Security engineer, Bugbounty hunter, Developer and... H4cker

HTTP Desync Attack 에 대해 알아보자(HTTP Smuggling attack re-born, +My case)

Today’s content is Korean content for HTTP Desync Attacks. Based on the link below...

onload*(start/end) event handler XSS(Any browser)

Hi hackers.Last time I wrote about onpointer * xss, I write a not well-known even...

onpoint* XSS Payload for bypass blacklist base event-handler xss filter

Hi hackers.I crafted XSS payloads for bypass event handler protection. it is just ...

JSONP Hijacking

Hi hackers. It’s a long time I didn’t write blog post.I found JSONP Hijacking a no...

Event handler for mobile used in XSS (ontouch*)

Some event handlers do not appear in the OWASP list.It is a touch event like ontou...

HTTP Request(ZAP, Burp) Parsing on Ruby code (Method , Headers, etc...)

https://github.com/hahwul/XSpear/issues/10XSpear 관련해서 이런 건의사항이 하나 있었습니다. Burp, ZAP...

Displaying cli base table at ruby application on terminal

I Simply write it (for note). It is easy to develop using terminal-table.How to In...

XSS payload for escaping the string in JavaScript

오늘 오후쯤 신기한 페이로드를 하나 찾아서 메모해뒀다가 글로 작성해봅니다.자바스크립트 내부에 코드가 삽입되었지만 문자열을 탈출할 수 없을 때 사용할...

ZAP Send to Any tools(My Applicaiton settings, Send to Burpsuite and Other tools)

Hi friends?! I shared the applications settings in ZAP yesterday(https://www.hahwu...