a4apphack

Proxy Switchy! is an advanced proxy manager for Google Chrome, it allows users to manage and switch between multiple proxy profiles quickly and easily.

This will be one must-have addition to the chrome addons that helps for security testing which we had discussed earlier here. While conducting blackbox security assessments, we normally do analysis on communication between the server and the browser (client). This is done with the help of various software proxy interceptors such as Paros, Webscarb, Burp etc. by redirecting traffic to these proxies.

Most of the times its required to change the browser proxy settings to
1. Change the port to switch the listener (proxy) that intercepts web traffic
2. Filter the URLs that are not in our scope to reduce the overhead on the proxy.
3. Match the URLs to send to different listeners based on certain patterns.

Proxy switch can help to easily overcome the situations mentioned above.

Read the rest of this entry »

Google has launched Secure Google search hosted on SSL lately . This post talks on how to enable this Secure Google search to the browser search bar/search suggestions in Firefox, Chrome and IE browsers.

Updated: Added Screenshots for IE

1. Firefox

Go to the Mozilla Addons Page and add Google SSL Search Plugin

Select ‘Start using it right away in the dialog box that displays – Add “Google SSL” to the list of engines available in the search bar?

2. Chrome

Right Click on Chrome Omnibar(Address bar) and Select ‘Edit Search Engines’.

In the Edit Search Engines Dialog box add https://www.google.com/search?q=%s in the URL field and click on Make Default Button.

Dont forget to check the Chrome Extensions List for Security Testers, here (Internal Post)

3. Internet Explorer

• Access the Add Search Providers page

• In the Create Your Own enter https://www.google.com/search?q=TEST in the URL field

Click on the Install Button to see the following screen. Check the ‘Make this my default search provider’

Now the Search box in IE will display Google.

via Google Blog and TechDows

Gruyere is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.

Update: Jarlsberg is now Gruyere

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

• How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
• How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

Documentation Here

Read the rest of this entry »

This post lists 13 Chrome Extensions to aid security testers during their web application pen testing.

1. WebDeveloper

2. Firebug Lite

3. Pendule

Read the rest of this entry »

An XSS vulnerability has been discovered and disclosed to public in SharePoint Server 2007 and Microsoft Windows SharePoint Services 3.0. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment.

This vulnerability is discovered by High-Tech Bridge SA and has been notified to Microsoft 12 April 2010. On the day of writing of this post, the vulnerability remains unfixed.

Read HTBridge advisory here

Vulnerable URL :

http://TARGETSITE/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X

Screenshot

Read more at Microsoft Security Advisory (983438)

Skipfish is an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Installation on Ubuntu/BackTrack (via Redspin)

Use the following commands in the terminal windows to install and run Skipfish. Replace OUTPUT_FOLDER and TARGETSITE with the domain name and the target’s URL respectively. Also change the wget URL to the URL of the latest version of Skipfish download available.

wget http://skipfish.googlecode.com/files/skipfish-1.29b.tgz
tar zxvf skipfish-1.01b.tgz
sudo apt-get install libidn11-dev
cd skipfish
make
cp dictionaries/default.wl skipfish.wl
./skipfish -o OUTPUT_FOLDER http://www.TARGETSITE.com

Trial Run

Installed SkipFish and ran on the target site, specs below.

Guest OS : BackTrack4 VM

Host OS : Windows Vista

RAM : 512MB

Application Size : Medium ( < 1000 Unique Pages )

Internet Speed : 1 MBPS

Skipfish Verbose

Skipfish displays the scan run statistics continuously during the run. Once the scan run is complete, we get to see the scan summary (shown in the below screenshot).

Skipfish Console (Click to Enlarge)

Read the rest of this entry »

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. This tool automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies.

WebSecurify is available in major OS platforms – Windows, Mac and Linux. Its even available as a Chrome extension.

Post Updated:

• Target site that requires authentication
• Info on Chrome Plugin

Read the rest of this entry »

FlashCookiesView is a small utility that displays the list of cookie files created by Flash component (Local Shared Object) in your Web browser. For each cookie file, the lower pane of FlashCookiesView displays the content of the file in readable format or as Hex dump. If you are a security tester, this can help you while testing for flash applications – to analyse the sensitive content in the flash generated cookies.

You can also select one or more cookie files, and then copy them to the clipboard, save them to text/html/xml file or delete them.

Flash Cookie Viewer

Read the rest of this entry »

ZeroDayScan is an online web application scanner which crawls through the app and discovers the vulnerabilities in the application. It attempts to find out the common web vulnerabilities like XSS, SQL Injection and all the way down to web app fingerprinting.

As per their FAQ it takes around half an hour to scan normal sized websites, but as soon as I initiated scan for my website, I got a notification mail saying that it takes around 72 hours to complete the scan but I got the results emailed in about 5 hours.

Read the rest of this entry »