Users usually turn to the Internet to get answers to their questions. For this purpose, most organizations have websites. Most websites store valuable information such as credit card numbers, email addresses and passwords, etc. In addition, the company is responsible for users registered on the site. They leave their personal data, which can be irretrievably lost together with access to the site. This problem also has a legal aspect, the law regulates these points more and more strictly. This made them a target for criminals. The compromised websites can also be used to spread religious or political ideologies, etc. A web server is a system used to store, process and deliver websites. Web servers run on different operating systems connected to a server database and run different applications. In recent years, the use of web servers has increased, as most online services are implemented as web applications. It is designed to host web applications, allowing clients to access those applications. It implements the architecture of the client-server model, in which it is assigned the role of the server, and the browser – the role of the client. Like any computer system, web servers can be compromised.
Attackers use various methods to launch attacks on targeted web servers and gain unauthorized access. The web server can be accessed through the domain name of the website. It delivers site content to the requester using the Hypertext Transfer Protocol (HTTP). A web server can be thought of as hardware used to store or host web server software and files associated with websites. Thus, web server can be used to refer to hardware or software, or both. It is used to transfer files, email messages and many other purposes. Web servers are so powerful that they can efficiently deliver the same file or any other file to thousands of website visitors at the same time.
Burp Suite is a web security testing tool that can intercept session IDs in established sessions. Burp Suite’s Sequencer tool verifies the randomness of session tokens. With this tool, an attacker can predict the next possible session ID token and use it to hijack the session.
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool that includes hundreds of remote exploits for various platforms. It performs fully automated exploitation of web servers using known vulnerabilities and weak passwords via Telnet, SSH, HTTP and SNM.
Immunity’s CANVAS – Provides penetration testers and security professionals with hundreds of exploits, an automated exploit framework, and a comprehensive, robust exploit development environment. It provides features such as client-side exploitation, elevation of privilege, elevation of privilege via HTTP tunneling, remote kernel exploitation, advanced backdoor techniques, and advanced web attack techniques.