XML format was probably the most commonly used, before JSON took its place. Like almost every programming language Go or Golang, supports the XML format. In case you are here, it means you were stuck in some of those possible ways to unmarshal your XML code into a nice object.Read More »Complete XML Parsing Guide with Golang
During an assessment, I needed a web server which would serve a 204 HTTP response. Is is not so common or easy to find it, so I decided to create one for when needed, which I would be able to use it offline.
Just save the snippet below as a python file and change the status code. When loading the page, it will serve you the status code needed.
In case you are here you know already what WSL2 is and why to use it. For those who don’t know I will just say that it helps you run a Linux distribution inside your Windows operating system.
Most of the penetration tests that I did so far, are Web Applications, since even if it is a thick client application, the functionality of it is heavily based on HTTP communication, using API calls or some times, even just having the mobile view of the website inside a WebView.
So today I loaded my website and while it was loading, I noticed that it wasn’t actually loading my starting page but it tried to redirect me to
hellofromhony.com. Of course, it is visible that something was wrong, so using
Burp Suite I tried to follow the order of the events in order to understand when the redirection happened.
Everyone who doesn’t live under a rock, knows and probably used Burp Suite, by PortSwigger. Recently a Beta 2.0 version was released with multiple new features and a new dashboard to control all the processing running, from one tab. In this post I will write about some features of Burp, that I found useful and I use almost daily to make my life easier.
Recently a friend of mine told me about Project Sonar by Rapid7. The purpose of this project is to enumerate as many as possible services online.
Aquatone is a great tool, developed by user @michenriksen, used for subdomain takeovers. The reason that I specifically like this tool is because it helps you enumerate subdomains easily, giving you IPs with Open Ports and their matching subdomain.
Recently I faced a situation that a website allowed the use of Server Side Includes. This was something new for me because I didn’t know many things about it and what payloads I could use. Luckily Read More »List of Server Side Include (SSI) Payloads