Collaborate Disseminate
Today, clicking on links (via Chrome from my Google home page), I started seeing "https://beinternetawesome.withgoogle.com/en_us/" come up instead of the site I had attempted to load.
I’m trying to determine if this is due to typ… Continue reading Malware? Or a Browser Hijack by Google?
Ok i am facing a very weird behaviour that sets and doesnt set cookie both. So, first i have found CRLF injection in 2 domains, redacted.de and redacted_another.com. When i go to redacted_another.com vulnerable url, the cookie gets set int… Continue reading Cookie is not being set after CRLF Injection in one domain but set in another domain. How can i bypass/set it?
I use last Debian stable (buster as June 2020).
system upgraded everyday (and browser addons updated automatically)
Firefox 68.9.0esr (64 bits) (the one from apt package system)
decent hardware (less than 5 years old)
Debian security upgr… Continue reading What a malicious website can do in the worst scenario on a upgraded system [closed]
I was scrolling on two completely separate web pages, pages I have visited many times before. However they do both have ads. My browser is Opera, and I use an adblocker (on the other site it doesn’t always block all ads). After opening the… Continue reading Browser threw me on same ad-site some seconds after scrolling on completely separate webpages
About 6 months ago, every so often, when visiting digg.com, my browser (Safari) would get redirected to some malware site for updating Adobe Flash. This happened both on my iPhone (not jailbroken) and on my desktop iMac. Lately, it has bee… Continue reading Safari frequently gets hijacked when visiting digg.com
I am trying to exploit misconfiguration CORS.
I have created and hosted a file in HTML and Javascript where if someone clicks the link there HTTP response containing cookies will reflect them on the browser.
I want to store … Continue reading Exploiting CORS and storing the response to server
I’m studying HTTP exploits and i doubted the efficiency of the session hijacking… I can see from browser my traffic of informations with a website and get my cookie sniffing on that… Ok, but what can I do with this? I onl… Continue reading What can be done with cookie hijacking?
I want to perform an excercise for session hijacking. I login to a website that does not use HTTPS (just plantext HTTP). The login achieved through a pop-up window.
Using Chrome developer tools I have the cookies details th… Continue reading Given this data, how to execute session hijacking attack?
We have implemented our own single sign-on on our internal and external applications. The flowchart looks like this:
We are using https on both the App and the Single Sign-On, and we pass values between the SSO and the App… Continue reading Is multiple redirect query string request safe?
As part of an exercise, I need to sniff cookies from a login page and inject them in the same login page. If the cookie injection is successful the user must be login without entering the user name and password.
I sniffed th… Continue reading Unable to inject cookies