Security Training. DroidSheep. What is this about?
If you know Firesheep or Faceniff, you probably know what this is about – OpenSource one-click session hijacking using your android smartphone or tablet computer. If you do not know one of these tools, I’ll try to explain what DroidSheep is. Maybe you know Bob. Bob is a wellknown person and Bob loves coffee. Every morning, he takes his laptop and visits one the famous green coffee bars, has a “grande vanilla latte” and writes messages to his facebook friends. DroidSheep demonstrates how easy an attack like this can be – Just start DroidSheep, click the START button and wait until someone uses one of the supported websites. Although DroidSheep is not made for doing such attacks, anyone can test and assure that it really works. DroidSheep is NOT INTENDED TO STEAL IDENTITIES. Blog. Hackyard Security Group. Hackyard Security Group is a private community dedicated to IT security research.
It was founded in 2012 by three romanian security researchers as a part of a well known romanian forum and, in time, it got independent. Today, our community is formed by many experts in Cyber security and collaborates with the most important communities, companies and people around the globe. As IT security is a domain which evolves every day, the aim of our community is to unite people passionate about this subject.
We are a powerful and friendly community, always open-minded to new members that want to learn and contribute to our community. Our members are deeply involved in various domains of Cyber Security, such as: Hack. Securité. PHP Charset Encoder/PHP String Encrypter. PHPCharset Encoder / String Encrypter Renders: | | Make PCE Offline Access on your browser | Download PCE on Google Code Last Updated by Min Thu Han by 2014-11-01 About this tool This tool helps you encoding arbitrary texts to and from 88 kinds of charsets.
Also some encoding/encryption/hashing functions featured by JavaScript/PHP are provided. URL Shortcut Switching back old mode For those who like only old version clean mode, you can always have it. Changelog You can read the tool development history. JHijack. HttpOnly. Overview The goal of this section is to introduce, discuss, and provide language specific mitigation techniques for HttpOnly.
Who developed HttpOnly? When? According to a daily blog article by Jordan Wiens, “No cookie for you! ,” HttpOnly cookies were first implemented in 2002 by Microsoft Internet Explorer developers for Internet Explorer 6 SP1. Password Strength Checker. Password Checker - Evaluate pass strength, dictionary attack. AJAX Tutorial. Research Labs. Cost: FreeSource Code: GitHubVersion: 2.1.0.0 (XMAS edition)Requirements: .Net FrameworkLicense: GPLRelease Date: 2008-12-14Recent Changes:Fixed incorrect links spider bugAdded time anomaly functionality in back-end scanner.Added easy access (and icons) to findings in back-end scanner.Fixed executable finding occasionally not showing bug.
JSON Tutorial. HTTP Headers for Dummies. Whether you're a programmer or not, you have seen it everywhere on the web.
At this moment your browsers address bar shows something that starts with " Even your first Hello World script sent HTTP headers without you realizing it. In this article we are going to learn about the basics of HTTP headers and how we can use them in our web applications. What are HTTP Headers? HTTP stands for "Hypertext Transfer Protocol". The entire World Wide Web uses this protocol. HTTP headers are the core part of these HTTP requests and responses, and they carry information about the client browser, the requested page, the server and more. Example. List of HTTP status codes. This is a list of Hypertext Transfer Protocol (HTTP) response status codes.
Status codes are issued by a server in response to a client's request made to the server. Servlets Server HTTP Response. As discussed in previous chapter, when a Web server responds to a HTTP request to the browser, the response typically consists of a status line, some response headers, a blank line, and the document.
A typical response looks like this: HTTP/1.1 200 OK Content-Type: text/html Header2: ......HeaderN: ... (Blank Line)<! Doctype ... ><html><head>... The status line consists of the HTTP version (HTTP/1.1 in the example), a status code (200 in the example), and a very short message corresponding to the status code (OK in the example). HTTP/1.1: Header Field Definitions. This section defines the syntax and semantics of all standard HTTP/1.1 header fields.
For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who receives the entity. 14.1 Accept The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited to a small set of desired types, as in the case of a request for an in-line image. Filtering Requests and Responses - The Java EE 5 Tutorial. Filtering Requests and Responses.
URL Encoding. RFC 1738: Uniform Resource Locators (URL) specification The specification for URLs (RFC 1738, Dec. '94) poses a problem, in that it limits the use of allowed characters in URLs to only a limited subset of the US-ASCII character set: SecurityFocus. Download. DVWA - Damn Vulnerable Web Application. All about web security. Hacking Exposed - Web Applications. Category:OWASP Vicnum Project. Category:Attack. This category is for tagging common types of application security attacks.
What is an attack? Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application. All attack articles should follow the Attack template. OWASP WebGoat Web Hacking Simulation Series © YGN Ethical Hacker Group (YEHG), Yangon, Myanmar - Category:OWASP WebGoat Project. HTTP Response Splitting. This is an Attack. To view all attacks, please see the Attack Category page. Cache Poisoning. This is an Attack. To view all attacks, please see the Attack Category page. SQL Injection Cheat sheet: Esp: for filter evasion - by RSnake. Testing Your Web Applications for Cross-Site Scripting Vulnerabilities. Published: May 6, 2005 by Chris Weber, Casaba Security, LLC (chris@casabasec.com)
XSS Me. Groundspeed. Tamper Data. Nessus Vulnerability Scanner. With Advanced Support for Nessus Professional, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues. Advanced Support Plan Features Phone Support Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts. Wappalyzer. PassiveRecon. HTTP and HTML Analyzer software and Browser Automation Web Testing tools. Paros. SQL Inject Me. Greasemonkey. Category:OWASP WebScarab Project. RightClickXSS. Download Burp Suite. Please choose the edition of Burp Suite that is right for you. Help me choose › Live http headers. Sqlmap: automatic SQL injection and database takeover tool.