alla's blog

We are hiring yet again - need a pentester

We are looking for a penetration tester again. The business has been growing steadily and we need more people.

We will prefer somebody from Belgium or EU, but will consider applications from other countries if you have solid prior experience in penetration testing. We are located in Brussels, Belgium. The job is full time, mostly on customer sites in Belgium.

TCP to WebSockets proxy in python

There seems to be a few proxies that can convert a WebSockets connection to TCP, however I couldn't find anything that goes other way around. Having the task of sending crafted messages to a WebSockets connection made me write one. Having a TCP to WebSockets proxy allows me to use netcat as a WebSockets client.

I have used the code developed by our Quentin, and added stuff like proper command-line options, upstream proxy support (to tunnel it through Burp) and making it multithreaded.

The tool is written in python and uses the websocket library.

Secure file upload in PHP web applications

This is an old paper I wrote about vulnerabilities in file upload implementations in PHP web applications. The web site it used to live on no longer exists, so I thought I repost it here to have it close at hand. It is relevant to other web application technologies (Java, .NET, etc.) but all the examples are for PHP.

Introduction

Burp is Going to Support PKCS#11

Great news - PortSwigger is working on PKCS#11 support (SSL client certificates stored on hardware tokens, such as smart cards) for Burp. I got to try the test build - it works perfectly with Belgian eID on Linux.

I am really happy about it - no more awkward chaining of proxies and SSL tunnels to get the job done.

Tags: 

MagicTree 1.3 - important bug fixes and support for IBM Rational AppScan

We have released MagicTree 1.3. It fixes several nasty bugs that may lead to data corruption. We recommend everybody who uses MagicTree to upgrade. New features include support for AppScan XML and better handling of Imperva Scuba XML

Here is the full change log:

We are hiring again!

Once again, we are looking for a penetration tester. See this post for a descriptiong of skills we are interested in. Prior penetration testing experience is a plus, but not a must, provided that you have the necessary knowledge, both practical and theoretical. The job is in Brussels, Belgium, working remotely may be possible for some projects, but most of the time you'll have to be on site.

Contact us at info@gremwell.com if you are interested.

Testing Riddler CAPTCHA

We have recently been swampted by spam forum posts and comments. Some seem to be submitted by bots while other appear to be from humans. Untill now we've been using Image CAPTCHA module which doesn't seem to help much. We have now installed and configured Riddler. Let's see if it helps.

If you are trying to submit a post or comment and can't get through Riddler, please send us an email.

MagicTree 1.2 Is Out

MagicTree 1.2 is available for download. New features in this release:

  1. Metasploit XML import (issue #228)
  2. Support "critical" severity from Nessus 5 (issue #254)
  3. XSLT export. MagicTree data can now be exported as arbitrary XML. An XSLT for nmap-format export is provided. Use case: merge multiple nmap files, then export as one file to use in Nessus scan (issue #77)
  4. Importing exploitability data from Nessus
  5. Added "Save file as..." button to XML file view

Burp plugin for scanning GWT and JSON HTTP requests

Update: Burp Suite Pro 1.4.10 supports JSON scanning out of the box, see http://releases.portswigger.net/2012/06/v1410.html
Update 2: The plugin is released under the terms of GNU GPL. In short it means that you can use it and change it as you like, publish the changes under GNU GPL if you like, but cannot include it as a part of any closed-source software. If you really want to use it as a part of closed-source software, contact me, we can figure something out.

Does your test system support SSLv2?

Since July 2010 Ubuntu has disabled support for SSLv2 in OpenSSL library. If you are testing remote hosts for SSLv2 using a client that does not support it, you are getting false negatives.

Here is how you can check if you system supports SSLv2:

alla@notsoshiny:~$ socat OPENSSL-LISTEN:1080,method=SSLv2,cert=cert.pem,verify=0 READLINE

cert.pem has to be a valid certificate file that includes a private key. Generate one with OpenSSL if you don't have it.

Pages

Subscribe to RSS - alla's blog