In web exploitation, a beginner will probably rely heavily on Google Chrome developer tools, as well as several Chrome plugins. Some basic plugins to install are:
- Chrome Developer Tools. Become familiar with them. You can reach them by right-clicking and choosing
Inspect Element, as well as under View->Developer->Developer Tools. Note that developer tools are almost always more useful than viewing source. - Edit This Cookie for changing cookie data.
It is also handy to have firefox installed (We've also been told the 3d DOM view of FireFox is fun to look at.) . One particular plugin we use is the Tamper Data plugin. Tamper Data is a proxy that inserts itself between the user and web site, and allows one to change data sent to the server.
Intercept request and edit. Similar to burpsuite
- use cloushark and tcpdump native.
- Boot into linux
- Go and install the xquartz stuff.