Hi! Today I will show you a new Burp Suite plugin, Handy Collaborator, that the colleague of mine Gianluca and I wrote in order to make it possible to use Burp Suite Collaborator also during manual testing. Burp Suite Collaborator is an external server …
www.apps3c.info Articoli.
Hi! I built a new payload useful for the detection of the presence of the new Struts REST vulnerability (CVE-2017-9805). It is a modification of the Metasploit one that uses TemplateImpl to execute a native Thread.Sleep (10000) (thanks frohoff ysoserial).
Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see the presentation of Gabriel Lawrence and Chris Frohoff). The underlying …
Recently, we tested a Web application with NTLM authentication. The authentication works correctly with any browser, but failed when inserting Burp Suite in the middle (with NTLM suitably configured). Sniffing with WireShark, we found the following situation (the picture is …
Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite recognizes the issue thanks to the following payload: gk6q$ {“zkz”.toString().replace(“k”, “x”)}doap2 The value returned was “igk6qzxzdoap2”, indicating of the execution of the expression.
In this period, I spend a huge portion of my working time doing penetration test on mobile applications, mainly Android and iOS. I personally consider this kind of test much more difficult than the penetration testing of web applications. Is …
Recently I became one of the authors of one of the most useful (in my opinion) Burp Suite Plugin, Autorize. Autorize is a plugin created by Barak Tawily, that helps to speed up one of the most difficult task to …
One of still most used physical access control system in corporate environment is HID Corporate 1000. HID Corporate 1000 is a data format developed from HID Global on RFID tags (low frequency proximity technology at 125 kHz). HID Corporate 1000 …
Recently an analysis of Foxglove Security on a vulnerability on Java Deserialization disclosed in January by frohoff and gebl (http://frohoff.github.io/appseccali-marshalling-pickles/) has highlighted a very dangerous issue in Java world. frohoff and gebl discover a very serious vulnerability in Java deserialition …
Some days ago, I had to test a web application consisting in a Java applet. Like always, I direct all traffic through my favourite HTTP Proxy, Burp Suite, but the applet doesn’t seem to work. After many trying and with …