So I finally got around to working with some technologies that have been on my hot-list for quite some time. NodeJS, React, and MongoDB see a lot of use in the application development industry and it was high time I put my nose into them. I decided to toss in some AWS as I also wanted to learn how to work with S3 buckets. Why not, right?

The gist of this little project was to create a front-end interface along with a back-end API for it to interact with. As far as the front-end goes, my main goals were to…

I worked through a netpen CTF the other day that provided me a jump box to access the entire scenario with. Despite there being some tools installed on the jump, I didn’t want to use it as my attacking host nor did I want to catch shells on it. Instead, I opted to port forward through this host when attacking target hosts in the scenario. A trick I used to catch reverse shells on my attacking host involved some port forwarding using SSH.

There are a good number of ways to go about forwarding or proxying connections through hosts. I…

I was recently introduced to a really cool domain flyover tool named Aquatone written by Michael Henriksen. In the past, I had used another really cool tool known as EyeWitness to perform similar tasks. In short, both of these tools screenshot web application resources (among other things) and make it really easy to get a quick visual representation of web page.

Before I get into everything, I need to issue a quick, shameless plug. I am going to be teaching a beginner-to-intermediate level web application training course at both the Lascon (Austin — Oct 22–23) and Pacific Hackers (Santa Clara…

On to the second leg of this journey! You can find the first installment of my Burp Suite Tips series at the following link.

Before I get into everything, I need to issue a quick, shameless plug. I am going to be teaching a beginner-to-intermediate level web application training course at both the Lascon (Austin — Oct 22–23) and Pacific Hackers (Santa Clara — Nov 8th) security conferences. The main goal of my course is to illustrate how web application testers approach comprehensively assessing an application’s security posture during a time-compressed engagement. …

I was going over an application I wrote prepping for my upcoming class and realized the shortcoming’s of Burp’s default session handling mechanisms. Not to knock Burp, but working with a Single Page Application (SPA) that makes calls to several APIs using a JSON Web Token (JWT) doesn’t mix well with Burp’s macros and Cookie Jar. Granted, this isn’t a problem if your JWT’s expiration date is sufficiently far out in the future and none of the APIs you’re working with de-authenticate your “session” (revoke or blacklist your token). JWTs aren’t necessarily meant to be linked to any real session…

I’ve been meaning to compile a bunch of Burp Suite tips for a while now. Stuff I’ve learned from others and things I’ve picked up along the way. This is the first installment of such helpful tips. I’ll be looking to pump out at least three posts in the short-term and then add more as I continue on down the line.

With that said… I will begin this journey by touching on some of the configurations I make before I begin testing.

But before I do that, I need to issue a quick, shameless plug. I am going to be…

Ryan Wendel

Ethical Hacking Consultant. @ryanwendel

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store