Finally, a standard Linux 3.2 bridge can forward 802.1x messages!

Finally, a feature to make Linux bridge transparent to 802.1x EAP messages is in the official 3.2 kernel! No more manual kernel patching or messing with openswitch. This feature is mostly useful for pentesting 802.1x-protected networks.

To force a bridge forward 802.1x EAP messages all you needs to do is to set the 4th least-significant-bit in a special sysfs file, something like this:

echo 8 > /sys/class/net/brXXX/bridge/group_fwd_mask

I haven't tried myself yet, but can confirm the sysfs file is there on my Ubuntu 12.04.

Burp plugin for scanning GWT and JSON HTTP requests

Update: Burp Suite Pro 1.4.10 supports JSON scanning out of the box, see
Update 2: The plugin is released under the terms of GNU GPL. In short it means that you can use it and change it as you like, publish the changes under GNU GPL if you like, but cannot include it as a part of any closed-source software. If you really want to use it as a part of closed-source software, contact me, we can figure something out.

Release of sslcaudit 1.0

I would like to announce release of sslcaudit 1.0. This tool is designed to automate testing SSL/TLS clients for resistance against MITM attacks.

There is no proper installation procedure yet (Debian package and distutils-based Python installer are coming soon). For now just fetch the release from GIT repository:

~$ git clone -b release_1_0
Cloning into sslcaudit...


Does your test system support SSLv2?

Since July 2010 Ubuntu has disabled support for SSLv2 in OpenSSL library. If you are testing remote hosts for SSLv2 using a client that does not support it, you are getting false negatives.

Here is how you can check if you system supports SSLv2:

alla@notsoshiny:~$ socat OPENSSL-LISTEN:1080,method=SSLv2,cert=cert.pem,verify=0 READLINE

cert.pem has to be a valid certificate file that includes a private key. Generate one with OpenSSL if you don't have it.

Release of sslcaudit v1.0 RC1

UPDATE: Newer version of sslcaudit is available here.

Here is sslcaudit v1.0 RC1. The goal of the project is to develop a utility to automate testing SSL/TLS clients for resistance against MITM attacks. The project is GPL-licensed, source code hosted at github. PDF user guide is available at here.


Yet Another Portscanner (in Python)

I've written a custom TCP port scanner, to handle a broken target sporadically responding with SYN-ACKs even on filtered ports. Nmap detect such ports as open (in syn- and connect-scan modes).

$ sudo ./ -s -d --p0 21 --p1 25 -i vmnet8
INFO:Scanner:res, res=closed)>
INFO:Scanner:res, res=open)>
INFO:Scanner:res, res=filtered)>
INFO:Scanner:res, res=fake-open)>

We Are Hiring

We are looking for a penetration tester. Most of the work is in or around Brussels. Some of the work will have to be done remotely. Employee or subcontractor.

You'll get a lot of opportunities to hack stuff. Actually, you'll be trying to break stuff most of your working time. Except when you are writing reports. Or trying to make stuff work, before you can start breaking it. Most of the work are web application tests, but other stuff as well, from hardware hacking to custom client-server applications.

MagicTree 1.1 Released

MagicTree 1.1 is released and available for download. This release includes:

  1. Rapid 7 NeXpose XML import (both simple XML and full XML formats are supported)
  2. Arachni XML import (as of Thanks to Herman Stevens of Astyran for contribution)
  3. OWASP Zed Attack Proxy XML import (development snapshot as of 6-Feb-2012)
  4. New matrix query interface
  5. Bug fix (#224) Remove orphan projects does not work anymore
  6. Bug fix (#226) NPE in dumpData()

Installing Arachni from Source on Ubuntu 11.04 (Natty)

Herman Stevens has developed an XSLT for importing Arachni data into MagicTree.

To test his XSLT I went to install the latest development version of Arachni on my Ubuntu 11.04 (natty). Having fought with it for a while and finally managing to install it, I thought that the description of the process might help somebody else. So here it goes.

First I downloaded the sources:

NeXpose XML - A Rant

As promised here I am working on XSLT for Rapid7 NeXpose XML reports.

There is one great big problem though. "NeXpose Simple XML" format (which is the only XML format available, at least in community edition) contains almost no vulnerability information.



Subscribe to RSS - blogs