Burp
Introduction to Hacking Thick Clients: Part 2 – The Network
General users may never know or care how an app is communicating with servers. But an attacker may find critical vulnerabilities.
Introducing Burp Extractor
Sometimes Burp's session-handling mechanisms aren't sufficient for the complexities of today's modern web applications. When that's the case, turn to Burp Extractor!
DNS Tunneling with Burp Collaborator
DNS tunneling can be a hassle, use this Burp Suite extension to easily automate data exfiltration via DNS from restricted environments.
Beautifying JSON in Burp
Most penetration testers know the pain of trying to view and modify an unparsed JSON string. This Burp extension removes that burden and allows live editing of beautified JSON strings.
Attacking JavaScript Web Service Proxies with Burp
This blog dives into JavaScript Web Service Proxies as an alternative to WSDL (Web Services Description Language) files for interacting with WCF Web Services.
Java Deserialization Attacks with Burp
The recent Java deserialization attack that was discovered has provided a large window of opportunity for penetration testers to gain access to the underlying...
Debugging Burp Extensions
In this blog post, I'm going to walk through how we can setup debugging in Burp and our IDE when we create Burp extensions. Essentially, we are just going to be setting up Java remote debugging.
Hacking High Scores in iOS GameCenter
Want to hack your top scores in iOS GameCenter? Here's how.
Hacking Web Services with Burp
WSDL (Web Services Description Language) files are XML formatted descriptions about the operations of web services between clients and servers. They contain possible requests along with the parameters an application uses to communicate with a web service. This is great for penetration testers because we can test and manipulate web services all we want using the information from WSDL files. One of the best tools to use for working with HTTP requests and responses for applications is Burp.