{"id":17432,"date":"2021-09-03T15:30:37","date_gmt":"2021-09-03T15:30:37","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=16114"},"modified":"2021-09-03T15:31:24","modified_gmt":"2021-09-03T15:31:24","slug":"raider","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/raider\/","title":{"rendered":"Raider : Web Authentication Testing Framework"},"content":{"rendered":"\n<p><strong>Raiders<\/strong> is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite\u00a0allow authenticated tests, they don&#8217;t provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. <\/p>\n\n\n\n<p>Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behavior.\u00a0<strong>Raider<\/strong>\u00a0aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Features<\/strong><\/p>\n\n\n\n<p><strong>Raider<\/strong>&nbsp;has the goal to support most of the modern authentication systems, and here are some features that other tools don&#8217;t offer:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Unlimited authentication steps<\/li><li>Unlimited inputs\/outputs for each step<\/li><li>Ability to conditionally decide the next step<\/li><li>Running arbitrary operations when receiving the response<\/li><li>Easy to write custom operations and plugins<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/DigeeX\/raider#how-does-it-work\"><\/a><strong>How does it work<\/strong><\/p>\n\n\n\n<p><strong>Raider<\/strong>&nbsp;treats the authentication as a finite state machine. Each authentication step is a different state, with its own inputs and outputs. Those can be cookies, headers, CSRF tokens, or other pieces of information.<\/p>\n\n\n\n<p>Each application needs its own configuration file for&nbsp;<strong>Raider<\/strong>&nbsp;to work. The configuration is written in&nbsp;<a href=\"https:\/\/docs.hylang.org\/\">Hylang<\/a>. The language choice was done for multiple reasons, mainly because it&#8217;s a Lisp dialect embedded in Python.<\/p>\n\n\n\n<p>Using Lisp was necessarily since sometimes the authentication can get quite complex, and using a static configuration file would&#8217;ve not been enough to cover all the details. Lisp makes it easy to combine code and data, which is exactly what was needed here.<\/p>\n\n\n\n<p>By using a real programming language as a configuration file gives&nbsp;<strong>Raider<\/strong>&nbsp;a lot of power, and with great power comes great responsibility. Theoretically one can write entire malware inside the application configuration file, which means you should be careful what&#8217;s being executed, and&nbsp;<strong>not to use configuration files from sources you don&#8217;t trust<\/strong>.&nbsp;<strong>Raider<\/strong>&nbsp;will evaluate everything inside the .hy files, which means if you&#8217;re not careful you could shoot yourself in the foot and break something on your system.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><a href=\"https:\/\/github.com\/DigeeX\/raider#installation\"><\/a><strong>Installation<\/strong><\/p>\n\n\n\n<p>The package is available in the&nbsp;Python Package Index, so to install the latest stable release of&nbsp;<em>Raider<\/em>&nbsp;just use the command&nbsp;<code><strong>pip3&nbsp;install&nbsp;--user&nbsp;raider<\/strong><\/code><\/p>\n\n\n\n<p>Warning<\/p>\n\n\n\n<p><em>Raider<\/em>&nbsp;was developed on Python 3.9 and it wasn\u2019t tested yet on older versions, so it might have incompatibility issues.<\/p>\n\n\n\n<p>If you feel adventurous and want to build&nbsp;<em>Raider<\/em>&nbsp;from source, you can do so. You will need to do that anyways if you want to contribute to the development.<\/p>\n\n\n\n<p>First start by clonning the repository with&nbsp;<strong><code>git&nbsp;clone&nbsp;https:\/\/github.com\/DigeeX\/raider<\/code>.