Collaborate Disseminate
I have made a script that can be used for exploiting CORS misconfiguration.
The script works fine but if I want to send an extra header to the request by
xhttp.setRequestHeader(“test_header”, “test_value”)
It first sends the… Continue reading Bypassing header validation
I am trying to exploit misconfiguration CORS.
I have created and hosted a file in HTML and Javascript where if someone clicks the link there HTTP response containing cookies will reflect them on the browser.
I want to store … Continue reading Exploiting CORS and storing the response to server
I have been given a task to do security auditing of the APIs which are running in gRPC. I am using BloomRPC for querying the gRPC Services.
But there so no such option in BloomRPC to proxy the requests to a port.
Is there a way I can conf… Continue reading Configure gRPC with Burp Suite
This is happening in Visa/MasterCard/American Express, etc. I tried checking in many payment apps and payment gateways that if I enter the correct debit card number, name, valid date, and wrong CVV number, I am able to receive OTP. however… Continue reading Bypass with wrong cvv of debit card and getting OTP
I am creating an android application which is able to ping the server for certain information and return them. There are a few methods by which a user can bypass the pinned SSL certificate of an android application by using t… Continue reading Prevent bypassing of SSL Pinning in android application
It’s my first attempt to make a python script that can find Cross-Site Script vulnerability on a web page.
First, it will fetch all the <input> tag from a <form> in a webpage.
Puts the input field’s name in a list “inpu… Continue reading Python script for finding XSS vulnerabilities with mechanize [on hold]
I want to develop my final year project on automation tool in Python for Android testing both SCA & DCA. But don’t know where or how to start. Can someone help?
CLI application will work for me.
I have basic knowledge of… Continue reading Develop my own SCA/DCA tools for Android testing [on hold]
I want to develop my final year project on automation tool in Python for Android testing both SCA & DCA. But don’t know where or how to start. Can someone help?
CLI application will work for me.
I have basic knowledge of… Continue reading Develop my own SCA/DCA tools for Android testing [on hold]
I am trying to load SSL Scanner extension to burp suite extender and I am receiving the following error:
java.lang.Exception: Failed to load Python interpreter from Jython JAR file
at burp.ohg.<init>(Unknown Source… Continue reading Error occur when loading extension SSL Scanner in Burp Suite
I know these things can easily be done on wireshark, tshark, etc but is it possible to know that the request I forwarded and the response I received is using protocols such as TLS, TLSv1.2, TCP, HTTP, etc in Burp Suite? So I … Continue reading How do I know that the request and response is using encryption protocols in burp suite?