www.apps3c.info – Pagina 4 – apps3c personal page

Handy Collaborator – Because Burp Suite Collaborator is useful also during manual testing!

apps3cCode29 Settembre 2017

Hi! Today I will show you a new Burp Suite plugin, Handy Collaborator, that the colleague of mine Gianluca and I wrote in order to make it possible to use Burp Suite Collaborator also during manual testing. Burp Suite Collaborator is an external server …

Continua a leggere

Detection payload for the new Struts REST vulnerability (CVE-2017-9805)

apps3cCode7 Settembre 2017

Hi! I built a new payload useful for the detection of the presence of the new Struts REST vulnerability (CVE-2017-9805). It is a modification of the Metasploit one that uses TemplateImpl to execute a native Thread.Sleep (10000) (thanks frohoff ysoserial).

Continua a leggere

Reliable discovery and exploitation of Java deserialization vulnerabilities

apps3cCode, Notes24 Maggio 2017

Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see the presentation of Gabriel Lawrence and Chris Frohoff). The underlying …

Continua a leggere

Fiddler: NTLM authentication when Burp Suite fails

apps3cNotes12 Maggio 2017

Recently, we tested a Web application with NTLM authentication. The authentication works correctly with any browser, but failed when inserting Burp Suite in the middle (with NTLM suitably configured). Sniffing with WireShark, we found the following situation (the picture is …

Continua a leggere

Exploiting OGNL Injection

apps3cNotes20 Ottobre 2016

Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite recognizes the issue thanks to the following payload: gk6q$ {“zkz”.toString().replace(“k”, “x”)}doap2 The value returned was “igk6qzxzdoap2”, indicating of the execution of the expression.

Continua a leggere

Penetration testing on mobile applications – The hard way

apps3cNotes7 Ottobre 2016

In this period, I spend a huge portion of my working time doing penetration test on mobile applications, mainly Android and iOS. I personally consider this kind of test much more difficult than the penetration testing of web applications. Is …

Continua a leggere

Easy authorization checks with Autorize

apps3cCode, Notes16 Febbraio 2016

Recently I became one of the authors of one of the most useful (in my opinion) Burp Suite Plugin, Autorize. Autorize is a plugin created by Barak Tawily, that helps to speed up one of the most difficult task to …

Continua a leggere

Bypassing RFID HID Corporate 1000 physical access control system: improving the firmware of Proxmark III

apps3cCode, Notes18 Dicembre 2015

One of still most used physical access control system in corporate environment is HID Corporate 1000. HID Corporate 1000 is a data format developed from HID Global on RFID tags (low frequency proximity technology at 125 kHz). HID Corporate 1000 …

Continua a leggere

Scanning for Java Deserialization Vulnerabilities in web applications with Burp Suite

apps3cCode, Notes14 Dicembre 2015

Recently an analysis of Foxglove Security on a vulnerability on Java Deserialization disclosed in January by frohoff and gebl (http://frohoff.github.io/appseccali-marshalling-pickles/) has highlighted a very dangerous issue in Java world. frohoff and gebl discover a very serious vulnerability in Java deserialition …

Continua a leggere

Pentesting with Serialized Java Objects and Burp Suite

apps3cCode, Notes17 Aprile 2015

Some days ago, I had to test a web application consisting in a Java applet. Like always, I direct all traffic through my favourite HTTP Proxy, Burp Suite, but the applet doesn’t seem to work. After many trying and with …

Continua a leggere

Cookie	Durata	Descrizione
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

www.apps3c.info Articoli.

Barra Laterale Scorrevole