[B! burp] TAKEmaruのブックマーク

InQL Scanner · Doyensec's Blog

TAKEmaru 2020/04/15

リンク

Cracking the lens: targeting HTTP's hidden attack-surface | Blog

Published: 27 July 2017 at 00:30 UTC Updated: 09 March 2023 at 09:26 UTC Modern websites are browsed through a lens of transparent systems built to enhance performance, extract analytics and supply numerous additional services. This almost invisible attack surface has been largely overlooked for years. In this paper, I'll show how to use malformed requests and esoteric headers to coax these system

TAKEmaru 2018/11/09

burp

リンク

Bug Bounty Forum - tools - Proxy plugins

TAKEmaru 2018/08/31

burp

リンク

Practical Web Cache Poisoning | PortSwigger Web Security Blog

Published: 09 August 2018 at 23:20 UTC Updated: 02 October 2023 at 14:39 UTC AbstractWeb cache poisoning has long been an elusive vulnerability, a 'theoretical' threat used mostly to scare developers into obediently patching issues that nobody could actually exploit. In this paper I'll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery sys

TAKEmaru 2018/08/11

web
burp

リンク

Unearthing Z͌̈́̾a͊̈́l͊̿g̏̉͆o̾̚̚S̝̬ͅc̬r̯̼͇ͅi̼͖̜̭͔p̲̘̘̹͖t̠͖̟̹͓͇ͅ with visual fuzzing

Unearthing Z͌̈́̾a͊̈́l͊̿g̏̉͆o̾̚̚S̝̬ͅc̬r̯̼͇ͅi̼͖̜̭͔p̲̘̘̹͖t̠͖̟̹͓͇ͅ with visual fuzzing Published: 07 March 2018 at 15:46 UTC Updated: 02 June 2021 at 13:11 UTC This is valid JavaScript on Edge: ̀̀̀̀̀́́́́́̂̂̂̂̂̃̃̃̃̃̄̄̄̄̄̅̅̅̅̅̆̆̆̆̆̇̇̇̇̇̈̈̈̈̈̉̉̉̉̉̊̊̊̊̊ͅͅͅͅͅͅͅͅͅͅͅalert(̋̋̋̋̋̌̌̌̌̌̍̍̍̍̍̎̎̎̎̎̏̏̏̏̏ͅͅͅͅͅ1̐̐̐̐̐̑̑̑̑̑̒̒̒̒̒̓̓̓̓̓̔̔̔̔̔ͅͅͅͅͅ)̡̡̡̡̡̛̛̛̛̛̖̖̖̖̖̗̗̗̗̗̘̘̘̘̘̙̙̙̙̙̜̜̜̜̜̝̝̝̝̝̞̞̞̞̞̟̟̟̟̟̠̠̠̠̠̕̕̕̕̕̚̚̚̚̚ͅͅͅͅͅͅͅͅͅͅͅͅͅ