Polyglot payloads in practice by avlidienbrunn at HackPraMathias Karlsson
A lecture/talk describing how to build and use polyglot payloads for finding vulnerabilities in web applications that traditional payloads can't.
Here's the last slide: http://www.slideshare.net/MathiasKarlsson2/final-slide-36636479
General Waf detection and bypassing techniques. Main focus to demonstrate that how to take right approach to analyse the behaviour of web application firewall and then create test cases to bypass the same.
Polyglot payloads in practice by avlidienbrunn at HackPraMathias Karlsson
A lecture/talk describing how to build and use polyglot payloads for finding vulnerabilities in web applications that traditional payloads can't.
Here's the last slide: http://www.slideshare.net/MathiasKarlsson2/final-slide-36636479
General Waf detection and bypassing techniques. Main focus to demonstrate that how to take right approach to analyse the behaviour of web application firewall and then create test cases to bypass the same.
Burp Suite is an integrated platform for performing security testing of web applications. It is designed to support the methodology of a hands-on tester, and gives you complete control over the actions that it performs, and deep analysis of the results. Burp contains several tools that work together to carry out virtually any task you will encounter in your testing. It can automate all kinds of tasks in customizable ways, and lets you combine manual and automated techniques to make your testing faster, more reliable and more fun.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsAugust Detlefsen
This lecture gives pentesters and security tool developers an overview of the APIs available to extend the Burp Suite intercepting proxy. Using open-source examples developed by the author I illustrate a number of key areas for anyone wishing to create extensions for Burp Suite:
- Passive scanning
- Active scanning
- Identifying insertion points
- Request modification
The presentation includes code samples and links to actual open source Burp Suite plugins developed by the author.
Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg.
There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes.
This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.
Nmap (Network Mapper} is and an Open Source utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network.It can be used for IT auditing and asset discovery as well as security profiling of the network.
Getting the Most out of Burp Extensions. How to build a Burp extension, techniques for passive and active scanners, defining insertion points, modifying requests, and building GUI tools. This talk presents code libraries to make it easy for testers to rapidly customize Burp Suite.
In this talk, we’ll walk through utilizing one of the most popular web vulnerability testing frameworks BurpSuite. During this presentation we will cover the process of how to conduct a successful web penetration tests, while utilizing BurpSuite's features and tools (Free and Pro Version). This discussion will also cover realistic examples and a brief overview of common vulnerabilities found in web applications.
Burp Suite is an integrated platform for performing security testing of web applications. It is designed to support the methodology of a hands-on tester, and gives you complete control over the actions that it performs, and deep analysis of the results. Burp contains several tools that work together to carry out virtually any task you will encounter in your testing. It can automate all kinds of tasks in customizable ways, and lets you combine manual and automated techniques to make your testing faster, more reliable and more fun.
SOSCON 2019.10.17
What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel.
Daniel T. Lee (Hoyeon Lee)
@danieltimlee
Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsAugust Detlefsen
This lecture gives pentesters and security tool developers an overview of the APIs available to extend the Burp Suite intercepting proxy. Using open-source examples developed by the author I illustrate a number of key areas for anyone wishing to create extensions for Burp Suite:
- Passive scanning
- Active scanning
- Identifying insertion points
- Request modification
The presentation includes code samples and links to actual open source Burp Suite plugins developed by the author.
Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg.
There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes.
This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.
Nmap (Network Mapper} is and an Open Source utility which can quickly scan broad ranges of devices and provide valuable information about the devices on your network.It can be used for IT auditing and asset discovery as well as security profiling of the network.
Getting the Most out of Burp Extensions. How to build a Burp extension, techniques for passive and active scanners, defining insertion points, modifying requests, and building GUI tools. This talk presents code libraries to make it easy for testers to rapidly customize Burp Suite.
In this talk, we’ll walk through utilizing one of the most popular web vulnerability testing frameworks BurpSuite. During this presentation we will cover the process of how to conduct a successful web penetration tests, while utilizing BurpSuite's features and tools (Free and Pro Version). This discussion will also cover realistic examples and a brief overview of common vulnerabilities found in web applications.
Instant Payment Notification (IPN) is a messaging service that notifies users of events related to PayPal transactions. One can use IPN messages to automate back-office and administrative functions, such as fulfilling orders, tracking customers, and providing status and other transaction-related information.
