##OWASP Top Ten##
###A1 Injection###
from scapy.all import * | |
def arp_display(pkt): | |
if pkt[ARP].hwsrc == '74:75:48:0f:76:3a': # Huggies | |
print "Found Dash" | |
print sniff(prn=arp_display, filter="arp", store=0, count=1000) |
##OWASP Top Ten##
###A1 Injection###
// IHttpListener | |
@Override | |
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) |
toolFlag - used to determine which tool in Burp the request is coming from. In our case the tool flag for Intruder is 32. | |
messageIsRequest - this boolean value will be true for a message request and false for a message response | |
messageInfo - this holds the full data of the message itself | |
byte[] request_byte = messageInfo.getRequest(); | |
IParameter sig_param = helpers.getRequestParameter(request_byte, "signature"); |
if (toolFlag == 32 messageIsRequest !sig_param.equals(null)) | |
{ | |
String param1 = helpers.getRequestParameter(request_byte, "param1").getValue(); | |
String param2 = helpers.getRequestParameter(request_byte, "param2").getValue(); | |
String param3 = helpers.getRequestParameter(request_byte, "param3").getValue(); |
String sig_string = calcsig(param1, param2, param3); |
sig_param = helpers.buildParameter(sig_param.getName(), sig_string, sig_param.getType()); | |
request_byte = helpers.updateParameter(request_byte, sig_param); | |
messageInfo.setRequest(request_byte); |
if (toolFlag == 32 && messageIsRequest && !sig_param.equals(null)) | |
{ | |
String param1 = helpers.getRequestParameter(request_byte, "param1").getValue(); | |
String param2 = helpers.getRequestParameter(request_byte, "param2").getValue(); | |
String param3 = helpers.getRequestParameter(request_byte, "param3").getValue(); |
Why Should I Care (For Developers)
"Docker interests me because it allows simple environment isolation and repeatability. I can create a run-time environment once, package it up, then run it again on any other machine. Furthermore, everything that runs in that environment is isolated from the underlying host (much like a virtual machine). And best of all, everything is fast and simple."
Docker | |
Dokku | |
Puppet | |
Chef | |
PoCs: |