<\/strong><\/p>\n\n\n\n<p>Using a python virtual environment is recommended to avoid weird issues with python incompatibilities when working on the code. However you can still use&nbsp;<code><strong>pip3&nbsp;install&nbsp;.<\/strong><\/code>&nbsp;in the project\u2019s directory to install the package locally.<\/p>\n\n\n\n<p>If you choose to use the virtual environment,&nbsp;install poetry&nbsp;since that\u2019s how&nbsp;<em>Raider<\/em>&nbsp;was developed.<\/p>\n\n\n\n<p>Once poetry is installed, you can prepare the virtual environment and switch to it to work with&nbsp;<em>Raider<\/em>:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>cd raider<br>poetry install<br>poetry shell<\/strong><\/p>\n\n\n\n<p>And now you\u2019re working inside the virtual environment, and&nbsp;<em>Raider<\/em>&nbsp;should be available here.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Architecture<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-left has-light-green-cyan-background-color has-background\"><strong>Abstracting the authentication process<\/strong><\/p>\n\n\n\n<p>First let\u2019s start by taking a closer look at how web authentication works. Every&nbsp;authentication process&nbsp;can be abstracted as a&nbsp;Finite State Machine.<\/p>\n\n\n\n<p>On a high level, we start in the unauthenticated state, the user sends the application their credentials, optionally the&nbsp;multi-factor authentication (MFA)&nbsp;code, and if both checks pass, we reach the authenticated state. A typical modern web application will looks like the following in a diagram:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-caN5HixiFww\/YRp3RfwgnzI\/AAAAAAAAKeo\/zd4BOOsk7Kwc4g2fvCubIjiuDiJwQu4ZQCLcBGAsYHQ\/s1108\/plantuml-ad2aa1b5a57b181aa2ee3a4afd27dccd79ce2e37.png\" alt=\"\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-background-color has-background\"><strong>Basic concepts in Raider<\/strong><\/p>\n\n\n\n<p>Now let\u2019s zoom in and look at the details. Instead of dealing with the states (<em>Unauthenticated<\/em>,&nbsp;<em>Login failed<\/em>,&nbsp;<em>MFA required<\/em>, and&nbsp;<em>Authenticated<\/em>), we define the concept of&nbsp;stages, which describes the information exchange between the client and the server containing one request and the respective response.<\/p>\n\n\n\n<p>The example below shows a closer look of the authentication process for an imaginary web application: <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-YYN0TaYUs6o\/YRp3rAaW0PI\/AAAAAAAAKew\/-W2sDXDghZ4uhihqhFZ0Xi68S-3bnyj8wCLcBGAsYHQ\/s2436\/plantuml-c6d5182524e1145aa56790c6c885b14f7cfd00f2.png\" alt=\"\" \/><\/figure>\n\n\n\n<p>To describe the authentication process from the example defined above, we need three&nbsp;<strong>stages<\/strong>. The first one,&nbsp;<em>Initialization<\/em>, doesn\u2019t have any inputs, but creates the&nbsp;<em>Session cookie<\/em>&nbsp;and the&nbsp;<em>CSRF token<\/em>&nbsp;as outputs.<\/p>\n\n\n\n<p>Those outputs are passed to the next&nbsp;<strong>stage<\/strong>,&nbsp;<em>Login<\/em>, together with user credentials. A request is built with those pieces of information, and the new outputs are generated. In this case we have the new&nbsp;<em>CSRF token<\/em>, an updated&nbsp;<em>session cookie<\/em>, and a new cookie identifying the user:&nbsp;<em>user cookie<\/em>.<\/p>\n\n\n\n<p>Depending on whether MFA is enabled or not, the third&nbsp;<strong>stage<\/strong>&nbsp;<em>Multi-factor authentication<\/em>&nbsp;might be skipped or executed. If it\u2019s enabled, the outputs from the previous&nbsp;<strong>stage<\/strong>&nbsp;get passed as inputs to this one, the user is asked to input the next&nbsp;<a href=\"https:\/\/raider.readthedocs.io\/en\/latest\/user\/definitions.html#term-Factor\">Factor<\/a>, and a new cookie is set proving the user has passed the checks and is properly authenticated.