Bot preaches

The most famous among the bug hunters and in bounty programs is RFI and LFI vulnerabilities. They both root from file inclusion vulnerabilities. Simple one liner - When the file from a remote location is included, then its RFI(Remote file inclusion). If the file is from the local directory, then it is LFI(Local file inclusion) In description: Consider your web application is referencing a file in the form of a url to a remote location. This reference is trying to fetch a .png or .php or .js. When an attacker changes this file, the behaviour of the web application changes. The impact of this can vary based on the file that got included. The least can be simply a change in the way a page looks. When the file included executes a piece of code is when the consequences get worse. The file can be malicious which escalates privileges of a certain user and performs an irreversible action. File inclusions are easy to mitigate to a large extent using simple input validations and s...

There is a new browser in town - Brave. It says brave the internet with Brave.. Review is that  1. its faster than chrome 2. Resource utilisation is much much less 3. Blocks by default cross site tracking (Blocks all the crawlers looking for your search data and access data) 4. Blocks by default device identification attempts 5. Blocks cookies if you choose not to 6. Has private browsing with tor(Tor browser is blocked by my IT dept) With these many features in place which are shown to the user upfront, it looks like a secure station to hang on.  Check out for yourself. 

For a long time now, I have been thinking of blogging on things I learn new. I feel now that nothing will happen if I simply dream of them. So here is the kick start Burp is wonderful tool to intercept and analyse requests that go from web application to the server. It captures all the calls made by the web application first. You can tamper the payload, query params and every other aspect and send the modified request to the server. One can do injections too. All said and done, lets now see how we can set up Burp for mobile applications. Here are the steps. 1. Install genymotion https://wiki.appcelerator.org/display/guides2/Installing+Genymotion 2. Create account and login 3. Launch a simulator with OS lesser than Android 6 4. Once the simulator launches, click on "Open  GAPPs" on the top right most corner. This will install the play store. 5. From Playstore, install chrome, EX file manager, and the app you want to test 6. Go to settings and choose th...