penetration-testing

Which of these scripting languages is more appropriate for pen-testing? [closed]

≡放荡痞女 提交于 2019-12-02 16:01:37
First of all, I want to avoid a flame-war on languages. The languages to choose from are Perl, Python and Ruby . I want to mention that I'm comfortable with all of them, but the problem is that I can't focus just on one. If, for example, I see a cool Perl module, I have to try it out. If I see a nice Python app, I have to know how it's made. If I see a Ruby DSL or some Ruby voodoo, I'm hooked on Ruby for a while. Right now I'm working as a Java developer, but plan on taking CEH in the near future. My question is: for tool writing and exploit development, which language do you find to be the

Burp Extension: add header to response

谁说我不能喝 提交于 2019-12-02 12:33:40
Burp newbie writing an extension... I am trying to add a header to the response to test CSP rules. I have found lots of resources to add headers to Requests, but not for Responses. Here is the (non-working) code I have so far: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # determine what tool we would like to pass though our extension: if toolFlag == 4: #if tool is Proxy Tab # determine if request or response: if not messageIsRequest:#only handle responses response = messageInfo.getResponse() #get Response from IHttpRequestResponse instance responseStr = self.

Is SQL injection possible even on a prepared statement

人盡茶涼 提交于 2019-12-02 10:43:05
问题 I read many articles on Stack Overflow regarding how SQL injection can be prevented by using prepared statements But is there any way to do SQL injection even on prepared statements or is it 100% safe? Below is my java code String query = "SELECT * FROM Users WHERE username=? and password=?"; ps=con.prepareStatement(query); ps.setString(1,username); ps.setString(2,password); rs = ps.executeQuery(); status = rs.next(); if(status==true){ ..... }else{ .... } I tried some sql injection queries

Busting a tough FRAME killer

偶尔善良 提交于 2019-12-01 13:21:29
I've been trying to break this up for a few hours now but with no success... I am pretty desperate now :( I am doing penetration testing for a company and I need to bypass this frame killer JS: <script type="text/javascript">/* <![CDATA[ */ if (top != self) { try { if (parent != top) { throw 1; } var disallowed = ['XXXXXXX.com']; var href = top.location.href.toLowerCase(); for (var i = 0; i < disallowed.length; i++) { if (href.indexOf(disallowed[i]) >= 0) { throw 1; } } } catch (e) { try { window.document.getElementsByTagName('head')[0].innerHTML = ''; } catch (e) { /* IE */ var htmlEl =

Busting a tough FRAME killer

我只是一个虾纸丫 提交于 2019-12-01 11:37:43
问题 I've been trying to break this up for a few hours now but with no success... I am pretty desperate now :( I am doing penetration testing for a company and I need to bypass this frame killer JS: <script type="text/javascript">/* <![CDATA[ */ if (top != self) { try { if (parent != top) { throw 1; } var disallowed = ['XXXXXXX.com']; var href = top.location.href.toLowerCase(); for (var i = 0; i < disallowed.length; i++) { if (href.indexOf(disallowed[i]) >= 0) { throw 1; } } } catch (e) { try {

Preparing an ASP.Net website for penetration testing

浪尽此生 提交于 2019-11-27 18:03:24
Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the default behaviour of ASP .Net such as possible cross site scripting attacks etc. Are there any good articles on which vulnerabilities exist by default in an ASP .Net application and secondly are there any good checklists to follow which will help prepare a site in advance? I think that the check list changes by the time and its theory with experience together. I always check my log files and see new

Preparing an ASP.Net website for penetration testing

狂风中的少年 提交于 2019-11-26 19:16:59
问题 Over the years I have had a few of the websites I have developed submitted for penetration testing by clients. Most of the time the issues that are highlighted when the results return relate to the default behaviour of ASP .Net such as possible cross site scripting attacks etc. Are there any good articles on which vulnerabilities exist by default in an ASP .Net application and secondly are there any good checklists to follow which will help prepare a site in advance? 回答1: I think that the

Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan

笑着哭i 提交于 2019-11-26 18:14:39
I need to remove excessive headers (primarily to pass penetration testing). I have spent time looking at solutions that involve running UrlScan, but these are cumbersome as UrlScan needs to be installed each time an Azure instance is started . There must be a good solution for Azure that does not involve deploying installers from startup.cmd. I understand that the response headers are added in different places : Server : added by IIS. X-AspNet-Version : added by System.Web.dll at the time of Flush in HttpResponse class X-AspNetMvc-Version : Added by MvcHandler in System.Web.dll. X-Powered-By :

Use App Scripts to open form and make a selection

对着背影说爱祢 提交于 2019-11-26 17:45:54
问题 To put this briefly I am testing a Google drive form that will record votes for a school election to ensure that it is secure. Is there a way to open a form from the shared URL and list/input data? In short, can I write a script to act like a bot that will vote and try to crash the form? Sample URL: http://docs.google.com/forms/d/RANDOM_STRING/viewform 回答1: Edit: Some time around the end of 2014 a change in the Google Forms service invalidated this hack. Look at Is it possible to 'prefill' a

What is “X-Content-Type-Options=nosniff”?

人走茶凉 提交于 2019-11-26 15:37:28
I am doing some penetration testing on my localhost with OWASP ZAP, and it keeps reporting this message: The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff' This check is specific to Internet Explorer 8 and Google Chrome. Ensure each page sets a Content-Type header and the X-CONTENT-TYPE-OPTIONS if the Content-Type header is unknown I have no idea what this means, and I couldn't find anything online. I have tried adding: <meta content="text/html; charset=UTF-8; X-Content-Type-Options=nosniff" http-equiv="Content-Type" /> but the I still get the alert. What is the