Posts

Showing posts from June, 2012

Updated: PHP Charset Encoder

http://yehg.net/encoding/ - Added new encryption - AES, RC4, Rabbit - Fixed Hackvertor and CAL9000

Google Chrome Add-ons for Web App Hackers

Up until now, there have not been so many Chrome extensions unlike Firefox ones  for Web App Penetration Testing. Thus, this cannot be a comprehensive list. Help posting your favorite add-ons in the comment section. Thank you. ____________________________________________________________________ Reconnaissance Web Technology Notifier Wappalyzer   Chrome Sniffer (another Wappalyzer;not sniffer by meaning) Web Server Notifier W3Spy Exploit DB latest All in one web searcher   GHDB   Oracle Code Search Port Scanner 1 Port Scanner 2 Session Management Session Manager 1   Session Manager 2  Session Buddy Edit This Cookie cookie.txt export Swap my cookie Cookie Manager Remove cookies for site Awesome Cookie Manager LWP cookie export HTTP Request Replay Dev HTTP Client   Simple REST Client Advanced REST client Application   Request Maker Change HTTP Request Header (Semi-automated) Scanner WebSecurify WebSecurify (App) Recx

Firefox Add-ons Revisited for Web App Hackers

Image
ADD-ONS Web Hacker's Favorites by  YGN Ethical Hacker Group https://addons.mozilla.org/en-US/firefox/collections/yehgdotnet/webhacker/

Greasemonkey: ClickJacky

Image
Script Summary: Detect if a web application/web site is vulnerable to ClickJacking by finding the existence of Anti-Frame Headers such as X-Frame-Options and X-Content-Security. Screenshot of Greasemonkey ClickJacky in action http://userscripts.org/scripts/show/135672