I was going over an application I wrote prepping for my upcoming class and realized the shortcoming’s of Burp’s default session handling mechanisms. Not to knock Burp, but working with a Single Page Application (SPA) that makes calls to several APIs using a JSON Web Token (JWT)…
I’ve been a little obsessed with the session handling tool-set that Burp Suite provides. I’ve been running into web applications that aggressively tear down (de-authenticate) sessions for any number of given reasons. Could be the volume of requests sent, malicious input, time-based, accessing a certain section of…
This is a script I use to enumerate hosts with the nmap scanning tool. Feed it a host/ip and base directory (under which another directory will be created to store enumeration data). Something like: You can also find this in my Gists at github at https://gist.github.com/ryan-wendel/2266751e23641ed0ff38fb7a2c3502cf The…