Recently after moving the blog to this self-hosted platform I decided to cleanup a bit my feed reader… you know, add some, delete some. And while searching for blogs to subscribe to I came across Michal Zalewski’s website searching for a feed. Unfortunately didn’t find a feed, but did find his newest project…
Some days ago while I was writing the (traffic magnet) article HYGHAAZG and mentioned the keylogger, instantly it came to mind a userscript one. Googled a bit, but didn’t seem to find any (quite amazed)…
An exploit (from the same word in the French language, meaning “achievement”, or “accomplishment”) is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack. (Wikipedia)
A bookmarklet is an applet, a small computer application, stored as the URL of a bookmark in a web browser or as a hyperlink on a web page. The term is a portmanteau of the terms bookmark and applet. Whether bookmarklet utilities are stored as bookmarks or hyperlinks, they are designed to add one-click functionality to a browser or web page. When clicked, a bookmarklet performs some function, one of a wide variety such as a search query or data extraction. Usually the applet is a JavaScript program. (Wikipedia)
Hopefully as you may have noticed, on a daily basis more and more of our (users) privacy is stripped shamelessly away by almost every website out there.
And so you don’t think I am speaking in a hypocritical manner, I admit I strip as well a part from your privacy, with the simple Google tracker I have inside my web pages… but for those that do care about their anonymity this is not an issue.
That’s what many NoScript users have claimed of doing after the recent debate about NoScript circumventing ADBlockPlus for displaying the ads from its own page. One question I kept asking myself: Are these really noscript users?
People tend to overdo things… And somewhere (not sure were) I’ve read an article (or better call it tutorial) where for simple modifications of parameter/header values the author suggested an intercepting proxy like: WebScarab, BurpProxy, ParosProxy, ProxyStrike, etc. Yes they’re up to the job, but aren’t there some simpler solutions? Yes there are, and those solutions will be presented in the following lines…
Mozilla Firefox thanks to it addons can truly be a web application pen-testers platform. And this concept is not new, is it?
(continue)
A long time ago (if you could say so for a couple of months) I posted a small article about Firefox being a good web application pen-testers platform. At that time I would have happily made a compilation of my preferred add-ons, but such similar projects were already available, and so didn’t afford to waste time on maintaining something like that.
(continue)