I had an engagement the other week where I discovered a few instances of Blind SQL Injection in a .NET application with a Microsoft SQL Server (MS-SQL) back-end database system. The underlying account user had “sysadmin” privileges but due to the reservations of my client, I chose…
Tag: Burp
Application Enumeration Tips using Aquatone and Burp Suite
I was recently introduced to a really cool domain flyover tool named Aquatone written by Michael Henriksen. In the past, I had used another really cool tool known as EyeWitness to perform similar tasks. In short, both of these tools screenshot web application resources (among other things)…
Using Burp Suite’s Cookie Jar for JSON Web Tokens
I was going over an application I wrote prepping for my upcoming class and realized the shortcoming’s of Burp’s default session handling mechanisms. Not to knock Burp, but working with a Single Page Application (SPA) that makes calls to several APIs using a JSON Web Token (JWT)…
Burp Suite Tips – Volume 2
So on to the second leg of this journey. You can find the first installment of my Burp Suite Tips series at the following link. Burp Suite Tips – Volume 1 Viewing Target and Repeater Using Tabs I much prefer viewing the Target and Repeater tabs using…
Fun with Burp Suite Session Handling, Extensions, and SQLMap
I’ve been a little obsessed with the session handling tool-set that Burp Suite provides. I’ve been running into web applications that aggressively tear down (de-authenticate) sessions for any number of given reasons. Could be the volume of requests sent, malicious input, time-based, accessing a certain section of…
Burp Suite Tips – Volume 1
I’ve been meaning to compile a bunch of Burp Suite tips for a while now. Stuff I’ve learned from others and things I’ve picked up along the way. This is the first installment of such helpful tips. I’ll be looking to pump out at least three posts…
Hunting Sensitive Web Files
Something I like to do when testing a web application is to look for sensitive files that have been placed in web-exposed directories. Application administrators sometimes leave files in places they shouldn’t that contain information which may help advance your attack chain. Source code, configuration files, and…