D Blog

Just do it!

Server Side Request Forgery

Introduction to SSRF SSRF. According to OWASP, a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The good ...

Posted by D on January 11, 2020

Recon & Discovery

Module Outline Recon Workflow Discovering IP Space Discovering New Targets Subdomain Enumeration Fingerprinting Dorking Content Discovery Parameter Discovery Automation Recon W...

Posted by D on January 10, 2020

XSS

XSS Crose-site Scripting(XSS). XSS Introduce Reflective XSS Stored XSS example1: Myspace Worm - Stored XSS example2: Tweetdeck Worm - Stored XSS DOM XSS DOM XSS - What to Look For? ...

Posted by D on January 9, 2020

Parameter Manipulation and Logic Flaws

Parameter Manipulation 如下，你可修改price的值来达到你买东西的时候付多少钱的目的. POST /store/buy HTTP/1.1 Host: acme.com Connection: close Content-Length: 22 Cache-Control: max-age=0 Origin: https://acme.com Upgrade-Insec...

Posted by D on January 9, 2020

Missing Function Level Access Controls

什么是MFLAC？ MFLAC即Missing Function Level Access Controls. 很多时候，应用程序都有管理后端。有时他们在登录之后。很多时候，测试人员可以通过强制浏览来直接访问包含敏感数据的视图/页面。在某些情况下，这些页面可能受到 .htaccess 文件或访问规则集之类的保护。这些可能会配置错误或被绕过。 Static pages & “f...

Posted by D on January 9, 2020

IDOR intro

OWASP已经把 IDOR 归属为 Broken Access control. 什么是IDOR？ IDOR 全称是Insecure Direct Object Reference(不安全的直接对象引用). Simple numeric IDOR 假设你登陆的帐号链接如下： https://www.abc.com/orders/id?=43976 你将它改为下面之后,可以查看甚至是修改...

Posted by D on January 9, 2020

v2ray利用Websocket+TLS+Ngin+CDN实现流量伪装

一.购买vps,申请域名,使用Cloudfalre的CDN 1.购买vps可以去搬瓦工 1.1 设置vps时间(系统 Centos 7 x86_64 bbr) 1.1.1 创建clock文件 vi /etc/sysconfig/clock 1.1.2 写入clock文件 ZONE="Asia/Shanghai" UTC=false ARC=false 1.1.3 安装ntp y...

Posted by D on January 7, 2020

Kali2019上安装shadowsocks-libev客户端

更新apt sudo apt-get update 安装 shadowsocks-libev sudo apt-get install shadowsocks-libev 安装完成后,配置config.json sudo vi /etc/shadowsocks-libev/config.json 配置如下: { "server":"server_ip", "mode"...

Posted by D on January 7, 2020