Category: Web Exploitation

Browser Exploitation Framework

beef v0.5 releases: The Browser Exploitation Framework

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration...

CORS Exploitation Framework

CORS Exploitation Framework (CEF)

CORS Exploitation Framework (CEF) A proof-of-concept tool for conducting distributed exploitation of permissive CORS configurations. Install Install Redis and Python 3. Clone this repository: git clone https://github.com/lanmaster53/cef.git Install the dependencies. pip install -r requirements Set...

Dupe Key Injector

Dupe Key Injector: new XML signature bypass technique

Dupe Key Injector Dupe Key Injector is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 “SSO Wars: The Token Menace” presentation. Dupe Key Confusion...

SQL injection: Understanding mysql command

SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify...