Select Page

Burp Extension – HMAC Signature in Custom HTTP Header

In this post I would like to share some steps that were required before testing could begin during a web API penetration test. The scenario of the engagement was: – A web API that came with a command line client, written in python The following steps were...

Fixer – Fix Protocol Fuzzing Tool

Our latest adventures took us to the magical world of… FIX protocols! The Financial Information eXchange (FIX) protocol manages the processing of real-time exchanged information within Financial Markets. It was originally authored in 1992 and became very famous...

SPARTA 1.0 BETA released

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his/her toolkit and by...

Tunna v1.1a SOCKS!

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. Due to popular demand, in this new version, Tunna (v1.1a) can be set up to be a local SOCKS proxy, that will accept any TCP traffic and send over to the webserver using HTTP requests....

Reverse Engineer Router Firmware – Part 1

This series will follow the process of reverse engineering router firmware with the purpose of discovering any vulnerabilities that could be used either remotely or locally to compromise the router. In this section I will mainly be covering how to extract/download the...