Most of the penetration tests that I did so far, are Web Applications, since even if it is a thick client application, the functionality of it is heavily based on HTTP communication, using API calls or some times, even just having the mobile view of the website inside a WebView.
So today I loaded my website and while it was loading, I noticed that it wasn’t actually loading my starting page but it tried to redirect me to
hellofromhony.com. Of course, it is visible that something was wrong, so using
Burp Suite I tried to follow the order of the events in order to understand when the redirection happened.
Everyone who doesn’t live under a rock, knows and probably used Burp Suite, by PortSwigger. Recently a Beta 2.0 version was released with multiple new features and a new dashboard to control all the processing running, from one tab. In this post I will write about some features of Burp, that I found useful and I use almost daily to make my life easier.
My main device is a MacBook and the player I usually used was VLC. VLC is easy to use and it has been here for all these years, but it was time for a change. Recently I switched to
mpv, that is flexible, customizable and open source.
Recently a friend of mine told me about Project Sonar by Rapid7. The purpose of this project is to enumerate as many as possible services online.
Aquatone is a great tool, developed by user @michenriksen, used for subdomain takeovers. The reason that I specifically like this tool is because it helps you enumerate subdomains easily, giving you IPs with Open Ports and their matching subdomain.
Recently I faced a situation that a website allowed the use of Server Side Includes. This was something new for me because I didn’t know many things about it and what payloads I could use. Luckily
I was playing with Metasploit Framework and I was using the
msfvenom payload. For that purpose I was using
Kali Linux as a Virtual Machine, mainly because all the tools are pre-installed there. Running a
I know there are multiple tutorials online on how to customize the prefix on a Terminal on MacOS but I wanted to write about it so I will remember it. When you do a clean install of
Google Scholar is a great source for every student or researcher to find some infos about the domain they are working for, you can find papers from thousands of libraries and