<\/p>\n\n\n\n<p>In&nbsp;<strong>Raider<\/strong>, stages are implemented using&nbsp;<a href=\"https:\/\/raider.readthedocs.io\/en\/latest\/user\/definitions.html#term-Flow\">Flow<\/a>&nbsp;objects. The authentication process consists of a series of Flows connected to each other. Each one accepts inputs and generates outputs. In addition to that, Flow objects implement&nbsp;<a href=\"https:\/\/raider.readthedocs.io\/en\/latest\/user\/definitions.html#term-Operation\">Operations<\/a>&nbsp;which can be used to run various actions upon receiving the response, but most importantly they\u2019re used to control the authentication process by conditionally or unconditionally defining the next stage. So for example one can jump to stage X if the HTTP response code is 200 or to stage Y if it\u2019s 403.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-OL0Ew3hOs_A\/YRp4CHHvVnI\/AAAAAAAAKe4\/nBunqhp38-wYRiolhYBpZCyIPjAAibYbQCLcBGAsYHQ\/s892\/plantuml-def0c509dccb720ebcda2e219a43afb701799a0b.png\" alt=\"\" \/><\/figure>\n\n\n\n<p>Inputs and outputs are often the same object, and you may want to update its value from one Flow to the next (for example the CSRF token changes for every stage). This was implemented in Raider using&nbsp;Plugins.<\/p>\n\n\n\n<p>Plugins are pieces of code that can act as inputs for the HTTP requests to be sent, and\/or as outputs from the HTTP responses. They are used to facilitate the information exchange between Flows.&nbsp;<strong>Raider<\/strong>&nbsp;provides the user the option to&nbsp;write new plugins&nbsp;with a small piece of hylang code.<\/p>\n\n\n\n<p>Once the response is received, the&nbsp;Operations&nbsp;will be executed. The primary function of operations is to define which Flow comes next. But they can do anything, and&nbsp;<em>Raider<\/em>&nbsp;makes it easy to write new operations.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Tutorial<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Preparation<\/strong><\/p>\n\n\n\n<p>Before you can use&nbsp;<strong>Raider<\/strong>, you have to set up the&nbsp;<a href=\"https:\/\/raider.readthedocs.io\/en\/latest\/user\/definitions.html#term-Authentication\">authentication<\/a>&nbsp;inside&nbsp;<a href=\"https:\/\/raider.readthedocs.io\/en\/latest\/user\/definitions.html#term-hyfiles\">hyfiles<\/a>. To do that, you\u2019ll probably need to use a web proxy (<a href=\"https:\/\/portswigger.net\/burp\">BurpSuite<\/a>,&nbsp;<a href=\"https:\/\/www.zaproxy.org\/\">ZAProxy<\/a>,&nbsp;<a href=\"https:\/\/mitmproxy.org\/\">mitmproxy<\/a>, etc\u2026) to see the&nbsp;<a href=\"https:\/\/raider.readthedocs.io\/en\/latest\/user\/definitions.html#term-Request\">requests<\/a>&nbsp;the application is generating, and identify all the important inputs and outputs for each request.<\/p>\n\n\n\n<p>After the traffic was captured, there will probably be lots of HTTP requests that are irrelevant to the authentication. Start by removing all static files (.png, .js, .pdf, etc\u2026). When you\u2019re left with a fewer requests to deal with, it\u2019s time to dive deeper and understand how the authentication works.<\/p>\n\n\n\n<p>At this point we assume&nbsp;<em>you already know<\/em>&nbsp;the basics of Python and Hylang so this documentation will not cover information that can be found somewhere else.<\/p>\n\n\n\n<p>This tutorial will show the authentication in use by Reddit at the time of writing this. It could be different in the future when you\u2019re reading this, if they update the way authentication works or change the HTML structure, so you will have to do this all by yourself anyways.