Category: Python
-
Password Spraying with a Twist
I have read some good posts on password spraying over the past few years, along with reviewing and using a few tools to perform this type of attack. For reference, Black Hills has a few good posts here, here, and here, and MDSec posted a cool article on Lync along with a tool here. I’ve…
-
Bypass WAF: Burp Plugin to Bypass Some WAF Devices
I wrote a blog post on the technique used by this plugin here a while back. Many WAF devices can be tricked into believing a request is from itself, and therefore trusted, if specific headers are present. The basics of the bypass approach can be found in an HP blog post here. I have been…
-
SQLiPy: A SQLMap Plugin for Burp
I perform quite a few web app assessments throughout the year. Two of the primary tools in my handbag for a web app assessment are Burp Suite Pro and SQLMap. Burp Suite is a great general purpose web app assessment tool, but if you perform web app assessments you probably already know because you are…
-
Dirscalate Tool Update – NTLM, Basic, Digest, and Cookie Auth
I have updated my dirscalate tool to now include support for NTLM, BASIC, Digest, or cookie based authentication to the web application with the directory traversal vulnerability. If you are unfamiliar with the tool, see my post here. Previously, if the site required authentication, you would have had to proxy dirscalate through something like Burp…
-
Java Fat Client Penetration Testing and JNLP Auto-Downloads
I was recently asked to perform an application penetration test of a Java based fat client. The application used JNLP and communicated with a backend web service. The steps for this are documented elsewhere, but as a brief guide they require: Loading the JDSer-NG plugin for Burp Configuring Java to proxy through Burp Downloading all…