P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
aea524324828790b24a90be3bb7a0d93P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
8a7ea1821b4599bdd1749b6112865c41P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
c2b4417fce9bb70bee49a1225dbc10f1JavaScript allows you to exploit human cognitive abilities to a remarkable extent; tools such as window positioning, history.forward() and history.back(), open some scary possibilities that we are completely unprepared to deal with. This proof-of-concept aims to demonstrate this; while it is intentionally crude and makes no real effort to conceal its operation, the transitions can be made seamless and very difficult to perceive. Very accurate click prediction can be achieved by carefully measuring mouse velocity and distance to destination, too.
753f7c9a5e2186e19dff5a73e9ae8583Firefox and Opera allow you to omit MIME type in data: URLs, possibly put random garbage into that section, and still get a valid HTML document. This is a natural extension of how the Content-Type header is handled in HTTP, but probably makes little or no sense here. With the use of Unicode homographs, you can create fairly believable URLs especially in Firefox.
0b64bc5e8487abfa6e49c3b0e324b12aIt seems that relatively few people realize that holding a JavaScript handle to another window allows the attacker to tamper with the location and history objects at will, largely bypassing the usual SOP controls. With some minimal effort and the help of data: / javascript: URLs or precached pages, this can be leveraged to replace content in a manner that will likely escape even fairly attentive users.
fbb16e97002e8540980b677c7dab802bThis code is a proof of concept that demonstrates history extraction in Firefox through non-destructive cache timing.
40789638dd11c307730257784d663de0Firefox version 3.6.13 fixes an interesting bug in their same-origin policy logic for pseudo-URLs that do not have any inherent origin associated with them.
8921c58a1c1c81afbc30fa2287b1a1f7Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
a9f9eef2f860cadcc86e12785dc3057fThis is a list of older cross site scripting and bypass vulnerabilities associated with older Juniper IVE releases.
7a4246773f02b62f12f3b55f5d6a30e8Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
5ac0a84afa132a5fc302f292c897a954Michal Zalewski has noted some interested security bugs with Safari, Firefox and WebKit-based browsers.
8449b98eede4be3f1cc45b1df06d73f6Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
49b2e116808688c5e52378dfe568c885Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
b2a37c1049c03afc8b216e73e3112c39Michal Zalewski has released some details with links to proof of concept code for a MSIE same-origin bypass race condition, MSIE memory corruption on page transitions, CANVAS implementation crashes, and Safari page transition tailgating.
49789c0f64615f53186232d0ed0c3379ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
e4d5e64a0bd8f8f92032cbcee77fb3cfratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
5403d5b8fba9e72caad3345fb5e9878cratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
f52e278f94f611045335176387c8d880ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
560f64f2de79040a57e0379501cfae9fratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
515ded853cd489cd894162fcf8e069d9ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
de7e9819530a5537ba644b93d4283d28p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
b85bbe604ddd7cb813e7d132655ccc72ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
40e47c86c8beaf01dabe4eae9458cf13tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
ec8d0047b0441cd963979080d427c0bdBunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
95fac3531bf5b64e20aab748278c2129
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed