fbpx
Extended XSS Searcher and Finder - scans for different types of XSS on a list of URLs. 6

Extended XSS Searcher and Finder – scans for different types of XSS on a list of URLs.

XSS Searcher is the extended version based on the initial idea already published as “xssfinder”. This private version allows an attacker to perform not only GET but also POST requests. Additionally, it’s possible to proxy every request through Burp or another tunnel. First steps Rename the example.app-settings.conf to app-settings.conf and adjust the settings. It should …

Extended XSS Searcher and Finder – scans for different types of XSS on a list of URLs. Read More »

packet total labs

HoneyBot – Capture, Upload And Analyze Network Traffic

HoneyBot is a set of scripts and libraries for capturing and analyzing packet captures with PacketTotal.com. Currently, this library provides three scripts: capture-and-analyze.py – Capture on an interface for some period of time, and upload capture for analysis. upload-and-analyze.py – Upload and analyze multiple packets captures to PacketTotal.com. trigger-and-analyze.py – Listen for unknown connections, and …

HoneyBot – Capture, Upload And Analyze Network Traffic Read More »

That LVI CPU hole wasn’t the only Intel fix: Dozens of flaws patched to stop chips turning into potatoes

Intel has posted a fresh crop of firmware updates for security flaws in its chipsets. The March fix bundle includes nine advisories covering processors, FPGAs, and other components, as well as the high-profile Meltdown-style LVI hole. Among the most expansive is the advisory for Intel graphics drivers. In total, 17 CVE-listed bugs were patched, ranging from elevation-of-privilege …

That LVI CPU hole wasn’t the only Intel fix: Dozens of flaws patched to stop chips turning into potatoes Read More »

Stuck at home? Need something to keep busy with? Microsoft has 115 ideas – including an awful SMBv3 security hole to worry about

Microsoft has emitted more than 100 fixes in its March batch of security updates. The Patch Tuesday release includes 115-CVE listed flaws, including 26 classified as critical security risks. None of the flaws have previously been disclosed or exploited in the wild. One particularly nasty remote-code execution hole revealed this week lies within SMBv3. “An attacker …

Stuck at home? Need something to keep busy with? Microsoft has 115 ideas – including an awful SMBv3 security hole to worry about Read More »

Google: You know we said that Chrome tracker contained no personally identifiable info? Forget we ever said that

Google has stopped claiming that an identifier it uses internally to track experimental features and variations in its Chrome browser contains no personally identifiable information. In February, Arnaud Granal, a software developer who works on a Chromium-based browser called Kiwi, claimed the X-client-data header, which Chrome sends to Google when a Google webpage has been requested, represents …

Google: You know we said that Chrome tracker contained no personally identifiable info? Forget we ever said that Read More »

Secret-sharing app Whisper shared secrets like last known location and actual password tokens in exposed database

Whisper, a mobile app for sharing those thoughts you’d rather not make public, turns out to be better at sharing secrets than keeping them, spilling a whopping 90 metadata fields associated with users in an exposed database. The app, launched in 2012, is intended as a way for people to “share real thoughts and feelings, …

Secret-sharing app Whisper shared secrets like last known location and actual password tokens in exposed database Read More »