JavaScript Essentials for Beginning Pentesters

May 23, 2023
JavaScript is heavily used in almost all modern web applications. Knowing how to format a .js file, set breakpoints, and alter a script’s logic on the fly can be very helpful when working with web applications. To start, let’s navigate to a website and view the application’s resources. For our example, we are using the...

Cross Site Smallish Scripting (XSSS)

May 2, 2023
Having small XSS payloads or ways to shorten your payloads ensures that even the smallest unencoded output on a site can still lead to account compromise. A typical image tag with a onerror attribute takes up around 35 characters by itself. <img src=1 onerror="alert('XSS')"> If you would like to prove you can steal credentials or...

How to Get the Most Out of Your Pentest

October 27, 2022
TL;DR Define the goal of an assessment. Take time to choose the right assessment type. The more detail you give about an asset, the better quality your report will be. Select the right environment for the assessment. Consider the timing for performing the assessment. Communicate internally and make sure everyone is up to speed. Do...

Avoiding Mixed Content Errors with an HTTPS Python Server

February 17, 2022
Disclaimer: To set up a secure Python server, we need a domain name that we can access. 1. Introduction At some point during penetration testing, bug hunting, and capture the flag competitions, we will likely need to download a file or send a request to a server that we can access. Depending on what we...
  • Browse by Category

  • Clear Form