Advanced Web Appliation Penetration Testing Using Load Balancer

0

We’ll be looking at cross-site scripting and the load balancing and how to perform a scan. You know to prove or to show whether a site is using an HTTP load balancing or DNS Load Balancing Penetration Testing. So for those of you didn’t know what types of load balancing scans. You can perform those are the two that you can perform and again. Why is this important well usually when people perform penetration tests on sites or web application. They tend to find that, they tend to get different results on probably you can say if you have to perform the scan.

Load Balancing Penetration Testing

It will transfer your HTTP requests or your DNS requests on to different servers. So you will get different results and you know that may turn it with the penetration testers. If they don’t know about load balancing because they’re getting different results every time. They perform a scan, so it can really confuse your workflow and it can really make you a lot of mistakes especially in judgment and then carrying on the penetration test. S

Penetration Testing Tools

So, we are going to be using a tool. That is pre-installed on all penetration testing distributions. it is called LBD. Its purpose is to essentially scan a domain for a DNS or HTTP load balancing or load balancers. So it’s really very simple to use and really quick because it’s really extremely simple to run this scan. take care of Vulnerability Testing. This may help you to balance the load.

Vulnerability Testing

This tool’s simply the command LBD followed by the domain. That means that you want to scan, so we, in this case, I’m going to use techshra.com.  Just for the purpose of this article and of course this is simply for educational purposes only. This Load Balancing Penetration Testing helps you a lot. So this will tell us whether the whether or not techshra.com uses the HTTP domain by load balances or DNS load balancer. That can greatly give you different results when performing a penetration test. You know on a site that, they have a lot of traffic incoming or a lot of requests and it helps them.

Types Of Penetration Testing

There are many types in this testing. we discuss them here below. We use the command LBD and then we specified the domain, so, for example, www.techshra.com and that’s it we just hit enter and once hit enter you can see that it’s going to check for DNS load balancing.

Load balancing penetration testing

and Follow another domain.

Let me just expand that and as you can see we have DNS load balancing obviously techshra.com is a huge site that gets a lot of requests. It has two DNS servers under different, under the same subnet IP subnet but with different IP. Now it’s going to check for HTTP load balancing. So we’re going to let this complete and when it’s complete. Read this complete article for Load Balancing Penetration Testing and its steps. Let’s see what results we were able to get. It has started the scan for the HTTP load balancing and there we are let it just complete the scan and once it gives us its summary we can get a good idea of what load balancing systems are in place.

Web Application Penetration Testing

So let’s just wait for this to complete. We’ve got three rows of results. Let’s actually go through them and let’s understand what exactly is going on here. So you can see the tool is the load balancing detector version. I said Kali Linux and any other penetration distribution have really important tools. Really hidden away that many people have forgotten over time. So as you can see it’s going to check for DNS load balancing.

How To Do Penetration Testing? And further updates

It has two IP addresses under the same subnet. We know that techshra is doing their job right. it can be checked for load balancing via dates and we can be got a check it’s good, then going to check for HTTP load balancing again and it was found you can look at the cache information. We are using load balancing methods; it found the methods DNS and HTTP.

LEAVE A REPLY

Please enter your comment!
Please enter your name here