FirefoxOS Mobile Testing | InteliSecure

I want to start a series of entries regarding Firefox OS testing to compile all the stuff I discover and research about how to use this new mobile OS and how to do app testing in this platform. I have not the pretension to create something complex and deep but something that can help me and others to the right direction when struggling with a common problem/typical task. For now, as testing devices…

Firefox 4 Web Console | InteliSecure

The final version of Firefox 4 is almost here and since it’s my main tool during pentesting I has been checking frequently to be sure I’m not going to be missing anything when the change comes. As the change is big, some of the extensions are slowly updating their versions to ensure compatibility with the new release (I just did today a quick update of the Hackbar extension to ensure…

FlasHack 1 | Flash Application Security | InteliSecure

As I promised I’m going to write some post talking about the topics I discussed in the last Reading Geek Night. This doesn’t cover all the security aspect of Flash applications but can be a nice introduction to those who wants to play a bit with Flash files. I started showing how to capture the traffic between the flash application and the server. Usually people thinks that, as the flash…

Hackbar tricks

After using for more than 4 years this Firefox extension I discovered a couple of tricks that can help you in your testings. These are not really Hackbar tricks or features but HTTP/HTML ones. The order of parameters doesn’t matter: If you are testing a web page with a lot of parameters you can reorder them in the way you want. Sounds obvious but not too many people realize it……

Security challenges for the summer

Hello! The summer is here and the holidays are near! Planning something to do? Too much free time as you don’t have to do any exams in September? Looking for something to learn? Me too! 🙂 Each summer I plan something to learn, something to investigate… basically something to help me enjoy my free time! This summer I’m going to focus on: Firefox addons development (Check this Hackbar Google Code…

TRACE, OPTIONS and others HTTP Verbs | InteliSecure

Hi!! Another post here after a some time… I’m really busy at work right now but I also need these small breaks to carry out my own testing and share a bit of what we learn here at Pentura. I want to write today about the TRACE, OPTIONS and others HTTP verbs. Sometimes in reports we can see that they discovered the TRACE verb active in our server. How they…

Mixed content in different browsers

In security, one of the most old and famous attacks is Man In The Middle attack. With this technique we can read all the packets the user is sending to a server and analyse it. The solution? Use a secure layer to encrypt all the traffic. This, for web sites, require that the user browser use the HTTPS protocol. This relay in the authenticity of the server certificate and the…

Using Firefox as a penetration test tool

Today I’m going to do a speak at “Reading Geek Night 4” about how to use Firefox as a pentesting tool. It’s going to be a short talk with some demos and I’ll show different more or less common Firefox extensions and how use them to bypass or test the security in web pages. You can read more about it at the official web page. See you there! UPDATE: I…