##OWASP Top Ten##
###A1 Injection###
Mike McCabe mccabe615
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from scapy.all import * | |
| def arp_display(pkt): | |
| if pkt[ARP].hwsrc == '74:75:48:0f:76:3a': # Huggies | |
| print "Found Dash" | |
| print sniff(prn=arp_display, filter="arp", store=0, count=1000) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // IHttpListener | |
| @Override | |
| public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| toolFlag - used to determine which tool in Burp the request is coming from. In our case the tool flag for Intruder is 32. | |
| messageIsRequest - this boolean value will be true for a message request and false for a message response | |
| messageInfo - this holds the full data of the message itself | |
| byte[] request_byte = messageInfo.getRequest(); | |
| IParameter sig_param = helpers.getRequestParameter(request_byte, "signature"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (toolFlag == 32 messageIsRequest !sig_param.equals(null)) | |
| { | |
| String param1 = helpers.getRequestParameter(request_byte, "param1").getValue(); | |
| String param2 = helpers.getRequestParameter(request_byte, "param2").getValue(); | |
| String param3 = helpers.getRequestParameter(request_byte, "param3").getValue(); |
mccabe615
/ gist:8861095
Created
February 7, 2014 11:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| String sig_string = calcsig(param1, param2, param3); |
mccabe615
/ gist:8861122
Created
February 7, 2014 11:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sig_param = helpers.buildParameter(sig_param.getName(), sig_string, sig_param.getType()); | |
| request_byte = helpers.updateParameter(request_byte, sig_param); | |
| messageInfo.setRequest(request_byte); |
mccabe615
/ gist:8864383
Last active
August 29, 2015 13:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (toolFlag == 32 && messageIsRequest && !sig_param.equals(null)) | |
| { | |
| String param1 = helpers.getRequestParameter(request_byte, "param1").getValue(); | |
| String param2 = helpers.getRequestParameter(request_byte, "param2").getValue(); | |
| String param3 = helpers.getRequestParameter(request_byte, "param3").getValue(); |
mccabe615
/ docker_cheat.md
Created
February 8, 2014 18:58
— forked from wsargent/docker_cheat.md
Why Should I Care (For Developers)
"Docker interests me because it allows simple environment isolation and repeatability. I can create a run-time environment once, package it up, then run it again on any other machine. Furthermore, everything that runs in that environment is isolated from the underlying host (much like a virtual machine). And best of all, everything is fast and simple."
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Docker | |
| Dokku | |
| Puppet | |
| Chef | |
| PoCs: |
OlderNewer