How to Launch a Web Security Service in an HourCyren, Inc
Want to find out how to launch your very own web security service in less than an hour? We take a deep dive into the fastest growing security market, explore the limitations of existing solutions, and demonstrate how to take your Web security “to the cloud” today.
Pyscho-Strategies for Social EngineeringIshan Girdhar
We have various resources for learning social engineering like social-engineer.org, the art of deception by kevin mitnick, the art of social engineering by Christopher Hadgney etc. but then why this same old TALK? The purpose of this talk is to take you one step forward, by teaching you how exactly it could be done. I mean, how can you possibly hack computers without having the basic understanding of how operating system works, how computer protocols works? You need to know what you’re dealing with and then you go ahead and look for the security issues and vulnerabilities in them. Similar scenario is with social engineering, You need to know what you are dealing with. HUMANS. Right!. what do you know about humans other than but being one. How do they operate, how do they make decision, what all factors affects their response etc. Without understanding how humans work? Your knowledge of social engineering and toolkits will not suffice. This talk will unleash the psychological strategies to execute the structure of social engineering.
This will be a brief discussion on Pen Testing Web Services in 2012, though OWASP have testing guides which describes various methods and tools for performing black box and white box security testing on web services but they’re all outdated. The key points of the presentation will revolve around how to pen test web services, what are the pre-requisites, methodology, tools used, etc.
Pentesting RESTful webservices talks about problems penetration testers face while testing RESTful Webservices and REST based web applications. The presentation also talks about tools and techniques to do pentesting of RESTful webservices.
A story of how we went about packaging perl and all of the dependencies that our project has.
Where we were before, the chosen path, and the end result.
The pitfalls and a view on the pros and cons of the previous state of affairs versus the pros/cons of the end result.
A short introduction to the more advanced python and programming in general. Intended for users that has already learned the basic coding skills but want to have a rapid tour of more in-depth capacities offered by Python and some general programming background.
Execrices are available at: https://github.com/chiffa/Intermediate_Python_programming
Steelcon 2014 - Process Injection with Pythoninfodox
This is the slides to accompany the talk given by Darren Martyn at the Steelcon security conference in July 2014 about process injection using python.
Covers using Python to manipulate processes by injecting code on x86, x86_64, and ARMv7l platforms, and writing a stager that automatically detects what platform it is running on and intelligently decides which shellcode to inject, and via which method.
The Proof of Concept code is available at https://github.com/infodox/steelcon-python-injection
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
Today most networks present one “gateway” to the whole network – The SSL-VPN. A vector that is often overlooked and considered “secure”, we decided to take apart an industry leading SSL-VPN appliance and analyze it to bits to thoroughly understand how secure it really is. During this talk we will examine the internals of the F5 FirePass SSL-VPN Appliance. We discover that even though many security protections are in-place, the internals of the appliance hides interesting vulnerabilities we can exploit. Through processes ranging from reverse engineering to binary planting, we decrypt the file-system and begin examining the environment. As we go down the rabbit hole, our misconceptions about “security appliances” are revealed.
Using a combination of web vulnerabilities, format string vulnerabilities and a bunch of frustration, we manage to overcome the multiple limitations and protections presented by the appliance to gain a remote unauthenticated root shell. Due to the magnitude of this vulnerability and the potential for impact against dozens of fortune 500 companies, we contacted F5 and received one of the best vendor responses we’ve experienced – EVER!
https://www.hackitoergosum.org
This presentation was given as a Workshop at OSCON 2014.
New to Go? This tutorial will give developers an introduction and practical
experience in building applications with the Go language. Gopher Steve Francia,
Author of [Hugo](http://hugo.spf13.com),
[Cobra](http://github.com/spf13/cobra), and many other popular Go packages
breaks it down step by step as you build your own full featured Go application.
Starting with an introduction to the Go language. He then reviews the fantastic
go tools available. With our environment ready we will learn by doing. The
remainder of the time will be dedicated to building a working go web and cli
application. Through our application development experience we will introduce
key features, libraries and best practices of using Go.
This tutorial is designed with developers in mind. Prior experience with any of the
following languages: ruby, perl, java, c#, javascript, php, node.js, or python
is preferred. We will be using the MongoDB database as a backend for our
application.
We will be using/learning a variety of libraries including:
* bytes and strings
* templates
* net/http
* io, fmt, errors
* cobra
* mgo
* Gin
* Go.Rice
* Cobra
* Viper
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
The infamous Mallox is the digital Robin Hoods of our time, except they steal from everyone and give to themselves. Since mid-2021, they've been playing hide and seek with unsecured Microsoft SQL servers, encrypting data, and then graciously offering to give it back for a modest Bitcoin donation.
