Recently, during a red team engagement with my colleague Maurizio, we came across a website that seemed very outdated. Quickly analyzing the HTML, we noticed something that brought a smile to our faces: a Java Applet. First thought: the backend will definitely not work …
www.apps3c.info Articoli.
Hi there! Today we will see how to add components to the Burp Suite interface that are useful for conveniently managing different scenarios. In detail, we will focus on how to create new tabs for processing HTTP requests and responses. But …
Hi there! In the last article of the series we learned how to develop the most commonly used type of Burp extensions during a penetration test, namely HttpHandler plugins (or HttpListener in the old APIs). These plugins allow us to inspect or modify all HTTP requests …
Hi there! Today we will cover how to develop the type of extension most commonly used during a penetration test, namely HttpHandler plugins (or HttpListener in the old APIs). These plugins allow us to inspect or modify all HTTP requests exiting from every tool …
Hi there! I have been thinking for a long time about releasing a course or lessons on developing extensions for Burp Suite (and to tell you the truth, I had already created a draft course with accompanying extensions some time ago), and what better …
Hi, Last year (I know, I’m “a little” late with this article 😀 ) I tested a couple of applications that employed the Protocol Buffers data format (aka “Protobuf”) to serialize data transmitted using the HTTP protocol. Protobuf serializes data in binary format, …
Hi, I recently had the chance to assess the security of many applications with a back-end written in the Kotlin language. Unfortunately, at the moment Semgrep‘s support for the Kotlin is still in “Beta” and there are not many public rules for this language. So, …
Hi! Last Friday my colleague Piergiovanni and I presented the new features of Brida 0.4 and 0.5 at Hack In Paris 2021! We presented two versions because we were supposed to introduce Brida 0.4 during Hack In Paris 2020, but due to the …
Hi! I just released version 0.7 of the Java Deserialization Scanner, with a small improvement in the “Exploiting” tab. In this tab, it is possible to use the ysoserial tool to generate exploitation payloads, once the presence of a deserialization issue has been confirmed using …
Hi! Today I’m publishing a new Ghidra extension based on the same idea of Brida, a Burp Suite extension created with my colleague Piergiovanni. The idea is simple: everything is better if it can take advantage of Frida‘s super powers! 😀 ghidra2frida is a Ghidra …