SQL query XML

             

Scenario: Retrieve the User(s) & their latest Addresses (address details stored as XML)

Solution:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
SELECT DISTINCT Address.Details.value('@sequence', 'VARCHAR(max)') AS [Address ID],
       Detail
FROM   [User]
       CROSS APPLY [details].nodes('//*[@city="Mumbai"]/details') AS Address(Details)
       JOIN (SELECT a.AddressID,
                    Detail
             FROM   Address a
                    JOIN (SELECT DISTINCT AddressID,
                                          (SELECT MAX([ver])
                                           FROM   Address b
                                           WHERE  c.AddressID = b.AddressID
                                           GROUP  BY AddressID
                                           HAVING c.[ver] <= MAX(b.[ver])) AS [ver]
                          FROM   Admin.dbo.Address c) d
                      ON d.AddressID = a.AddressID
                         AND d.[Version] = a.[ver]) e
         ON e.AddressID = Address.Details.value('@sequence', 'VARCHAR(max)')

Burp - Repeater

            

Scenario: Intercept web site and modify headers

Solution:

Use Burp suite to Intercept traffic and submit the request multiple times with modified values

Burp Suite is an integrated platform for performing security testing of web applications.

1. Burp tool -> Proxy -> Open Browser.
2. Navigate to the site.
3. Burp tool -> Intercept On.
4. Navigate to the page which you want to intercept.
5. The request would be intercepted.
6. Navigate to Http History tab -> Right click on the request you want to repeat -> Send to Repeater.
7. On Repeater tab you will see Request & Response (which initially would be blank).
8. You can now change the Request, like change Http Method from POST -> GET etc -> then click Send button.
9. The response based on modified request would be rendered.

Burp Intercept

           

Scenario: Intercept web site and modify headers

Solution:

Use Burp suite to Intercept traffic

Burp Suite is an integrated platform for performing security testing of web applications.

1. Burp Suite -> Proxy -> Open Browser.
2. Navigate to the site .
3. Set Intercept toggle to On.
4. Navigate to the page which you want to intercept.
5. The request would be intercepted.
6. Now you can go to tool and change Request Headers/Parameters etc.
7. Then click on Forward button to submit the modified request or to continue.

Burp SSL Scanner

           

Scenario: Scan your website for SSL vulnerabilities

Solution:

Use Burp suite to run SSL Scanner

Burp Suite is an integrated platform for performing security testing of web applications.

Below are the steps to run a SSL scan.

Prerequisites:

1.  Install Jython:

• Navigate to https://www.jython.org/download.html and download the latest Jython standalone JAR file.
• Burp Suite -> Extender -> Options. In Python Environment section add the downloaded file from #1.

 2. Install Burp SSL Scanner:

• Navigate to Extender -> BApp Store- > find SSL Scanner or manually install [by downloading from their site]
• Once installed it would appear in Extender -> Extensions.

1. Now SSL Scanner - > Target = {Your WebSite} -> Start Scanning
2. Once complete it will show the report. If Offer TLS1.0 etc is Yes then it is still using old version else it would be No.