Introduction When you don’t have Internet connection during a web application pentest and you still want to install some BApps in the Burp Suite, you have to download them manually from the BApp Store. If you use a lot extensions, this can be a tedious task. It’s possible to download all BApps using a little script to simplify this task. Script The following script can be used to download all Burp Suite BApps from the BApp Store: ...

Introduction In pentests, connecting devices to your own network can be very useful. This enables you to exfiltrate data, download tools, analyze the network traffic and even use a transparent HTTP proxy to intercept and manipulate traffic between the devices and servers. This approach helps finding potential security weaknesses in applications and network communications. In order to make this process easier, I created a script 802.11evil that starts a new Wi-Fi network which can then be used to analyze the network traffic of the connected clients and also perform some VPN bypasses. ...

Introduction Humble Book Bundle [1] has often very cool books about IT, hacking, security, programming, Linux, Unix, science and other geeky stuff. Sadly there is no reliable way to download all books. This post shows how you can download all books in a quick and reliable way using a bookmarklet. Precondition Of course, first you need to buy the Humble Book Bundle. For this example, I use the “Secure Your Stuff by Apress” Humble Book Bundle: ...

Introduction I was recently playing around with DNSSEC and figured out that the root DNS zone . uses NSEC and not NSEC3 to prove the absence of a resource record. This looked interesting to me and triggered some ideas. So I did some experiments and here are the results. TL;Dr: The most interesting facts: The root DNS zone uses NSEC can be therefore be DNSSEC zone walked There are more than 1500 TLDs More than 90% of all TLDs haven DNSSEC configured The most used algorithm for signing DNS zones is RSA/SHA-256 53 TLDs also use NSEC and can therefore also be DNSSEC zone walked Note: The results may not be exactly accurate because it was not always verified if every query was always successful. ...

Introduction In pentests, you often need to create X.509 certificates (e.g. for TLS) or Certificate Authorities (CAs) to mimic secure environments during your tests. Manually generating these certificates with tools like openssl can be time-consuming and error-prone, especially when you’re in a hurry. Who remembers all these commands? Whether you’re setting up a fake webserver for data exchange, a proxy setup, a machine-in-the-middle (MITM) attack, testing secure connections, or creating your own CA chain, manually generate these certificates should not take much time. ...