#14

Proxying Flutter apps through Burp

I remember that pentesting mobile Flutter applications has been painful on iOS. The first time we got the project we spent like a week just trying to figure out how to proxy the app through Burp. Eventually, we found a solution with invisible proxying but I see that...

Reverse engineering a CVE

The CVE 2021 40438 is SSRF in mod_proxy of apache2. Now, the vulnerability itself I may cover in a BBRE video because it's quite an interesting one. What I'd like you to focus on in this article is the way that the hacker reverse engineers the patch to find out the...

A few SSH commands that you’ll certainly use

SSH - I'm sure you have used it and not once. It actually has much more functionalities than just connecting to a remote server. I prepared for you a small cheat sheet with commands that I use. authorized_keys First and foremost, it's good to configure logging in...

A ridiculous way to bypass AWS WAF

WAFs are often bypassable and mustn't be relied on as the only line of defence. With that said, they tend to be annoying and sometimes even make attacks impossible. The AWS WAF has an interesting feature. It only inspects the first 8 KB of the POST body. By default,...

Extracting words specific to a target

TomNomNom is an absolute genius when it comes to working with bash. When there's a task that takes too long to complete, he just writes his own script to do the work for him. In the last issue we've talked about what wordlists are, today let's talk about actually...

Bypassing verification with arrays

EnesSaltk7 shared on Twitter that he has been able to brute-force OTP codes using a JSON array. Instead of sending one parameter, you send the array with many values and only need one of them to be valid. It's a nice one. A bit similar to what we've talked about in...

Prototype pollution

If you have ever run npm audit command, you probably saw hundreds of alerts about prototype pollution. The majority of them are false positives - unexploitable in real life. However, this vulnerability is definitely not just a noise, especially in Node.js...