Extending burp proxy

Intercepting proxies and other intercepting software like tamperdata are ideal tools to modify a http request or response when you are taking a peek into the nice world of web application hacking.

Burp suite is not free like webscarab but I like it because the interface is more intuitive. It seems though that wescarab-ng is doing a pretty good job on the interface part. So what is burp suite exactly?

From the burp suite website:

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

The best thing? It can be extended!

Continue reading “Extending burp proxy”

It’s not always technical

Well like the title says you can’t always dedicate your time to technical things. I’ve always loved art…it didn’t really mather to me what kind of art it was as long as it really speaks to me.

So lateley I’ve encountered a art form I really like. Abstract expressionism. It’s wonderfull you can imagine all you want there is nothing defined and it really speaks to me.

I’ve encountered an artist who’s art I really like. It’s so full of color and so different. The only down part is , that her page is only in spanish for the moment beeing, I’ve emailed her and the english portion of her website will be published soon. I’ve added a non-technical categorie in the links section so you can all visit her page and enjoy her art just like I did.

FDE / WDE spiced up

So you got your harddisks encrypted and feel totally secure? Think again.

Investigators have got some nifty devices which are capable of moving your pc without disconnecting it. Effectively bypassing FDE/WDE encryption if you are not used to lock your computer. Although locking doesn’t seem to be the answer nowadays with all those firewire hacks. So what’s left to do?

First of all disable firewire and make sure you always lock your pc. In the strange case that you do not lock your pc I made some easy yet (this hasn’t been tested in a real life situation) effective code to frustrate the investigator. This is just some quick POC (forgive me the messy code) I wrote. In a lab environment this works, so don’t blaim me if this doesn’t work in a real life situation.

Continue reading “FDE / WDE spiced up”

Bypassing ip restrictions with a backdoor

This idea popped in my head a while back and is still on my todo list (note: my todo list never shrinks). The following context/problem applies.

Suppose you want to steal information but the server you want to backdoor has got all ports ip restricted on an application level. Like a IIS instance which restricts users based on their ip address. How could this be bypassed without adjusting the IIS configuration or using a complicated rootkit. I thought of the following (note: this can also be implemented in ring0):

Continue reading “Bypassing ip restrictions with a backdoor”

Trusting Java Applets

abusing the trust people have in signed applets.

It’s been blogged before but oh well I always learn by example so here is an example. The thing I’m talking about is trusting signed java applets. In short when you trust a java applet it can do whatever it wants. So what could you do with a java applet? The java source code will steal your mac address, rather useless but it serves the example purpose good enough. The stolen mac address get’s submitted to a page in this case it will be google which will look like this:

Continue reading “Trusting Java Applets”

Friends

Well my old website used to have a single page dedicated to affiliates and people I have met during my online time spent on irc, forums, etc…

On this blog I will maintain a list of friends. So just contact me to update this list. Please don’t be offended if your website isn’t on thislist I probably forgot some…still trying to sort things out.

Changes…

Welcome to my new blog.

Like some of you know I used to have my own website http://www.kd-team.com. Unfortunatly life goes on and everyone heads for a new direction in life. Because of time restraints and the work it took to manage the website we decided to cancel it.

Most of the old content will be published here, just for archive purposes. The rest of the posts will be about daily security problems I struggle with or just random ideas I get in the middle of the night.

I’m off for some sleep, I’ll continue later on.