Hi! I just added to Brida a small Frida script to bypass SSL/TLS certificate pinning on OkHttp3 4.2+ of Android, developed with my colleague Piergiovanni. You can use the script with the GitHub version of Brida (at the moment you …
www.apps3c.info Articoli.
Hi! I just added to Brida a small Frida script to bypass SSL/TLS certificate pinning on iOS 13 devices. The script is a modification of the iOS 12 certificate pinning bypass of machoreverser, based on the great SSL kill switch …
Hi! Today I’m publishing a little tool I created some months ago. In these days I’m publishing a lot of things but obviously I’m not coding all day and night! 😀 As many of you, I’ve been stuck at home …
Hi! During the years many people ask to me the code I used to generate payloads of Java Deserialization Scanner. These payloads are generated with a customized version of Chris Frohoff ‘s ysoserial, which I have now decided to publish …
Hi! I just released version 0.6 of Java Deserialization Scanner! The first improvement is the addition of URLDNS gadget, that is an active check that detects Java deserialization on the backend without the need of a vulnerable library. This check does the same job …
After quite a lot of hours of work, Brida 0.4 is finally out! Brida 0.4 should have been presented at Hack In Paris 2020 but, due to the postponement of the conference for the COVID-19 global situation, the tool in being released …
Hi! Today I will publish the first article of a series (I hope!) of posts focused on various aspects of the Internet of Things world. These articles will probably not disclose anything new, but they have the purpose of giving an introduction …
Recently we faced a version of Oracle WebLogic vulnerable to CVE-2017-10271. The issue can be exploited to execute arbitrary Java code (and consequently arbitrary commands on the operating system of the application server).
Hi! Today we will take a step-by-step tour on how to use Brida. We will see how to install and configure Brida and then how to use it during a real penetration test. For this purpose, we will use a …
Hi! Here you can download the slides of my talk presented at HackInBo 2017 Winter Edition named “Advanced mobile penetration testing with Brida”. Federico Dotta – Advanced mobile penetration testing with Brida Theme: Super Mario