Archive | Web Hacking


13 December 2006 | 8,410 views

Backframe (Formerly Backweb) JavaScript Attack Console

There has been a recent release of Backframe (Formerly Backweb) Attack Console. Backframe Attack Console was started as an experiment to create a full featured attack console for exploiting web browsers, web users and remote applications. Those who are familiar with XSS Proxy or even BEEF might already be familiar with the core principles of […]

Continue Reading


22 November 2006 | 14,912 views

Web 2.0 Hacking with Firefox and it’s plugins

A dream come true, would I say… recently found this article on securityfocus, it’s awesome… all that you need (beside Firefox) is pointed out in the article, so go on, what are you waiting for… http://www.securityfocus.com/infocus/1879

Continue Reading


21 November 2006 | 7,814 views

AttackAPI 0.8 JavaScript Hacking Suite Available

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies. The standalone components of the library can be found at […]

Continue Reading


19 November 2006 | 7,229 views

Hackers’ Project – Browser Exploit Code Hiding

Hackers are developing new software that will help hide browser attack code from some types of security software. The software, called VoMM (eVade o’ Matic Module), uses a variety of techniques to mix up known exploit code so as to make it unrecognizable to some types of antivirus software. Using these techniques, VoMM “can create […]

Continue Reading


17 November 2006 | 5,693 views

w3bfukk0r 0.2 Forced Browsing Tool Released

w3bfukk0r is a forced browsing tool, it basically scans webservers (HTTP/HTTPS) for a directory by using HTTP HEAD command and brute force mechanism based on a word list. Features: HTTP/HTTPS(SSL) support Banner grabbing User-Agent faking Proxy support (HTTP/S) Reports found and non-existend directories Example output:

Note: Not all webservers are handling HTTP status codes […]

Continue Reading


13 November 2006 | 8,439 views

MySpace Paedo Caught by PERL Script

Now for once, this is a really neat use of technology, someone using their brains and a suitable tech to solve a problem that is very apparent. PERL may be frowned upon by some as being old or outdated, but seriously for parsing data, pattern matching and trawling, it’s still excellent and you can get […]

Continue Reading


28 October 2006 | 17,371 views

BobCat SQL Injection Tool based on Data Thief

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user […]

Continue Reading


25 October 2006 | 12,848 views

Tracking Users Via the Browser Cache

An interesting new twist on things, rather than using cookies to store information you can use perpetually cached files. So clearing your cache and cookies isn’t enough, could be a privacy issue you say, indeed it could.. Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of […]

Continue Reading


24 October 2006 | 8,903 views

LAPSE Sourcecode Analysis for JAVA J2EE Web Applications

LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project. LAPSE targets the following Web application vulnerabilities: […]

Continue Reading


22 October 2006 | 22,826 views

Odysseus Proxy for MITM Attacks Testing Security of Web Applications.

Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission. For example, […]

Continue Reading