Lavakumar Kuppan Lavakumar
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import the required binaries and namespaces | |
| import clr | |
| clr.AddReference("WebsocketClient.exe") | |
| from WebsocketClient import * | |
| #Make WebSocket connection to target using the supplied Origin and check if it sends messages like it does for valid sessions | |
| def check_conn(origin): | |
| print "Testing origin - " + origin | |
| ws = SyncWebsockClient() | |
| ws.Connect("ws://tatgetapp.com/ws", origin, "SessionID=KSDI2923EWE9DJSDS01212") |
Lavakumar
/ WebSocketCommandEnumerator.py
Last active
March 7, 2016 10:54
Python Script for Enumerating Commands used in WebSocket Demo App
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import the required binaries and namespaces | |
| import clr | |
| clr.AddReference("WebsocketClient.exe") | |
| from WebsocketClient import * | |
| #the templates for WebSocket messages used in WebSocket Demo App | |
| create_session_msg = '{"cmd":"startSession"}' | |
| get_prod_msg = '{"cmd":"getProduct", "sessionId":"", "id":0}' | |
| get_error_msg = '{"cmd":"getError", "sessionId":""}' | |
| check_cmd_msg = '{"cmd":"someCommand", "sessionId":""}' |
Lavakumar
/ WebSocketFuzzer.py
Last active
March 7, 2016 10:53
Python Script for Fuzzing the IronWASP WebSocket Demo Application
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import the required binaries and namespaces | |
| import clr | |
| clr.AddReference("WebsocketClient.exe") | |
| from WebsocketClient import * | |
| #the websocket message templates used by WebSocket DemoApp | |
| create_session_msg = '{"cmd":"startSession"}' | |
| get_prod_msg = '{"cmd":"getProduct", "sessionId":"", "id":0}' | |
| get_error_msg = '{"cmd":"getError", "sessionId":""}' |
Lavakumar
/ WAP_Challenge_1_Solution_in_Ruby.rb
Last active
December 26, 2015 16:39
Ruby script written using IronWASP APIs to solve Pentester Academy's WAP Challenge -1. Link to challenge - http://www.pentesteracademy.com/video?id=153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Script to help solve http://www.pentesteracademy.com/video?id=153 | |
| #This script can be run from the multi-line scripting shell of IronWASP v0.9.7.2 and above | |
| #Make sure the scripting shell language is selected as Ruby before executing | |
| #The log id value here is one 1. The id value must point to the log containing the login request | |
| r = Request.from_proxy_log(1) | |
| r.query.set("email", "jack@pentesteracademy.com") | |
| bf = BruteForcer.new("xyz", 5,5) | |
| while bf.has_more |
Lavakumar
/ WAP_Challenge_1_Solution_in_Python.py
Last active
May 24, 2016 22:58
Python script written using IronWASP APIs to solve Pentester Academy's WAP Challenge -1.
Link to challenge - http://www.pentesteracademy.com/video?id=153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Script to help solve http://www.pentesteracademy.com/video?id=153 | |
| #This script can be run from the multi-line scripting shell of IronWASP v0.9.7.2 and above | |
| #Make sure the scripting shell language is selected as Python before executing | |
| #The log id value here is one 1. The id value must point to the log containing the login request | |
| r = Request.FromProxyLog(1) | |
| r.Query.Set("email", "jack@pentesteracademy.com") | |
| bf = BruteForcer("xyz", 5,5) | |
| while bf.HasMore(): |