Collaborate Disseminate
I am using elysiajs for API. I am trying to use Caddyfile for that. Now I want to share cookies between all subdomains that end with .localhost. I am using caddy reverse_proxy to create subdomains like learn.localhost or docs.localhost no… Continue reading How can I share cookies with subdomain in next js? [closed]
Many providers of free websites allow the creation of subdomains.
What measures can these providers take to prevent (or mitigate) the following:
create a page demanding payment (with a link to an external payment gateway)
host it on a sub… Continue reading How do free website providers prevent fake payment pages being created on their (sub)domain?
I am trying to analyze HTTP traffic of our application.
Application has two accessible portals, one accessible by admin.localhost:3002 and the other accessible by localhost:3002
I have Burp Suite proxy on 127.0.0.1:8080, certs configured i… Continue reading Unknown host on Burp Suite when trying to access *.localhost
I have a website with a URL of lets say "123.example.com" where I am hosting a large ERP system. Does hosting the application at "123.example.com/myapp" provide any layer of security from malicious web crawlers/bots etc… Continue reading Subdomain vs Virtual Path discovery by bots
So I am resolving room Wekor at tryhackme. The room says we need to use the domain "wekor.thm". So I added the domain to /etc/hosts
There is a hidden subdomain site.wekor.thm. I’ve already read the walkthrough.
When I tried to … Continue reading Gobuster doesn`t work properly
I am wondering how we can effectively extract all subdomains of given website? For example, the free hosting websites, I would like to extract all subdomains and see if I can find some subdomains related to our company that’s maybe used fo… Continue reading efficient subdomain extraction [duplicate]
Many new TLDs have mandatory HTTPS requirements. Is there a way to disable that for subdomains? If not does that mean an expensive wildcard SSL certificate will need to be used with these domains?
So if I have a service running at sub.doma… Continue reading Do subdomains of a TLD with mandatory HTTPS require a wildcard certificate?
I have been researching various common techniques for preventing CSRF attacks, such as SameSite, Secure, and CSRF Tokens, and how they can be bypassed. I found that the following vulnerabilities exist:
A website’s subdomain or sibling dom… Continue reading Can strict ‘Referer’ validation also be bypassed with vulnerable subdomains?
I found this subdomain dump or whatever this of pipedrive website on ghostbin. I was wondering what threat this poses to the organisation and what can be done if anything to mitigate the threat.
••bicloud p,pednve com
,icenda p1pedrive.com… Continue reading what is a subdomain dump and is it dangerous? [duplicate]
Are there any security reasons against "drop-www"?
In other words, are there any security reasons against using an apex [1] domain name such as example.com instead of a subdomain such as www.example.com?
Quote https://www.bjornjo… Continue reading Are there any security reasons against "drop-www" (using example.com instead of www.example.com)?