The 5 Hacking NewsLetter 99

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 20 to 27 of March.

T5HN99.png

Our favorite 5 hacking items

1. Article of the week

Solving CAPTCHA using Burp suite proxy and mitmproxy

The first article shows a solution for testing Web apps that have a short session timeout and log you out everytime you trigger an exception, and that also require solving a captcha to log in. The captcha makes it complicated to use Burp macros, the traditional way of handling sessions. @dinosn’s method is to chain Burp with mitmproxy, another proxy that detects logouts and calls a custom script to run tesseract OCR and solve captchas.

More …

The 5 Hacking NewsLetter 98

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 13 to 20 of March.

T5HN98.png

Our favorite 5 hacking items

1. Tutorials of the week

The first article shows how to bruteforce an OTP when your target is using Web Sockets with encryption. In this scenario, traditional bruteforce with Burp Intruder is not possible so @MilindPurswani uses Selenium instead. I don’t think this is a scenario you will often encounter but if you do, this might be of great help.

The second tutorial is an introduction to URL structure. Understanding these basics helps understand how differences in URL parsers can cause serious vulnerabilities.

More …

The 5 Hacking NewsLetter 97

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 06 to 13 of March.

T5HN97.png

Our favorite 5 hacking items

1. Conference of the week

BSidesSF 2020, especially:

The range of (interesting) topics tackled in this conference is amazing. There are at least 10 talks I really need to watch. During these difficult times of Coronavirus quarantine / social distancing, this is an excellent way to pass time.

More …

The 5 Hacking NewsLetter 96

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 28 of February to 06 of March.

T5HN96.png

Our favorite 5 hacking items

1. Tools of the week

Pulsar is described as a Network footprint scanner platform. I didn’t get to test it yet, but it looks promising. It is a wrapper around many recon tools, automates many recon features like subdomain enumeration, cloud resources discovery and basic vulnerability scanning. You can run custom checks periodically, and results are presented in a very cool dashboard.

FUSE and its accompanying research paper are also worth checking out. It helped discover 30 file upload vulnerabilities in 23 Web apps!

More …

The 5 Hacking NewsLetter 95

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 21 to 28 of February.

T5HN95.png

Our favorite 5 hacking items

1. Conference of the week

AppSec California 2020

So many good talks and prestigious speakers! Topics range from Web security to Cloud, Kubernetes, Credential stuffing, DevSecOps, Car hacking and more.

I’m starting with JWT Parkour - Louis Nyffenegger and Are You Properly Using JWTs? - Dmitry Sotnikov. What about you?

More …