Cyberis Blog
Reassuringly clear thinking.
- Research
- Tools and techniques
Harvesting Cross Site Scripting (XSS) Victims - Clicks, Keystrokes And Cookies
A couple of years ago I was inspired by @fmavituna's work on XSS Shell and decided to write a new extended version (XSS-Shell-NG) using a PHP and a MySQL backend rather than the ASP/Access combination of the original. I never released the tool publicly, as my main aim of making XSS Shell easier to use was never really accomplished; it still required a significant amount of set up to get it working. However, one thing that both tools did well once working was to demonstrate the real business impact of cross-site scripting.
- Tools and techniques
'Invisible Intercept' Function Of Burp
How would you go about intercepting HTTP traffic from non-proxy aware traffic? This article points you in the right direction...
- Tools and techniques
How To Detect Transparent Proxies
Ever wondered if your web traffic is being silently intercepted by a transparent proxy? Maybe you can find out...
Improve your security
Our experienced team will identify and address your most critical information security concerns.