Mallox decided to go shopping for new malware toys, adding the Remcos RAT, BatCloak, and a sprinkle of Metasploit to their collection. They're now playing a game of "Catch me if you can" with antivirus software, using their FUD obfuscator packers to turn their ransomware into the digital equivalent of a ninja.
-------
This document provides a analysis of the Target Company ransomware group, also known as Smallpox, which has been rapidly evolving since its first identification in June 2021.
The analysis delves into various aspects of the group's operations, including its distinctive practice of appending targeted organizations' names to encrypted files, the evolution of its encryption algorithms, and its tactics for establishing persistence and evading defenses.
The insights gained from this analysis are crucial for informing defense strategies and enhancing preparedness against such evolving cyber threats.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
The Art of the Pitch: WordPress Relationships and Sales
Burp plugin development for java n00bs (44 con)
1. Burp Plugin Development for
Java n00bs
44Con 2012
www.7elements.co.uk | blog.7elements.co.uk | @7elements
2. /me
• Marc Wickenden
• Principal Security Consultant at 7 Elements
• Love coding (particularly Ruby)
• @marcwickenden on the Twitterz
• Most importantly though…..
www.7elements.co.uk | blog.7elements.co.uk | @7elements
4. If you already know Java
You’re either:
• In the wrong room
• About to be really offended!
5. Agenda
• The problem
• Getting ready
• Introduction to the Eclipse IDE
• Burp Extender Hello World!
• Manipulating runtime data
• Decoding a custom encoding scheme
• “Shelling out” to other scripts
• Limitations of Burp Extender
• Really cool Burp plugins already out there to fire
your imagination
8. The problem
• Burp Suite is awesome
• De facto web app tool
• Open source alternatives don’t compare
IMHO
• Tools available/cohesion/protocol support
• Burp Extender
11. How? - Burp Extender
• “allows third-party developers to extend the
functionality of Burp Suite”
• “Extensions can read and modify Burp’s
runtime data and configuration”
• “initiate key actions”
• “extend Burp’s user interface”
http://portswigger.net/burp/extender/
13. Java 101
• Java source is compiled to bytecode (class file)
• Runs on Java Virtual Machine (JVM)
• Class-based
• OO
• Write once, run anywhere (WORA)
• Two distributions: JRE and JDK
14. Java 101 continued…
• Usual OO stuff applies:
objects, classes, methods, properties/variable
s
• Lines end with ;
15. Java 101 continued…
• Source files must be named after the public
class they contain
• public keyword denotes method can be called
from code in other classes or outside class
hierarchy
16. Java 101 continued…
• class hierarchy defined by directory structure:
• uk.co.sevenelements.HelloWorld =
uk/co/sevenelements/HelloWorld.class
• JAR file is essentially ZIP file of
classes/directories
17. Java 101 continued…
• void keyword indicates method will not return
data to the caller
• main method called by Java launcher to pass
control to the program
• main must accept array of String objects (args)
18. Java 101 continued…
• Java loads class (specified on CLI or in JAR
META-INF/MANIFEST.MF) and starts public
static void main method
• You’ve seen this already with Burp:
– java –jar burpsuite_pro_v1.4.12.jar
22. First we need some tools
• Eclipse IDE – de facto free dev tool for Java
• Not necessarily the best or easiest thing to use
• Alternatives to consider:
– Jet Brains IntelliJ (my personal favourite)
– NetBeans (never used)
– Jcreator (again, never used)
– Terminal/vim/javac < MOAR L33T
25. Java JDK
• Used to be bundled with Eclipse
• Due to licensing (I think) this is no longer the
case
• Grab from Sun Oracle’s website:
• http://download.oracle.com/otn-pub/java/jdk/7u7-b11/jdk-7u7-windows-
x64.exe?AuthParam=1347522941_2b61ee3cd1f38a0abd1be312c3990fe5
27. Create a Java Project
• File > New > Java Project
• Project Name: Burp Hello World!
• Leave everything else as default
• Click Next
28.