<\/p>\n\n\n\n<p>The easiest way to start this is by going backwards starting with one authenticated request. This should be some kind of request that only works when the user is already authenticated. I choose the \u201cunread_message_count\u201d one for reddit, and the request looks like this:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>GET https:\/\/s.reddit.com\/api\/v1\/sendbird\/unread_message_count HTTP\/1.1<br>User-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0<br>Accept: application\/json<br>Accept-Language: en-US,en;q=0.5<br>Content-Type: application\/json<br>Origin: https:\/\/www.reddit.com<br>DNT: 1<br>Authorization: Bearer [REDACTED TOKEN]<br>Referer: https:\/\/www.reddit.com\/<br>Connection: keep-alive<br>Host: s.reddit.com<\/strong><\/p>\n\n\n\n<p>As you can see from this, the only information we sent to this URL from our authentication is the Bearer token.<\/p>\n\n\n\n<p>We define a new&nbsp;Flow&nbsp;that will check for the unread messages in hy:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>(setv get_unread_messages<br>(Flow<br>:name &#8220;get_unread_messages&#8221;<br>:request (Request<br>:method &#8220;GET&#8221;<br>:headers [(Header.bearerauth access_token)]<br>:url &#8220;https:\/\/s.reddit.com\/api\/v1\/sendbird\/unread_message_count&#8221;)))<\/strong><\/p>\n\n\n\n<p>In Hy,&nbsp;<code>setv<\/code>&nbsp;is used to set up new variables. Here we created the variable&nbsp;<code>get_unread_messages<\/code>&nbsp;that will hold the information about this Flow. This will be hold in the&nbsp;<a href=\"https:\/\/raider.readthedocs.io\/en\/latest\/dev\/special_variables.html#var-functions\">_<\/a>functions special variable&nbsp;which stores the Flows which aren\u2019t affecting the authentication.<\/p>\n\n\n\n<p>The only required parameters for&nbsp;<code>Flow<\/code>&nbsp;objects are the name and the request. The name is a string that is used for reference purposes, and the request contains the actual HTTP request definition as a&nbsp;<code>Request<\/code>&nbsp;object.<\/p>\n\n\n\n<p>The Request object requires only the method and url. Other parameters are optional. We translate the original request into&nbsp;<strong>Raider<\/strong>&nbsp;config format, and to use the access token we need to define it in the request header. Since this is a bearer header, we use&nbsp;<code>Header.bearerauth<\/code>&nbsp;with the&nbsp;<code>access_token<\/code>&nbsp;which we will create later on.<\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Getting the access token<\/strong><\/p>\n\n\n\n<p>The next step would be to find out where is this token generated and how we can extract it. Searching for this token in previous responses, we can see it was first seen in a request to the main reddit page. It\u2019s located inside the&nbsp;&lt;script id=\u201ddata\u201d&gt;&nbsp;part of the response, and it looks like this:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>[\u2026] &#8220;session&#8221;:{&#8220;accessToken&#8221;:&#8221;[REDACTED_TOKEN]&#8221;,&#8221;expires&#8221;:&#8221;2021-06-23T19:30:10.000Z&#8221; [\u2026]<\/strong><\/p>\n\n\n\n<p>The easiest way to extract the token using&nbsp;<strong>Raider<\/strong>, is to use the&nbsp;Regex&nbsp;module. This module searches for the regex you supplied and returns the value of the first group that matches. The group is the string in between&nbsp;<code>(<\/code>&nbsp;and&nbsp;<code>)<\/code>&nbsp;characters. The final object I configured looks like this:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>(setv access_token<br>(Regex<br>:name &#8220;access_token&#8221;<br>:regex &#8220;\\&#8221;accessToken\\&#8221;:\\&#8221;([^\\&#8221;]+)\\&#8221;&#8221;))<\/strong><\/p>\n\n\n\n<p>We are setting up the variable&nbsp;<code>access_token<\/code>&nbsp;to the&nbsp;<code>Regex<\/code>&nbsp;object, with the internal name&nbsp;<code>access_token<\/code>&nbsp;and that\u2019ll return the value of the string between double quotes after the \u201caccessToken\u201d part.