Hooking Burp Suite in Client Software Communication

SecMyth

After learning to inspect security from all perspectives from Prof. Pfitzmann at the University, I am now working as Penetration tester and IT Security Consultant since 2009. I have seen many many different applications, architectures and technologies since then.
Web Applications, Web Services, Oracle, MySQL, Linux, SAP R3 are my focus technologies, while my activities are widely spreaded: manual penetration tests, static code analysis, code reviews, consulting, project management

Ever came across the issue to redirect HTTP(S) traffic to Burp Suite originating from client software that is not supporting to configure a proxy? Continue reading “Hooking Burp Suite in Client Software Communication”

Ergonomic Password Generator

Latest posts by Simon (see all)

To secure applications it is often necessary to verify the identity of the user, this process is called authentication. There are several methods to authenticate a user, with passwords being the most common one. Passwords are usually chosen by the user. Those user passwords are often not strong enough and can be easily guessed by brute forcing or simple deduction (e.g.  pet names etc.). Continue reading “Ergonomic Password Generator”

Using Chrome Logger in BurpSuite

marko

Marko works as security professional since 2012 and performs assessments focused on web application security and code audits.

Latest posts by marko (see all)

In February of this year, a blog post by the OWASP ZAP newsletter has pointed us towards an interesting technology called Chrome Logger. Chrome Logger can be used to display server side debugging information into the web console (e.g. in Firefox) at runtime.

How it works

First, download and import the server side library which is available for different languages like Continue reading “Using Chrome Logger in BurpSuite”

Using Whitelisting to control file access in Apache Webserver

Fuseki

Fuseki has started his career as software developer, but quickly switched over to network administration. After 7 years as network engineer, incl. one year in a management position, he entered a new team, working as penetration tester and security consultant. In addition to this, malware analysis and digital forensics are becoming more and more part of Fusekis daily work.

Fuseki has studied Information Technology as well as Software Technology and holds a diploma in each of these.

The aim

You want to control which files on your webserver can be accessed by whom, but you don’t want to use blacklisting. You want to say, i.e., external users can access files whose names end with .php, .jpg and .png. All other files must not be accessible, no matter which name they have.

You can use LocationMatch and FilesMatch to control access to files. In this example, we will use FilesMatch, because we care about files which are stored on the filesystem. But the same approach also applies to files, which are generated when requested.

The problem

When apache finds a FilesMatch entry in its configuration which matches the requested filename, the corresponding rules are applied. There is no problem with that as long as you do not try to create a catch-all rule Continue reading “Using Whitelisting to control file access in Apache Webserver”

HTTP Side-Channel Attacks with Burp Suite

SecMyth

After learning to inspect security from all perspectives from Prof. Pfitzmann at the University, I am now working as Penetration tester and IT Security Consultant since 2009. I have seen many many different applications, architectures and technologies since then.
Web Applications, Web Services, Oracle, MySQL, Linux, SAP R3 are my focus technologies, while my activities are widely spreaded: manual penetration tests, static code analysis, code reviews, consulting, project management

Ever wanted a simple tool capable of performing a side-channel attack of HTTP requests? A common use case would be to test of the login action takes more time of the provided username is known by the system compared to an unknown username. The theory behind such an attack is that the code performing the login stops more early in the flow if the used username is not present in the system.

Well, to test such a weakness it is necessary to perform certain HTTP requests, e.g. logins, and to capture the need time to receive a response. But what tools are fulfilling these requirements? The search can’t be this hard. In fact the most common Continue reading “HTTP Side-Channel Attacks with Burp Suite”