Collaborate Disseminate
There is a particular class of vulnerability that I’ve seen on enough ASP.NET applications that I’m starting to wonder what the underlying cause it. The pattern goes as follows
The application has multiple levels of permission
When a user… Continue reading Why does ASP.NET enforce authorization through page rendering rather than on the server?
A typical usage pattern for me in application testing is that I will write python scripts to automate various attacks against endpoints &c. What I want to do is add a header each request of the form "Script-Name: sys.argv[0]"… Continue reading Using Burp Bambdas to filter proxy logs based on unmodified requests
I am hoping I can leverage everyone’s knowledge on this one as I am at a lose.
I have an Android 10 Device connecting to a containerized web application that is secured by a custom Certificate Authority. The OCSP addresses in the certific… Continue reading Android Certificate Revocation Checking
I’m testing a site that authenticates using an HS-256 signed JWT. However the json payload inside the JWT is about 2500 characters. This has become an impediment to trying to crack the signing key. My question is what efficient tooling exi… Continue reading Cracking HS-256 signed JWTs with large payloads
I’m trying to use sqlmap to test an application where a search is performed in two requests.
The first request-response pair is like
POST /endpoint.aspx
Host: example.com
Qf_status: 0
Qf_find: searchstring
Content-Length: 0
HTTP/1.1 200 … Continue reading How to use sqlmap to test a chain of requests
I’m testing an android application on a virtual machine running android x86 (android_x86_64-userdebug 9 PI eng.lh.20200325.112926 test-keys). In its current configuration, it does not trust user SSL certificates, and thus I cannot proxy th… Continue reading Proxying android application traffic through burp when user certificates aren’t trusted
I’m attempting to test a Citrix XenApp application by running it on a Windows 10 VM (VirtualBox) guest machine, and proxying the traffic through a Burp Professional proxy on the host only network (the proxy sits on the bare-metal host).
If… Continue reading Testing a Citrix XenApp application using Burp
I’m attacking an application that reads in application/msbin1 (binary) requests of a form like
@\x17GetConfigurationSetting\x08\x1ehttp://tempuri.org/@\x04name\x99\x0einjection_site\x01
(where \x.. is a single byte character, generally in… Continue reading Sqlmap request and binary payload tampering
I’m using Burp Pro to assess a web application that sends a requests to an particular endpoint every second. This responds to almost every request with a 304 Not Modified status code, and I’d rather not have to dig through them in my proxy… Continue reading How to ignore request-response pairs with a 304 status code in Burp?
I have recently found a UAF vulnerability in android that renders MIC data stream to be accessible. I am relatively very new to this field and do not really know how to capture the data from the stream. In short, if I could get an so file … Continue reading Can I copy audio data from mic to a file in android?