<\/p>\n\n\n\n<p>Now we need to define the actual request that will get us this access token. To do this, we take a closer look to the actual request where this response was created:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>GET https:\/\/www.reddit.com\/ HTTP\/1.1<br>User-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0<br>Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,<em>\/<\/em>;q=0.8<br>Accept-Language: en-US,en;q=0.5<br>DNT: 1<br>Upgrade-Insecure-Requests: 1<br>Connection: keep-alive<br>Cookie: csv=1; edgebucket=PPJTEvVRvoolrqFkYw; G_ENABLED_IDPS=google; loid=[REDACTED]; eu_cookie={%22opted%22:true%2C%22nonessential%22:false}; token_v2=[REDACTED]; reddit_session=[REDACTED]<br>Host: www.reddit.com<\/strong><\/p>\n\n\n\n<p>Now we can see there are several cookies being sent with this request. Most of them are irellevant here. To see which one is required for the request to succeed, we remove them one by one and see if we get the information we need inside the response. By doing this, I found out that the only cookie we need is&nbsp;<code><strong>reddit_session<\/strong><\/code>. As long as we supply it in the request, we do get the&nbsp;<code>access_token<\/code>&nbsp;in the response. With this information, we can now write the definition of the request:<\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>(setv get_access_token<br>(Flow<br>:name &#8220;get_access_token&#8221;<br>:request (Request<br>:method &#8220;GET&#8221;<br>:url &#8220;https:\/\/www.reddit.com\/&#8221;<br>:cookies [reddit_session])<br>:outputs [access_token]<br>:operations [(Print access_token)<br>(NextStage &#8220;get_unread_messages&#8221;)]))<\/strong><\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/DigeeX\/raider\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Raiders is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite\u00a0allow authenticated tests, they don&#8217;t provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":17572,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[],"class_list":["post-17432","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Raider : Web Authentication Testing Framework!!! Kali Linux Tutorials<\/title>\n<meta name=\"description\" content=\"Raiders is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/raider\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Raider : Web Authentication Testing Framework!!! Kali Linux Tutorials\" \/>\n<meta property=\"og:description\" content=\"Raiders is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/raider\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-09-03T15:30:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-03T15:31:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Raider : Web Authentication Testing Framework\",\"datePublished\":\"2021-09-03T15:30:37+00:00\",\"dateModified\":\"2021-09-03T15:31:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/\"},\"wordCount\":1972,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png\",\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/raider\/\",\"name\":\"Raider : Web Authentication Testing Framework!!! Kali Linux Tutorials\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png\",\"datePublished\":\"2021-09-03T15:30:37+00:00\",\"dateModified\":\"2021-09-03T15:31:24+00:00\",\"description\":\"Raiders is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/raider\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png\",\"width\":\"776\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Raider : Web Authentication Testing Framework!!! Kali Linux Tutorials","description":"Raiders is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/raider\/","og_locale":"en_US","og_type":"article","og_title":"Raider : Web Authentication Testing Framework!!! Kali