Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 27 of 86

How to applying IntelliJ theme in ZAP

  • 1 min read

์–ด์ œ BurpSuite์˜ Customizer์— ๋Œ€ํ•œ ๊ธ€์„ ์ผ์—ˆ์Šต๋‹ˆ๋‹ค. BurpSuite์—์„œ FlatLaf์˜ IntelliJ Theme๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ์ง€์›ํ•ด์ฃผ๋Š” ํ™•์žฅ ๊ธฐ๋Šฅ์ด์˜€๊ณ , ๊ธ€ ๋ง๋ฏธ์™€ ๋Œ“๊ธ€์—๋„ ์ž‘์„ฑํ–ˆ๋“ฏ์ด ZAP ๋˜ํ•œ 2.10 ๋ฒ„์ „๋ถ€ํ„ฐ FlatLaf๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ๊ตฌํ˜„์ด ๊ฐ€๋Šฅํ• ๊ฑฐ๋ž€ ์ƒ๊ฐ์ด ๋“ค์—ˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Burp Customizer! Change your burpsuite theme

  • 2 min read

There has been a significant change in UI since version 2020.12 of Burp site. (Personally, Iโ€™m unsure) The most important part is the change of LAF(Look and Feel)โ€™s class to PlateLaf. This class can also support other themes developed for IntelliJ Platform, enabling it to apply different themes to the BuffSuite.

Read More

[Cullinan #1] ์ปฌ๋ฆฌ๋„Œ ํ”„๋กœ์ ํŠธ ์†Œ๊ฐœ

  • 1 min read

์ œ๊ฐ€ ๋ธ”๋กœ๊ทธ๋ฅผ ์šด์˜ํ•˜๋Š” ๊ฐ€์žฅ ํฐ ์ด์œ  ์ค‘ ํ•˜๋‚˜๋Š” ๊ฐœ์ธ์ ์ธ ์ •๋ฆฌ๊ฐ€ ๋ชฉ์ ์ž…๋‹ˆ๋‹ค. ๋ฌผ๋ก  ๋…ธ์…˜์ด๋‚˜ ๋‹ค๋ฅธ ๋„๊ตฌ๋“ค๋กœ ๋”ฐ๋กœ ์ •๋ฆฌํ•˜์ง€๋งŒ, ๊ธฐ์ˆ ์— ๊ด€๋ จ๋œ ๋‚ด์šฉ๋“ค์€ ์•„๋ฌด๋ž˜๋„ ๋ธ”๋กœ๊น…์„ ํ†ตํ•ด ์ •๋ฆฌํ•˜๋Š”๊ฒŒ ์ต์ˆ™ํ•˜๋‹ค ๋ณด๋‹ˆ ๊ธด ์‹œ๊ฐ„๋™์•ˆ ๊ณ„์† ์ด๋ ‡๊ฒŒ ์ž‘์„ฑํ•˜๊ฒŒ ๋˜๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

Hack the browser extension ๐Ÿš€ (์›น ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ ์ทจ์•ฝ์  ์ ๊ฒ€ํ•˜๊ธฐ)

  • 5 min read

์ƒˆํ•ด ์ฒซ๊ธ€์ž…๋‹ˆ๋‹ค. ์‚ฌ์‹ค 12์›” ๋งˆ์ง€๋ง‰ ๊ธ€๋กœ ์ž‘์„ฑํ•˜๋ ค๊ณ  ํ–ˆ๋Š”๋ฐ, ๋งˆ๋ฌด๋ฆฌ๋ฅผ ๋ชปํ•ด์„œ ์ƒˆํ•ด ์ฒซ๊ธ€์ด ๋˜์–ด๋ฒ„๋ ธ๋„ค์š”. ์ตœ๊ทผ์— ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ด€๋ จํ•ด์„œ ๊ธฐ์กด์— ์•Œ๋˜ ๊ฒƒ ๋ณด๋‹ค ์กฐ๊ธˆ ๋” ๋ฆฌ์„œ์น˜ํ•  ์ผ์ด ์žˆ์—ˆ๋Š”๋ฐ, ๊ฒธ์‚ฌ๊ฒธ์‚ฌ ์ •๋ฆฌํ• ๊ฒธ ๋ถ„์„ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ๊ธ€๋กœ ์ •๋ฆฌํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

ToCToU๋ฅผ ์ด์šฉํ•œ ๊ฒ€์ฆ ๋กœ์ง ์šฐํšŒํ•˜๊ธฐ(SSRF/OOB/XXE/ETC)

  • 1 min read

โš ๏ธ SSRF์— ๊ด€๋ จ๋œ ๋‚ด์šฉ์€ Cullinan > SSRF์—์„œ ๊ด€๋ฆฌํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ToCToU๋ฅผ ํฌํ•จํ•˜์—ฌ ์ตœ์‹  ๋ฐ์ดํ„ฐ๋กœ ์œ ์ง€๋˜๊ณ  ์žˆ์œผ๋‹ˆ ์ฐธ๊ณ  ๋ถ€ํƒ๋“œ๋ ค์š”!

Read More

Pet๊ณผ Gist๋ฅผ ์ด์šฉํ•œ Command snippet ๋™๊ธฐํ™”ํ•˜๊ธฐ

  • 1 min read

Pet?

Go ๊ธฐ๋ฐ˜์˜ command-line snippet mananger์ž…๋‹ˆ๋‹ค. fzf์™€ ์œ ์‚ฌํ•œ ์ธํ„ฐํŽ˜์ด์Šค๋ฅผ ๊ฐ€์ง€๊ณ  ์žˆ๊ณ , ์ž์ฃผ ์‚ฌ์šฉํ•˜๋Š” ๋ช…๋ น์„ ์ข€ ๋” ์‰ฝ๊ฒŒ ์ €์žฅ/๊ด€๋ฆฌํ•˜๊ณ  ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์„ค์น˜/์‚ฌ์šฉ๋ฒ•์— ๋Œ€ํ•œ ๋‚ด์šฉ์€ ์ œ๊ฐ€ ์˜ฌ ์—ฌ๋ฆ„์— ์ผ๋˜ ๊ธ€์„ ์ฐธ๊ณ ํ•ด์ฃผ์„ธ์š”!

Read More

Security considerations for browser extensions

  • 5 min read

๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ์˜ ๋ณด์•ˆ ๊ด€๋ จํ•˜์—ฌ ํ…Œ์ŠคํŠธํ• ๊ฒŒ ํ•„์š”ํ•˜์—ฌ ์ œ๊ฐ€ ์•Œ๋˜ ๋‚ด์šฉ์— ์กฐ๊ธˆ ๋” ๋ฆฌ์„œ์น˜ํ•˜์—ฌ ๊ธ€๋กœ ์ž‘์„ฑํ•ด ๋ด…๋‹ˆ๋‹ค. ์šฐ์„  ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ์€ ์›น ๋ธŒ๋ผ์šฐ์ €์— ์ถ”๊ฐ€๋˜๋Š” ์ž‘์€ ๋‹จ์œ„์˜ ์•ฑ์œผ๋กœ Chrome / Safari / Firefox ๋“ฑ๋“ฑ ๋‹ค์ˆ˜ ๋ธŒ๋ผ์šฐ์ €์—์„œ ์›น ๋ธŒ๋ผ์šฐ์ง•, ๊ด‘๊ณ ์ฐจ๋‹จ, ๊ฐ์ข… ํ…Œ์ŠคํŠธ ๊ธฐ๋Šฅ ๋“ฑ ์—ฌ๋Ÿฌ ์‚ฌ์šฉ์ž๋“ค์—๊ฒŒ ์„œ๋น„์Šค๋˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” ์•ฑ ์ƒํƒœ๊ณ„์™€ ๋™์ผํ•˜๊ฒŒ ๊ฐœ์ธ/๊ธฐ์—… ๋“ฑ๋“ฑ์˜ ๊ฐœ๋ฐœ์ž๊ฐ€ ๊ทœ๊ฒฉ์— ๋”ฐ๋ผ ๋งŒ๋“ค๊ณ  ์Šคํ† ์–ด์— ์—…๋กœ๋“œ ํ›„ ์Šน์ธ ์ ˆ์ฐจ๋ฅผ ํ†ตํ•ด ๋“ฑ๋ก๋˜๋Š” ๊ฒƒ์œผ๋กœ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP 2.10 Review โšก๏ธ

