My initial post about this advanced XSS detection and exploitation suite was almost an year ago! Three days ago, an update - XSStrike 3.1.2 was released. This is a post that documents these changes. What is XSStrike? XSStrike is a Cross Site Scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine Read more about UPDATE: XSStrike 3.1.2
If you remember a couple of weeks back, I blogged about XSS Radar, a Google Chrome extension to help you discover cross-site scripting vulnerabilities. This post is about - XSStrike, a similar tool to help you find cross-site scripting vulnerabilities, but it is coded in Python. Read more about XSStrike: A XSS Detection & Exploitation Kit
Web application security testing is a multi-faceted and yet important domains today. A few years ago, it was only the front end security tests and then came the backend. As newer endpoints are being exposed, it becomes imperative to test their security too. Syntribos is one such tool that helps you test the security of your APIs. Read more about Syntribos: An Open Source API Security Testing Tool
If you remember, there used to an add-on for Firefox - XSS Me; which unfortunately no longer works out of the box for the latest versions of the browser. It was also a part of the Firefox Addons for helping you with web application penetration testing. We now have something similar to it that works on Google Chrome - XSS Radar. As a bonus, it is customizable and open source! Read more about XSS Radar: Discover Cross Site Scripting with A Chrome Extension
All of us know that in file format fuzzing, we fuzz different aspects of a file such as flags, file format constraints, structures etc. by generating multiple malformed samples, opening them and waiting for the program crash. We then process the generated debug information to find out if we found something interesting in the crash. Surprisingly, there is a dearth of file format Read more about OpenXMolar: A OpenXML File Format Fuzzing Framework!