Author: Jaw33sh

Burp Suite vs OWASP ZAP – a Comparison series

Burp Suite {Pro} vs OWASP ZAP! Does more expensive mean better?

In this post, I would like to document some of the differences between the two most renowned interception proxies used by penetration testers as well as DevSecOps teams around the globe.

:::DISCLAIMER:::

I am no expert in both tools; however, I have used them enough to feel good about documenting their features in this post. Please comment if you see an error or you want to point something I missed.

Introduction

Both OWASP ZAP and Burp Suite are considered intercepting proxies (on steroids) that sits between the browser and the webserver to intercept and manipulate requests exchange.

OWASP ZAP is a free and open-source project actively maintained by volunteers while Burp Suite is a commercial Product maintained and sold by PortSwigger, They have been selected almost on every top 10 tools of the year, and in this post, I will compare version 2020.x of burp suite which saw the first release on January 2020.

We can see since they emerged to the market, they are gaining more and more momentum and users as we see in google trends for the past 5 years (2015-2020). Hopefully, by the end of this post, you will get a better understanding of their similarities and differences.

Trends between 2015 and 2020
Google Trends showing Burp suite in blue and OWASP ZAP in Red

I will discuss the differences between both tools in regards to the following aspects:

  1. Describing the User Interface
  2. Listing capabilities and features for both tools
  3. Personal User Experience with each one of them
  4. Pros and Cons of each tool 

Continue reading “Burp Suite vs OWASP ZAP – a Comparison series”

On managing huge penetration tests – a Technical preview

1ntroduct1on

This is a 5 minute read, intended for technical folks who do several huge/big penetration testing projects, by huge i mean any scope bigger than 10+ feature-rich applications and not in a Bug Bounty program as JHaddix have two excellent talks about that How to Shot Web 2015 and Bug Bounty Hunting Methodology v2 2017

To be more clear; I will try to cover what you need to know prior to execution and during engagement, propose a time management practice and how to handle the large sums of information, notes, junk and challenges that arise before writing your report. So you can organize your work and report.

If you have a better way to do this tell me in the comments too, i would like to learn just as you do.

You want to hack! you want to find vulnerabilities and make their impact huge right, we all want that l33t feeling.

jwyvo

Continue reading “On managing huge penetration tests – a Technical preview”

Hardening your IIS 8.0 and 8.5

Todays I would like to share some hints about hardening your IIS 8.0/8.5 since not a lot of recourse are available for these particular versions at time of this post.

My problem with IIS was it is not easy to remove extra headers and banners easily like in Apache or Nginx.

In a typical engagement we face webservers that expose too much default headers like ‘X-Powered-By, Server, X-AspNet-Version’ and a lot more.  the problem with these headers is that they give a way too much info about your web application technology and backend server (do we still remember when IIS 7.5 & ASP.NET 4.0 had a DoS attack? ICYMI CVE-2011-3414).

The goal of this post is to help you remove these deafualt header on Microsoft IIS 8.0 & 8.5. IIS 7 and 7.5 and 10.0 can easily be configured.

iis hardening headers 01
Telerik demo site with tons of headers

Continue reading “Hardening your IIS 8.0 and 8.5”

eLearnSecurity Web application Penetration Tester eWPT Exam Review

This Post provides  a general overview of my experience with eLearnSecurity Web application Penetration Tester (eWPT) exam, it is easier to read in categories.

Materials

materials covers a vast majority of web application vulnerabilities and the methodology to find new vulnerabilities in new technologies such as the all new HTML5 and so on

Labs

Labs are divided into two. Guided labs and Challenges.

Guided labs are PDF step by step instructed and requires deep understanding of the concept before you get your hands on the keyboard

Challenges are real challenges testing your black box critical thinking and reasoning to find and exploit the vulnerability.

Continue reading “eLearnSecurity Web application Penetration Tester eWPT Exam Review”

Porting Kali Nethunter to HTC One Max and other devices

::: Update January 2016 :::
The official github wiki is now updated on how to port NetHunter to new devices

 

This will be a technical post about porting Kali Linux Nethunter to HTC One Max and possibly any android device with a publicly available kernel source code.
if your device is not root-able or it’s boot loader isn’t unlock-able stop here please. this port contents are not only from my keyboard they are from the community and the official repos.

::: Disclaimer :::

I am not responsible of any damage you may cause by following steps mentioned here.

Understanding the Port

Linux Kali NetHunter (NH) is divided in two parts
  • rootfs/chroot.
  • kernel.
Rootfs is not critical to your android device because it is just Kali Linux in a chroot environment. However the kernel is the most important part because it is the critical part to get Bluetooth, Wireless USB and HID keyboards work. Porting to a new device requires recompiling the kernel AND an unlock-able/root-able device.

Setup Environment

  • Kali 1.1.0 x64
  • Core i5 2.40GHZ
  • RAM 1GB

Continue reading “Porting Kali Nethunter to HTC One Max and other devices”

Kioptrix 3 walkthrough

there are a lot of walk through’s in the web regarding this machine although you have to read couple of them if you encountered a problem and want to be sure

download the vm and check md5sum

steps:

fire your vulnerable machine and ensure your attacker machine is in the same subnet (don’t forget to update your /etc/hosts file)

identify the machine and scan it

netdiscover -i eth1
netdiscover -i eth1

Continue reading “Kioptrix 3 walkthrough”

The Case of PHP.NET

This weekend i found a link for a pcap file of the php.net compromise, actually my friend challenged me to analyze it without using Network Miner, see how awesome is that 🙂 it’s like a real hack not some pcap file on a competition of a hackathon 🙂

so i downloaded it and started scratching my old notes, i decide to not use internet for this one unless extremely needed , only command line help to analyze it, lock n load…

First analysis reveals about 10 protocols found in the network capture

Protocols in the pcap

8 domains were involved including php.net although one looked like having a random suspicious name

Continue reading “The Case of PHP.NET”