I recently discovered a fairly new man-in-the-middle tool called bettercap, which I will test in this video. I will explain the concept of ARP spoofing, install bettercap, and see how one can use it to sniff passwords on a network.
I was always sad when I couldn’t use sqlmap when the injection was not very simple. Of course I always expected that to be my fault, that I didn’t spent enough time to configure sqlmap properly. So the other day when I tested an application and found an sql injection which was a pain in the neck to exploit manually, I rolled up my sleeves and started to look at source code of sqlmap to figure out some parameters which I never knew what they did. This blog post is about the
--eval parameter which allows you to manipulate the requests before sending them.
I was preparing myself for the Hacktivity conference in Budapest, where I talked about the security of the Cross-Origin Resource Sharing (CORS). As part of the preparation I summarised my thoughts in a couple of blog posts. This is one of them.
Recently I wanted to do a Cross Site Request Forgery Proof-of-Concept for a file upload functionality. As you might know it is not necessarily as easy as simple form CSRFs. Continue reading
In a recent project I tested a web service and we got a nice SoupUI project for it. SoupUI is a great tool but you somehow miss the nice features of Burp, such as the Intruder. But of course the idea comes immediately: why not to chain them? It turns out this is not as trivial as it seems for the first sight.
This post is about how to create Linux binary executable shellcodes using msfpayload.
This post is more of a note for myself then an interesting technical stuff but it might be useful for somebody else as well.
You might already know the Dradis Framework if not check it out here. It is basically a note taking web application which focuses on penetration tests and other security assessments. It allows testing teams to quickly share the collected information about the tested environment with each other.
I didn’t even want to write about this, because hopefully it is not a wide spread problem but it is such a catastrophic programming mistake which I saw in a production system that I felt the need to talk about it. So to summarize this blog post in one sentence: total client-side exploit using user defined XSLT.