The essential tool for web application testing. It acts as a proxy to intercept and modify traffic between your browser and the server.
Used for cracking password hashes obtained during the assessment. 5. Post-Exploitation & Privilege Escalation Gaining a "shell" is just the start.
Use VMware or VirtualBox to run Kali as a virtual machine. This allows for easy snapshots and keeps your host OS safe.
The go-to tool for executing exploits. Use msfconsole to search, configure, and launch attacks.
Example: searchsploit apache 2.4.49 will list available exploits for that specific version. 4. Exploitation (Gaining Access)