  • 3 min read

2020 ๋งˆ์ง€๋ง‰์ด ์–ผ๋งˆ ๋‚จ์ง€ ์•Š์€ ์˜ค๋Š˜ ๋“œ๋””์–ด ZAP 2.10.0์ด ๋ฆด๋ฆฌ์ฆˆ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋™์•ˆ dark mode ๋“ฑ์„ ์ด์œ ๋กœ weekly ๋ฒ„์ „์„ ์‚ฌ์šฉํ–ˆ์—ˆ๋Š”๋ฐ, ์ด์ œ๋Š” ๊ณต์‹ ๋ฒ„์ „์œผ๋กœ ๋„˜์–ด๊ฐ€๋„ ์ข‹์„ ๊ฒƒ ๊ฐ™๋„ค์š”.

Read More

๋‚ด๊ฐ€ ์˜คํ”ˆ ์†Œ์Šค ํ”„๋กœ์ ํŠธ๋ฅผ ์œ„ํ•ด ์‚ฌ์šฉํ•˜๋Š” Github actions๊ณผ App

  • 1 min read

์˜ค๋Š˜์€ ์ œ๊ฐ€ ์˜คํ”ˆ์†Œ์Šค ํ”„๋กœ์ ํŠธ์—์„œ ์ฃผ๋กœ ์‚ฌ์šฉํ•˜๋Š” git-action ๊ณผ app์— ๋Œ€ํ•ด ๊ฐ€๋ณ๊ฒŒ ์†Œ๊ฐœํ•ด๋“œ๋ฆด๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๋‹ค๋ฅธ ํ”„๋กœ์ ํŠธ๋“ค๊ณผ ๋น„๊ตํ•ด๋ณด๋ฉด ์ „ ๊ทธ๋ƒฅ ๋งŽ์ง€๋„, ์ ์ง€๋„ ์•Š์€ ์–‘์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ ๊ฐ™๋„ค์š” ๐Ÿ˜

Read More

PKA ๊ธฐ๋ฐ˜ ssh ํ™˜๊ฒฝ์—์„œ passphrase๋ฅผ ๋ฌป์ง€ ์•Š๋„๋ก ์„ค์ •ํ•˜๊ธฐ

  • ~1 min read

Problem

๋ณดํ†ต ํŽธ์˜์„ฑ๊ณผ ๋ณด์•ˆ์„ฑ ๋ชจ๋‘๋ฅผ ์œ„ํ•ด ssh๋Š” PKA(Public Key Authentication) ๊ธฐ๋ฐ˜์œผ๋กœ ์šด์˜ํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์Šต๋‹ˆ๋‹ค. ํŠนํžˆ๋‚˜ AWS, Azure, GCP ๋“ฑ์˜ ํผ๋ธ”๋ฆญ ํด๋ผ์šฐ๋“œ ์„œ๋น„์Šค๋“ค์€ ์™ธ๋ถ€์— 22 ์™€ ๊ฐ™์€ ssh ํฌํŠธ๋ฅผ ์˜คํ”ˆํ•ด์•ผํ•˜๋Š” ํ•„์š”์„ฑ์ด ์žˆ๊ธฐ ๋•Œ๋ฌธ์—(ACL์ด ์žˆ๋˜ ์—†๋˜) ๋‹น์—ฐํžˆ PKA๋ฅผ ๊ธฐ๋ณธ ์ธ์ฆ ์ฒด์ œ๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. (ํŒจ์Šค์›Œ๋“œ๋Š” ๋˜๋„๋ก์ด๋ฉด ์‚ฌ์šฉํ•˜์ง€ ๋ง๋ผ๊ณ  ๊ฐ€์ด๋“œํ•˜๊ณ  ์žˆ์ฃ .)

Read More