testers use the Mozilla Firefox as a web browser tor their pen test activities. In tins lab, you will learn to use Firebug for a web application penetration test and gather complete information. Firebug can prove to be a useful debugging tool that can help you track rogue JavaScript code on servers.

Lab Objectives

The objective of dus lab is to help sftidents learn editing, debugging, and monitoring CSS, HTML, and JavaScript 111 any websites.

Lab Environment

111 the lab, you need:

■ A web browser with an Internet connection
■ Administrative privileges to run tools
■ Tins lab will work 111 the CEH lab environment - on Windows Server 2012, Windows 8, Windows Server 2008, and Windows 7

Lab Duration

Tune: 10 Minutes

Overview of Firebug

Firebug is an add-on tool for Mozilla Firefox. Running Firebug displays information such as directory structure, internal URLs, cookies, session IDs, etc.

Lab Tasks

1. To launch the Start menu, hover the mouse cursor in the lower-left corner of the desktop

FIGURE 8.1: Windows Server 2012 — Desktop view

2. Oil the Start menu, click Mozilla Firefox to launch the browser

FIGURE 8.2: Windows Server 2012—Apps

3. Type the URL https://getfirebug.com 111 the Firefox browser and click Install Firebug

FIGURE 8.3: Windows Server 2012 - Apps

4. Clicking Install Firebug will redirect to the Download Firebug page Click the Download link to install Firebug

FIGURE 8.4: Windows Server 2012—Apps

5. On the Add-Ons page, click the button Add to Firefox to initiate the Add-On installation

FIGURE 8.5: Windows Server 2012 — Apps

6. Click the Install Now button 111 the Software Installation window

FIGURE 8.6: Windows Server 2012—Apps

7. Once the Firebug Add-On is installed, it will appear as a grey colored bug 011 the Navigation Toolbar as highlighted in the following screenshot

FIGURE 8.7: Windows Server 2012—Apps

8. Click the Firebug icon to view the Firebug pane.

9. Click the Enable link to view the detailed information for Console panel. Perform the same for the Script, Net, and Cookies panels

10. Enabling the Console panel displays all die requests by the page. The one highlighted 111 the screenshot is the Headers tab

11. 111 this lab, we have demonstrated http://www.microsoft.com

12. The Headers tab displays the Response Headers and Request Headers by die website

FIGURE 8.9: Windows Server 2012 — Apps

13. Similarly, the rest of the tabs 111 the Console panel like Params. Response. HTML, and Cookies hold important information about the website

14. The HTML panel displays information such as source code, internal URLs of the website, etc.

FIGURE 8.10: Windows Server 2012—Apps

15. The Net panel shows the Request start and Request phases start and elapsed time relative to the Request start by hovering the mouse cursor on the Timeline graph for a request

FIGURE 8.11: Windows Server 2012 — Apps