In the basic version, it is a program that helps maintain HTTP and HTTPS traffic, allowing it to stop, edit and reject requests sent from the web browser. It is extremely useful for checking the behavior of the web application, after sending data other than what is allowed at the browser’s frontend. This can be …
Year: 2016
Race Condition Attack – exemplary use in web application
Race Condition is a method of attack consisting of executing a query in a shorter time than the verification of the conditions of a given application action, e.g., when uploading files to the server, the time between saving the file on the disk and verifying its type or extension allows you to execute a query …
Generating WiFi communication in Scapy tool
Scapy and WiFi Scapy is a program used to manipulate packets. In this text I will show you how to use it for network communication in 802.11 standard. Fundamentals Messages exchanged between the access point and customers are formed into frames. Each standard frame has the following structure: MAC header: Frame control (version, type, subtype) …
Calculation of pseudo-random numbers generator state – on the example of Math. random() from Firefox
In this text: We will get to know how pseudo-random number generators operate We will learn how the XorShift128Plus algorithm, which is the basis of pseudo-random number generators in all the most popular browsers (Firefox, Chrome, Edge), works. We will get to know the Z3Prover tool, thanks to which we will be able to calculate …
What is the SSRF vulnerability (Server Side Request Forgery)?
A large part of web applications allows you to upload your own file to the server by providing the URL address, where it will be automatically downloaded to the server. In this article, we will discuss what problems may arise from such a solution. The article will be based on a simple functionality in the …
Bypassing the Same-origin policy in Firefox – detailed description (CVE-2015-7188)
In the third quarter of last year, I reported a security bug to Mozilla that allowed me to bypass Same Origin Policy (SOP) in Firefox. Due to this bug, it was possible to launch attacks by stealing data belonging to other domains. The source of the problem was a seemingly insignificant detail when parsing IP …
Google Caja and XSSs – how to get bounty three times for (almost) the same thing
In this article, I describe three XSSs that I reported to Google as part of their bug bounty program. All of them had their source in escaping of the sandbox in the Google Caja tool. Introduction At the beginning of this year, as my bug bounty target, I took the Google Docs applications. One of …
The new hack allows wireless opening of over 100 million cars: Audi, Skoda, various VW, Ford, Citroen.
TL; DR: As reported by Wired, nearly 100 million cars manufactured and owned by the Volkswagen group for the last 20 years can be opened wirelessly as a result of a hack. Just listen to the radio transmission when you open the car, process it… and voila. This was presented in detail at Usenix Conference …