29. Java Settings
• Click on Libraries tab
• Add External JARs
• Select your burpsuite.jar
• Click Finish
30. Create a new package
• File > New > Package
• Enter burp as the name
• Click Finish
31. Create a new file
• Right-click burp package > New > File
• Accept the default location of src
• Enter BurpExtender.java as the filename
• Click Finish
34. Loading external classes
• We need to tell Java about external classes
– Ruby has require
– PHP has include or require
– Perl has require
– C has include
– Java uses import
35. Where is Burp?
• We added external JARs in Eclipse
• Only helps at compilation
• Need to tell our code about classes
– import burp.*;
36. IBurpExtender
• Available at
http://portswigger.net/burp/extender/burp/IBurpExtender.html
– “ Implementations must be called BurpExtender,
in the package burp, must be declared public, and
must provide a default (public, no-argument)
constructor”
37. In other words
public class BurpExtender
{
}
• Remember, Java makes you name files after
the class so that’s why we named it
BurpExtender.java
38. Add this
package burp;
import burp.*;
public class BurpExtender
{
public void processHttpMessage(
String toolName,
boolean messageIsRequest,
IHttpRequestResponse messageInfo) throws Exception
{
System.out.println("Hello World!");
}
}
39. Run the program
• Run > Run
• First time we do this it’ll ask what to run as
• Select Java Application
45. What’s happening?
• Why is it spamming “Hello World!” to the
console?
• We defined processHttpMessage()
• http://portswigger.net/burp/extender/burp/IB
urpExtender.html
– “This method is invoked whenever any of Burp's
tools makes an HTTP request or receives a
response”
47. RepeatAfterMeClient.exe
processProxyMessage
processHttpMessage
Burp Suite
http://wcfbox/RepeaterService.svc
48.
49. We’ve got to do a few things
• Split the HTTP Headers from FI body
• Decode FI body
• Display in Burp
• Re-encode modified version
• Append to headers
• Send to web server
• Then the same in reverse
50.
51. • Right-click Project > Build Path > Add External
Archives
• Select FastInfoset.jar
• Note that imports are now yellow
61. Running outside of Eclipse
• Plugin is working nicely, now what?
• Export to JAR
• Command line to run is:
• java –jar yourjar.jar;burp_pro_v1.4.12.jar burp.startBurp
62. Limitations
• We haven’t coded to handle/decode the
response
• Just do the same in reverse
• processHttpMessage fires before
processProxyMessage so we can’t alter then
re-encode message
• Solution: chain two Burp instances together
63. Attribution
• All lolcatz courtesy of lolcats.com
• No cats were harming in the making of this
workshop
• Though some keyboards were….
In the wrong roomAbout to be really offendedI don’t know much about Java, I don’t know the right terms for things and I don’t know the best style of writing it. But this code will work and that’s my primary objective today.It don’t have to be pretty, it just has to work. That’s the difference between delivering a good test or a bad one imho
So, what are we going to cover?
Can’t do a slide deck without cats
Particularly Professional
Previous app testWCF Service written in C#Not using WCF Binary protocolSOAP with Fastinfoset XML encodingBurp Suite couldn’t read it
IntelliJ Community Edition is availableWe’re going with Eclipse because it works and is free and fully functionalYou can port this learning to anything else
SHA1’s are here if you want to verify them
Package Explorer – like a directory listing of your classes and src filesMain window where we edit filesTask list – I normally close this to be honestOutline view, quite useful, gives a break down of methods, properties of classes you are working onProblems – keep your eye on this bad boy, can be very useful
Notice how it’s already popping up little tips. In this case we’ve declared an import but not used any of the classes.We’ll fix that…
Javadoc is the Java standard for documentation. It is generated automatically from comments in the code.Burp Extender has javadoc available online. We are going to use this a lot.Let’s start…..er, right….
This is our bare bones. Note the import burp.*; isn’t shown
Don’t worry too much about what it all means just at the secondhttps://github.com/7Elements/burp_workshop/tree/master/Burp%20Hello%20World!
That’s great, writing out to the console – but we need to intercept and send onwardsWe need to shuffle stuff around a bit then..https://github.com/7Elements/burp_workshop/tree/master/Burp%20Fastinfoset%20Decoder%20-%20Take%20Three
Walk through adding code to processProxyMessageShow how we can decode in the Burp Proxy window by returning new byte[]Then how it fails because the app receives plain text not FI
Now we add a re-encode method to the processHttpMessage using custom HTTP headerWe can exploit the flow order in Burp.Remember proxyProxyMessage is called *before* processHttpMessage– winhttps://github.com/7Elements/burp_workshop/tree/master/Burp%20Fastinfoset%20Decoder%20-%20Take%20Four