Introduction The last few days, I was at the GPN22 in Karlsruhe with some friends from our LuXeria hackerspace. We participated in the CTF. Here are the solutions I wrote for the challenges we solved together. So Many Flags Description I heard you like flags, so I launched Chrome with a lot of flags so you can get your flag! The flag is in /flag.txt, and the bot will visit the HTML file you uploaded! ...

Introduction Wireshark 4.2.0 added a new functionality [1] that can be used to directly launch a web browser with the SSLKEYLOGFILE environment variable set, in order to easily sniff and decrypt TLS traffic from a started application. Howto This new feature can be found in the Tools menu and then under TLS Keylog Launcher (1). You can specify to which file where the SSLKEYLOGFILE variable should point to (2) in order to save the key material. Then, a command can be provided in the command line input field (3), which is then started with the SSLKEYLOGFILE variable set. If an application supports the SSLKEYLOGFILE mechanism [3], the TLS keys are the automatically stored in the configured file and Wireshark is able to decrypt the content (4) and show it in cleartext (5). ...

Introduction X.509 certificates are used to secure communications online by encrypting data and verifying identities, such as in HTTPS or VPNs. During penetration tests, it’s important to check if systems correctly handle cloned certificates. Cloned certificates are fake copies that look like real ones but aren’t properly signed by a trusted CA. I wrote a simple python script called dollyx509 that creates clones of X.509 certificates. Script and Usage The script can be found on GitHub: dollyx509. ...

Introduction When you don’t have Internet connection during a web application pentest and you still want to install some BApps in the Burp Suite, you have to download them manually from the BApp Store. If you use a lot extensions, this can be a tedious task. It’s possible to download all BApps using a little script to simplify this task. Script The following script can be used to download all Burp Suite BApps from the BApp Store: ...

Introduction In pentests, connecting devices to your own network can be very useful. This enables you to exfiltrate data, download tools, analyze the network traffic and even use a transparent HTTP proxy to intercept and manipulate traffic between the devices and servers. This approach helps finding potential security weaknesses in applications and network communications. In order to make this process easier, I created a script 802.11evil that starts a new Wi-Fi network which can then be used to analyze the network traffic of the connected clients and also perform some VPN bypasses. ...