128nops.blogspot.com
128nops - life of a pentester: Migrating repository
http://128nops.blogspot.com/2015/07/migrating-repository.html
128nops - life of a pentester. Writing about pentesting and other security stuff. Because code.google.com will be finally deprecated really soon I've moved all my projects to github. Subscribe to: Post Comments (Atom). Carstein - currently working as a pentester/security analyst in some small company in Zurich. Sometimes writing code if forced. No free time, so 'hobby' section is empty. Google Online Security Blog. Gynvael.coldwind/ vx.log (pl). How I see the beauty around me. J00ru/ vx tech blog.
128nops.blogspot.com
128nops - life of a pentester: MutProxy
http://128nops.blogspot.com/2013/08/mutproxy.html
128nops - life of a pentester. Writing about pentesting and other security stuff. Recently I had very little time to write anything meaningful. New post are coming, slowly but steady. In the meantime I've stumbled upon short code at Gynvael page. It reminded me of a project I wrote some years ago for one assessment. So, what MutProxy does? 14 November 2013 at 11:54. Waiting for the list of wins with it;-). Subscribe to: Post Comments (Atom). Carstein - currently working as a pentester/security analyst in...
128nops.blogspot.com
128nops - life of a pentester: August 2013
http://128nops.blogspot.com/2013_08_01_archive.html
128nops - life of a pentester. Writing about pentesting and other security stuff. Recently I had very little time to write anything meaningful. New post are coming, slowly but steady. In the meantime I've stumbled upon short code at Gynvael page. It reminded me of a project I wrote some years ago for one assessment. So, what MutProxy does? Subscribe to: Posts (Atom). Carstein - currently working as a pentester/security analyst in some small company in Zurich. Sometimes writing code if forced. No ...PortS...
128nops.blogspot.com
128nops - life of a pentester: JSON Decoder
http://128nops.blogspot.com/2013/02/json-decoder.html
128nops - life of a pentester. Writing about pentesting and other security stuff. If I see correctly there are eleven tutorials covering quite wide selection of topics. So, what is my extension. Not that much (at least in this version) - it's just an additional tab with pretty printed JSON packet. I have other plans for that but I need to find time (and I've started flying BMS 4.32. Debugging burp extension is a bit like "Why? Let me show you what kind of mistakes I did while coding this extension. Given...
128nops.blogspot.com
128nops - life of a pentester: Jar full of cookies
http://128nops.blogspot.com/2013/02/jar-full-of-cookies.html
128nops - life of a pentester. Writing about pentesting and other security stuff. Jar full of cookies. I've been giving tips about how to organize web fuzzing - you remember that part, color highlights, marking stuff for later. But one person (I think that was my only semi-active reader) asked me:. But those request are gonna expire, session will die". How about magic trick. This is just the beginning - cookie jar/session management options are even richer. In. Subscribe to: Post Comments (Atom). Carstei...
128nops.blogspot.com
128nops - life of a pentester: October 2012
http://128nops.blogspot.com/2012_10_01_archive.html
128nops - life of a pentester. Writing about pentesting and other security stuff. Using Burp in a smart way. The most important advice I can give to you at the beginning is to set up your workspace and tools correctly to avoid problems on later stages. Default settings are quite reasonable, but there are some things you can tweak. First - it's a Java app, so give it at least 1GB (2 would be optimal) of RAM via. For evidence retention you might want to configure. Install updates and reboot your computer.
128nops.blogspot.com
128nops - life of a pentester: Small and vulnerable webapp
http://128nops.blogspot.com/2012/11/small-and-vulnerable-webapp.html
128nops - life of a pentester. Writing about pentesting and other security stuff. Small and vulnerable webapp. So, here comes the Bottle. Repeating after web page - Bottle is a fast, simple and lightweight WSGI micro web-framework for Python. It is distributed as a single file module and has no dependencies other than the Python Standard Library. R'[ a-zA-z0-9]*'] @route('/show') def show patterns(): t= for p in patterns: t = p p /p return head t footer @route('/search/:id') def index(id): q = request...
128nops.blogspot.com
128nops - life of a pentester: June 2013
http://128nops.blogspot.com/2013_06_01_archive.html
128nops - life of a pentester. Writing about pentesting and other security stuff. This is going to be very short (let's call it a warmup) post. Just wanted to let you know that I've made small update to JSONDecoder. Changes are mostly cosmetics:. Content type check is case insensitive now. Decoder is now removing garbage from JSON payload (like }]);). Another Content-type is being checked: text/javascript (twitter uses that). Subscribe to: Posts (Atom). Google Online Security Blog. J00ru/ vx tech blog.
128nops.blogspot.com
128nops - life of a pentester: Small update
http://128nops.blogspot.com/2013/06/small-update.html
128nops - life of a pentester. Writing about pentesting and other security stuff. This is going to be very short (let's call it a warmup) post. Just wanted to let you know that I've made small update to JSONDecoder. Changes are mostly cosmetics:. Content type check is case insensitive now. Decoder is now removing garbage from JSON payload (like }]);). Another Content-type is being checked: text/javascript (twitter uses that). Subscribe to: Post Comments (Atom). Google Online Security Blog.
128nops.blogspot.com
128nops - life of a pentester: February 2013
http://128nops.blogspot.com/2013_02_01_archive.html
128nops - life of a pentester. Writing about pentesting and other security stuff. Jar full of cookies. I've been giving tips about how to organize web fuzzing - you remember that part, color highlights, marking stuff for later. But one person (I think that was my only semi-active reader) asked me:. But those request are gonna expire, session will die". How about magic trick. This is just the beginning - cookie jar/session management options are even richer. In. If I see correctly there are eleven tutoria...