Linux Tutorials","og_description":"Raiders is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite.","og_url":"https:\/\/kalilinuxtutorials.com\/raider\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-09-03T15:30:37+00:00","article_modified_time":"2021-09-03T15:31:24+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/raider\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/raider\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Raider : Web Authentication Testing Framework","datePublished":"2021-09-03T15:30:37+00:00","dateModified":"2021-09-03T15:31:24+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/raider\/"},"wordCount":1972,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/raider\/","url":"https:\/\/kalilinuxtutorials.com\/raider\/","name":"Raider : Web Authentication Testing Framework!!! Kali Linux Tutorials","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","datePublished":"2021-09-03T15:30:37+00:00","dateModified":"2021-09-03T15:31:24+00:00","description":"Raiders is a framework designed to test authentication for web applications. While web proxies like\u00a0ZAProxy\u00a0and\u00a0Burpsuite.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/raider\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/raider\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","width":"776","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-cn4L7rnCQRU\/YSh3TJ_qobI\/AAAAAAAAKlc\/h165XfNw_rglc8WH_rCbuVkcfRNiXHJdQCLcBGAsYHQ\/s776\/Web%2BAuthentication%2BTesting%2BFramework%2B%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1381,"url":"https:\/\/kalilinuxtutorials.com\/two-step-authentication\/","url_meta":{"origin":17432,"position":0},"title":"Mozilla Adds Two Step Authentication Support For Firefox Accounts","author":"R K","date":"May 24, 2018","format":false,"excerpt":"Mozilla is propelling a Two Step Authentication process for supporting Firefox accounts. The authentication framework utilizes Firefox Sync usefulness to secure the synchronization of bookmarks, passwords, open labels, and other data between devices. As per Mozilla build Vijay Budhram, this component is continuously being elevated to clients and it did\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":19414,"url":"https:\/\/kalilinuxtutorials.com\/bruteloops\/","url_meta":{"origin":17432,"position":1},"title":"BruteLoops : Protocol Agnostic Online Password Guessing API","author":"R K","date":"October 26, 2021","format":false,"excerpt":"BruteLoops is a dead simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. See various\u00a0Wiki\u00a0sections for more information. A \"modular\" example is included with the library that demonstrates how to use this package. It's fully functional and provides multiple brute force modules. Below is\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhu0jiAyEAJ-Vqx78OTIxrv1wuGxDNPp7YQNEs-uWTQfF3Y4SVPB8tqpp5Fxzp5Vf6QB4hdspae5nmSSu372wvGZmJ90Ga8UQZievjGevXebOyu0Lik5PogcCMQOxhoc4VQ5SaxaKoM8T2F6k03z1fvJEpYdEXer2zyJJ7cqgAHyxT2sL1NnQxkwrkZ=s755","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhu0jiAyEAJ-Vqx78OTIxrv1wuGxDNPp7YQNEs-uWTQfF3Y4SVPB8tqpp5Fxzp5Vf6QB4hdspae5nmSSu372wvGZmJ90Ga8UQZievjGevXebOyu0Lik5PogcCMQOxhoc4VQ5SaxaKoM8T2F6k03z1fvJEpYdEXer2zyJJ7cqgAHyxT2sL1NnQxkwrkZ=s755 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhu0jiAyEAJ-Vqx78OTIxrv1wuGxDNPp7YQNEs-uWTQfF3Y4SVPB8tqpp5Fxzp5Vf6QB4hdspae5nmSSu372wvGZmJ90Ga8UQZievjGevXebOyu0Lik5PogcCMQOxhoc4VQ5SaxaKoM8T2F6k03z1fvJEpYdEXer2zyJJ7cqgAHyxT2sL1NnQxkwrkZ=s755 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEhu0jiAyEAJ-Vqx78OTIxrv1wuGxDNPp7YQNEs-uWTQfF3Y4SVPB8tqpp5Fxzp5Vf6QB4hdspae5nmSSu372wvGZmJ90Ga8UQZievjGevXebOyu0Lik5PogcCMQOxhoc4VQ5SaxaKoM8T2F6k03z1fvJEpYdEXer2zyJJ7cqgAHyxT2sL1NnQxkwrkZ=s755 