Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites. Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use. […]
web-application-security
Fiddler – Web Debugging Proxy For HTTP(S)
[ad] Recently I posted about Charles Web Debugging Proxy and quite a few people mentioned they had been using Fiddler. Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler […]
Charles Web Debugging Proxy – HTTP Monitor & Reverse Proxy
[ad] Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information). Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you […]
Twitter Battered By Powerful Worm Attacks
[ad] We’ve written about Twitter quite a few times now, with it’s click-jacking vulnerability, twitter phishing attacks and various other issues. It’s no surprise it’s being targeted though as it’s now the 3rd biggest social network after Facebook and Myspace. Within a relatively short time period it’s overtaken almost everyone else. This weekend it suffered […]
Watcher – Passive Analysis Tool For HTTP Web Applications
[ad] Watcher is a run time passive-analysis tool for HTTP-based Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more. Major Features: Passive detection […]