web penetration testing – WindowsTechs.com

How to configure BurpelFish

Posted on July 27, 2021 by Alex Rodriguez

I recently was doing a pentest and was continuously looking up translations for words, and thought “there has to be a better way…”. That is when I landed on BurpelFish, which adds a google translate context option to your BurpSuite’s right click. When … Continue reading How to configure BurpelFish→

Once upon a time there was a WebSocket

Posted on March 20, 2020 by Jason Gillam

This is the story from one of our recent penetration testing engagements. Still, the story is a familiar one for those who are testing newer web applications that use one of the multitudes of evolving web app platforms built on a poorly understood tech… Continue reading Once upon a time there was a WebSocket→

Fiddling with Windows: Proxy tools for Win10

Posted on February 21, 2020 by Ochaun Marshall

If you have been following along with us, you know how to set up a Windows 10 Virtual Machine (VM) for web app pentesting. But now we have run into another problem. Let’s say that same client throws in a Windows 10 desktop app in scope. (You know… Continue reading Fiddling with Windows: Proxy tools for Win10→

It’s Okay, We’re All On the SameSite

Posted on February 4, 2020 by Cory Sabol

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m g… Continue reading It’s Okay, We’re All On the SameSite→

In Case of Fire: Break Windows

Posted on January 14, 2020 by Ochaun Marshall

When a client calls us to pentest a web application that is only available in Internet Explorer. I cringe. I don’t know if it’s flashbacks from the countless hours spent getting a website compatible with IE, or the trauma from bad UX growin… Continue reading In Case of Fire: Break Windows→

Hackers’ Operating System Kali Linux Released for Raspberry Pi 4

Posted on July 10, 2019 by Wang Wei

We’ve got some really exciting news for you…

Offensive Security has released an official version of Kali Linux for Raspberry Pi 4—the most powerful version of the compact computer board yet that was released just two weeks ago with the full 4GB of R… Continue reading Hackers’ Operating System Kali Linux Released for Raspberry Pi 4→

Better API Penetration Testing with Postman – Part 3

Posted on April 10, 2019 by Mic Whitehorn-Gillam

In Part 1 of this series, we got started with Postman and generally creating collections and requests. In Part 2, we set Postman to proxy through Burp Suite, so that we could use its fuzzing and request tampering facilities. In this part, we will dig i… Continue reading Better API Penetration Testing with Postman – Part 3→

Better API Penetration Testing with Postman – Part 2

Posted on March 21, 2019 by Mic Whitehorn-Gillam

In Part 1 of this series, I walked through an introduction to Postman, a popular tool for API developers that makes it easier to test API calls. We created a collection, and added a request to it. We also talked about how Postman handles cookies &#8211… Continue reading Better API Penetration Testing with Postman – Part 2→

Better API Penetration Testing with Postman – Part 1

Posted on March 13, 2019 by Mic Whitehorn-Gillam

This is the first of a multi-part series on testing with Postman. I originally planned for it to be one post, but it ended up being so much content that it would likely be overwhelming if not divided into multiple parts. So here’s the plan: In th… Continue reading Better API Penetration Testing with Postman – Part 1→