2x"},"classes":[]},{"id":34719,"url":"https:\/\/kalilinuxtutorials.com\/seamlesspass\/","url_meta":{"origin":17432,"position":2},"title":"SeamlessPass: Using Kerberos Tickets to Access Microsoft 365","author":"Varshini","date":"August 20, 2025","format":false,"excerpt":"SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain access tokens for Microsoft 365 services. This approach is primarily relevant for hybrid environments where organizations use both on-premises Active Directory and cloud-based Microsoft 365 (Azure AD) accounts. It is often used alongside ROADTools, a\u2026","rel":"","context":"In &quot;Hacking Tools&quot;","block_context":{"text":"Hacking Tools","link":"https:\/\/kalilinuxtutorials.com\/category\/hacking-tools\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2FftobpSUkezRJbtAVZ_4Yxcj0WlNI5Lpn1qjkkB7Sv4myImPqgSgpKgM4ev-nOKlqSHDfzWPSb0XBfCUaY0kofx7oj-1epqPYofZCcweiVoh8_dOk_2ALqAyvI-EZ0Fl2SfNdJ8pOpqXd7E5c4KzhWc-ISzGuOstXlsvRktSQ8IiUF_GkXC1qW50UBWT\/s16000\/SeamlessPass%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2FftobpSUkezRJbtAVZ_4Yxcj0WlNI5Lpn1qjkkB7Sv4myImPqgSgpKgM4ev-nOKlqSHDfzWPSb0XBfCUaY0kofx7oj-1epqPYofZCcweiVoh8_dOk_2ALqAyvI-EZ0Fl2SfNdJ8pOpqXd7E5c4KzhWc-ISzGuOstXlsvRktSQ8IiUF_GkXC1qW50UBWT\/s16000\/SeamlessPass%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2FftobpSUkezRJbtAVZ_4Yxcj0WlNI5Lpn1qjkkB7Sv4myImPqgSgpKgM4ev-nOKlqSHDfzWPSb0XBfCUaY0kofx7oj-1epqPYofZCcweiVoh8_dOk_2ALqAyvI-EZ0Fl2SfNdJ8pOpqXd7E5c4KzhWc-ISzGuOstXlsvRktSQ8IiUF_GkXC1qW50UBWT\/s16000\/SeamlessPass%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2FftobpSUkezRJbtAVZ_4Yxcj0WlNI5Lpn1qjkkB7Sv4myImPqgSgpKgM4ev-nOKlqSHDfzWPSb0XBfCUaY0kofx7oj-1epqPYofZCcweiVoh8_dOk_2ALqAyvI-EZ0Fl2SfNdJ8pOpqXd7E5c4KzhWc-ISzGuOstXlsvRktSQ8IiUF_GkXC1qW50UBWT\/s16000\/SeamlessPass%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2FftobpSUkezRJbtAVZ_4Yxcj0WlNI5Lpn1qjkkB7Sv4myImPqgSgpKgM4ev-nOKlqSHDfzWPSb0XBfCUaY0kofx7oj-1epqPYofZCcweiVoh8_dOk_2ALqAyvI-EZ0Fl2SfNdJ8pOpqXd7E5c4KzhWc-ISzGuOstXlsvRktSQ8IiUF_GkXC1qW50UBWT\/s16000\/SeamlessPass%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh2FftobpSUkezRJbtAVZ_4Yxcj0WlNI5Lpn1qjkkB7Sv4myImPqgSgpKgM4ev-nOKlqSHDfzWPSb0XBfCUaY0kofx7oj-1epqPYofZCcweiVoh8_dOk_2ALqAyvI-EZ0Fl2SfNdJ8pOpqXd7E5c4KzhWc-ISzGuOstXlsvRktSQ8IiUF_GkXC1qW50UBWT\/s16000\/SeamlessPass%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":31727,"url":"https:\/\/kalilinuxtutorials.com\/ssh3\/","url_meta":{"origin":17432,"position":3},"title":"SSH3 &#8211; Faster And Rich Secure Shell Using HTTP\/3","author":"Varshini","date":"January 18, 2024","format":false,"excerpt":"SSH3 is a complete revisit of the SSH protocol, mapping its semantics on top of the HTTP mechanisms. In a nutshell, SSH3 uses\u00a0QUIC+TLS1.3\u00a0for secure channel establishment and the\u00a0HTTP Authorization\u00a0mechanisms for user authentication. Among others, SSH3 allows the following improvements: Significantly faster session establishment New HTTP authentication methods such as\u00a0OAuth 2.0\u00a0and\u00a0OpenID\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHAYIzo6A9Es-V4cYHiKyWjjSsaS7UmPSTumoejYcZpj46MlL6-LQ1AxGXGUaljYdqYAycJVzqeZVFmtV0LHEesPCtNsI6DfWLhmh12CPbdpR0DIKswVs-z4lHNMTaTIaS1NmBLQXD20HqLz1722vsQbU7vRTfLw7u90k2ymeBQKYck9iLukVpS8jUfsiA\/s16000\/Untitled%20design%20%283%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHAYIzo6A9Es-V4cYHiKyWjjSsaS7UmPSTumoejYcZpj46MlL6-LQ1AxGXGUaljYdqYAycJVzqeZVFmtV0LHEesPCtNsI6DfWLhmh12CPbdpR0DIKswVs-z4lHNMTaTIaS1NmBLQXD20HqLz1722vsQbU7vRTfLw7u90k2ymeBQKYck9iLukVpS8jUfsiA\/s16000\/Untitled%20design%20%283%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHAYIzo6A9Es-V4cYHiKyWjjSsaS7UmPSTumoejYcZpj46MlL6-LQ1AxGXGUaljYdqYAycJVzqeZVFmtV0LHEesPCtNsI6DfWLhmh12CPbdpR0DIKswVs-z4lHNMTaTIaS1NmBLQXD20HqLz1722vsQbU7vRTfLw7u90k2ymeBQKYck9iLukVpS8jUfsiA\/s16000\/Untitled%20design%20%283%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHAYIzo6A9Es-V4cYHiKyWjjSsaS7UmPSTumoejYcZpj46MlL6-LQ1AxGXGUaljYdqYAycJVzqeZVFmtV0LHEesPCtNsI6DfWLhmh12CPbdpR0DIKswVs-z4lHNMTaTIaS1NmBLQXD20HqLz1722vsQbU7vRTfLw7u90k2ymeBQKYck9iLukVpS8jUfsiA\/s16000\/Untitled%20design%20%283%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHAYIzo6A9Es-V4cYHiKyWjjSsaS7UmPSTumoejYcZpj46MlL6-LQ1AxGXGUaljYdqYAycJVzqeZVFmtV0LHEesPCtNsI6DfWLhmh12CPbdpR0DIKswVs-z4lHNMTaTIaS1NmBLQXD20HqLz1722vsQbU7vRTfLw7u90k2ymeBQKYck9iLukVpS8jUfsiA\/s16000\/Untitled%20design%20%283%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhHAYIzo6A9Es-V4cYHiKyWjjSsaS7UmPSTumoejYcZpj46MlL6-LQ1AxGXGUaljYdqYAycJVzqeZVFmtV0LHEesPCtNsI6DfWLhmh12CPbdpR0DIKswVs-z4lHNMTaTIaS1NmBLQXD20HqLz1722vsQbU7vRTfLw7u90k2ymeBQKYck9iLukVpS8jUfsiA\/s16000\/Untitled%20design%20%283%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":13341,"url":"https:\/\/kalilinuxtutorials.com\/firestorepwn\/","url_meta":{"origin":17432,"position":4},"title":"FireStorePwn : Firestore Database Vulnerability Scanner Using APKs","author":"R K","date":"June 15, 2021","format":false,"excerpt":"FireStorePwn scans an APK and checks the Firestore database for rules that are not secure, testing with or without authentication. If there are problems with the security rules, attackers could steal, modify or delete data and raise the bill. How It Works Install FSP sudo wget https:\/\/raw.githubusercontent.com\/takito1812\/FireStorePwn\/main\/fsp -O \/bin\/fspsudo chmod\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":649,"url":"https:\/\/kalilinuxtutorials.com\/mdk3\/","url_meta":{"origin":17432,"position":5},"title":"WiFi Stress Testing Using MDK3, Beacon Flooding &#038; Deauthentication Attack.","author":"Ravi Sankar","date":"June 13, 2018","format":false,"excerpt":"MDK3 is a proof of concept tool. It is used for stress testing 802.11 networks(wifi). It consists of various methods by which we can perform tests. Some of major method sare beacon flooding, deauthentication, WPA- dos etc. In pentests mdk is used for testing the network infrastructures having 802.11 implementations\u2026","rel":"","context":"In &quot;Stress Testing&quot;","block_context":{"text":"Stress Testing","link":"https:\/\/kalilinuxtutorials.com\/category\/st\/"},"img":{"alt_text":"","src":"https:\/\/i2.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/09\/mdk-feature.jpg?fit=1500%2C1000&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i2.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/09\/mdk-feature.jpg?fit=1500%2C1000&ssl=1&resize=350%2C200 1x, https:\/\/i2.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/09\/mdk-feature.jpg?fit=1500%2C1000&ssl=1&resize=525%2C300 1.5x, https:\/\/i2.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/09\/mdk-feature.jpg?fit=1500%2C1000&ssl=1&resize=700%2C400 2x, https:\/\/i2.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/09\/mdk-feature.jpg?fit=1500%2C1000&ssl=1&resize=1050%2C600 3x, https:\/\/i2.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2015\/09\/mdk-feature.jpg?fit=1500%2C1000&ssl=1&resize=1400%2C800 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/17432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=17432"}],"version-history":[{"count":5,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/17432\/revisions"}],"predecessor-version":[{"id":17997,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/17432\/revisions\/17997"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/17572"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=17432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=17432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=17432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}