Tag Archives: Webapp

WannaRace : WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition

WannaRace is a WebApp intentionally made vulnerable to Race Condition Description Race Condition vulnerability can be practiced in the developed WebApp. Task is to buy a Mega Box using race condition that costs more than available vouchers. Two challenges are made for practice. Challenge B is to be solved when PHPSESSID cookie is present, cookie …

Continue reading “WannaRace : WebApp Intentionally Made Vulnerable To Race Condition For Practicing Race Condition”

BurpSuite Extension Ruby : Template to speed up building a Burp Extension using Ruby

Due the lake of examples and implementations of BurpSuite Extension Ruby, we have decided to make it easy for all rubyists to have a confident and quick start to build useful extension for InfoSec community. This repository is a collection of templates of Burp Suite Extensions, focusing on Burp suite API functionalities and simplifying Java …

Continue reading “BurpSuite Extension Ruby : Template to speed up building a Burp Extension using Ruby”

PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine

PwnBack requires PhantomJS to run. To understand why it is required currently see the section PhantomsJS. The plugin has several settings that a user can define depending on their hardware setup. PhantomJS WebDrivers The number of Firefox headless browsers to open. Be mindful of Burp Suite’s memory settings HTTP Response Parsers These are responsible for …

Continue reading “PwnBack – Burp Extender Plugin That Generates A Sitemap Of A Website Using Wayback Machine”

Headless Burp – Automate security tests using Burp Suite

Headless Burp provides an extension to Burp that allows you to run Burp Suite’s Spider and Scanner tools in headless mode via command-line. However, it can do more! It can produce a JUnit like report which in turn could instruct the CI server to mark the build as “failed” whenever any vulnerabilities are found. You …

Continue reading “Headless Burp – Automate security tests using Burp Suite”

HUNT – Burp Suite Pro/Free and OWASP ZAP Extensions

HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions. Identifies common parameters vulnerable to certain vulnerability classes (Burp Suite Pro and OWASP ZAP). Organize testing methodologies (Burp Suite Pro and Free). HUNT Parameter Scanner – Vulnerability Classes SQL Injection Local/Remote File Inclusion & Path Traversal Server Side Request Forgery & Open …

Continue reading “HUNT – Burp Suite Pro/Free and OWASP ZAP Extensions”