burpsuite-project-file-parser is an interesting tool to parse Burpsuite projects. It allows you to extract information from Burp’s project file to the terminal. You can then pipe it into other tools. I remember fighting with Burp to extract all URLs or JavaScript...
#31
Web3 learning corner #6 – a $120,000 clickjacking
Capture the Ether I continued to solve tasks from Capture the Ether CTF. I completed the Public Key task which was rather easy - about retrieving a public key from an existing blockchain transaction. The Fuzzy Identity took me much longer than it should. It was quite...
Google Cloud Platform (GCP) Prize 2021
LiveOverflow published a video covering winners of GCP Prizes. It contains 6 reports about the Google Cloud Platform and all of them are awesome! They include sick tricks and some of the reports are very CTFy, in a good sense...
Bugcrowd researcher templates
Bugcrowd doesn’t stop to impress me recently. They created report templates that we can use. Importantly, they didn’t restrict the usage to their platform but they published them on the GitHub repo so you can also use them on other platforms. Here’s the repo:...
Learning GraphQL #1 – Basics
GraphQL is something that I’ve been willing to learn for a long time. Of course, I can understand the syntax or write a simple query but I lack the understanding of how things work from the developer’s perspective. So I’m going to make a series where we create a...
Bypassing CSP with dangling markup or WordPress
One of the XSS gurus - Gareth Heyes - described a cool method to bypass CSP with dangling iframes. https://portswigger.net/research/bypassing-csp-with-dangling-iframes This, however, was a cool bug but a bug in the browser so you probably won’t use this trick in...
Advanced search in VS Code
When looking for bugs in the source code, Visual Studio Code is my IDE of choice. One of the most common features I use is searching: searching for vulnerable code patterns, searching for function usages, searching for variable names - I do it all the time. VS Code is...