Tags

security

PQ3 and PQC ๐Ÿ—๏ธ

  • 2 min read

Apple์—์„œ ์กฐ๋งŒ๊ฐ„ iMessage์— PQ3๋ผ๋Š” ์•”ํ˜ธํ™” ํ”„๋กœํ† ์ฝœ์„ ์ ์šฉํ•  ์˜ˆ์ •์ด๋ผ๊ณ  ๋ฐœํ‘œํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

DOM Handling with MutationObserver

  • 3 min read

์ตœ๊ทผ ZAP์€ SPA ๊ธฐ๋ฐ˜์˜ ์•ฑ์„ ์‰ฝ๊ฒŒ ์‹๋ณ„ํ•˜๊ธฐ ์œ„ํ•ด Client Side Integration ์ด๋ž€ ๊ธฐ๋Šฅ์„ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค. ์ด ์ด ๋•Œ DOM์˜ ๋ณ€ํ™”๋ฅผ ์‹๋ณ„ํ•˜๊ธฐ ์œ„ํ•œ ์žฅ์น˜๋กœ MutationObserver๊ฐ€ ์‚ฌ์šฉ๋˜์—ˆ๋Š”๋ฐ์š”. ์˜ค๋Š˜์€ MutationObserver๊ฐ€ ๋ญ”์ง€ ๊ทธ๋ฆฌ๊ณ  ๋ณด์•ˆ ํ…Œ์ŠคํŒ… ์‹œ ์–ด๋–ป๊ฒŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์„์ง€ ์ด์•ผ๊ธฐํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Lazy-loading iframe in Firefox

  • ~1 min read

์ตœ๊ทผ์— Firefox์ชฝ์—์„œ ํ•˜๋‚˜ ์—…๋ฐ์ดํŠธ๋ฅผ ์˜ˆ๊ณ  ํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ณง img ํƒœ๊ทธ์—๋งŒ ์กด์žฌํ•˜๋˜ lazy-loading์ด iframe์—๋„ ์ ์šฉ๋˜๋Š”๋ฐ์š”. ์„ฑ๋Šฅ์ ์ธ ์žฅ์ ์€ ๋ถ„๋ช…ํžˆ ์žˆ๊ฒ ์ง€๋งŒ, img์™€ ๋‹ฌ๋ฆฌ XSS์˜ ๋ฆฌ์Šคํฌ๊ฐ€ ๋†’์€ iframe์˜ ๋กœ๋“œ ์‹œ์ ์„ ํ†ต์ œํ•  ์ˆ˜ ์žˆ๋Š” ํ˜•ํƒœ๋ผ ์žฌ๋ฏธ์žˆ๋Š” ์ด์Šˆ๊ฐ€ ๋‚˜์˜ฌ์ง€ ๊ธฐ๋Œ€๋˜๊ธฐ๋„, ๋ฐ˜๋Œ€๋กœ ๋˜ ๊ฑฑ์ •๋˜๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค.

Read More

WebAuthn๊ณผ Passkey

  • 4 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ ํŒจ์Šค์›Œ๋“œ ๋งค๋‹ˆ์ €๋ฅผ ์‚ฌ์šฉํ•˜์‹œ๋‚˜์š”? ์ €๋Š” ๊ฐœ์ธ์ ์œผ๋กœ Apple์˜ ์•”ํ˜ธ ๊ธฐ๋Šฅ์„ ์ฃผ๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ๋˜ํ•œ icloud+๋„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์–ด ์ด๋ฉ”์ผ ๊ฐ€๋ฆฌ๊ธฐ + ์•”ํ˜ธ ์กฐํ•ฉ์œผ๋กœ ๊ฐ€๊ธ‰์  ์„œ๋น„์Šค๋ณ„๋กœ ๊ณ„์ •๊ณผ ํŒจ์Šค์›Œ๋“œ๊ฐ€ ๊ฒน์น˜์ง€ ์•Š๋Š” ์ƒํƒœ๋กœ ์œ ์ง€ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๊ตฌ๊ธ€์˜ ๊ฒฝ์šฐ Google password manager๋ฅผ ํ†ตํ•ด ๋น„์Šทํ•˜๊ฒŒ ์‚ฌ์šฉํ•˜์‹œ๋Š” ๋ถ„๋“ค๋„ ์žˆ์„๊ฑฐ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. Apple์ด๋‚˜ Google์˜ ์ด๋Ÿฌํ•œ ๊ธฐ๋Šฅ๋“ค๊ณผ FIDO ๊ด€๋ จ ์ธ์ฆ ๋ฐฉ์‹๋“ค์€ Passwordless์˜ ๋Œ€์ค‘ํ™”๋ฅผ ์•ž๋‹น๊ฒผ๊ณ  ์ด์ œ๋Š” Password๋ฅผ ์ž…๋ ฅํ•˜๋Š” ๊ฒƒ์ด ์ ์  ์–ด์ƒ‰ํ•ด์ง€๋Š” ์‹œ๊ธฐ๊ฐ€ ์˜จ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

ZAP 2.14 Review โšก๏ธ

  • 3 min read

์ƒ๊ฐ๋ณด๋‹ค ์—„์ฒญ ๋น ๋ฅธ ์ฃผ๊ธฐ๋กœ ZAP 2.14 ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ๋ฐœํ‘œ๋˜์—ˆ์Šต๋‹ˆ๋‹ค ๐ŸŽ‰โšก๏ธ

Read More

XSS via reportError

  • 1 min read

reportError๋ž€ ํ•จ์ˆ˜๋ฅผ ์•„์‹œ๋‚˜์š”? Chrome 95, Firefox 93 ๋ฒ„์ „์— ์ถ”๊ฐ€๋œ ๊ธ€๋กœ๋ฒŒ ๋ฉ”์†Œ๋“œ๋กœ JS์˜ uncaught exception์„ ์ฝ˜์†”์ด๋‚˜ ๊ธ€๋กœ๋ฒŒ ์ด๋ฒคํŠธ ํ•ธ๋“ค๋Ÿฌ๋กœ ๋„˜๊ฒจ์ฃผ๋Š” ๊ธฐ๋Šฅ์„ ์ˆ˜ํ–‰ํ•ฉ๋‹ˆ๋‹ค. PortSwigger ์ธก์—์„œ reportError ํ•จ์ˆ˜๋ฅผ ์ด์šฉํ•œ ํŠธ๋ฆญ์„ ๊ณต๊ฐœํ–ˆ๊ณ  ์ž ๊น ์‹œ๊ฐ„๋‚ด์–ด ์‚ดํŽด๋ณธ ๋‚ด์šฉ ๊ณต์œ ๋“œ๋ ค๋ด…๋‹ˆ๋‹ค.

Read More

ZAP Map Local๋กœ ์‰ฝ๊ฒŒ Fake Response ๋งŒ๋“ค๊ธฐ

  • 2 min read

๋ณด์•ˆ ํ…Œ์ŠคํŒ…์—์„  HTTP Response๋ฅผ ์ž์ฃผ ๋ณ€๊ฒฝํ•ด์•ผํ•  ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์Šต๋‹ˆ๋‹ค. ์ด๋Ÿด ๋•Œ ์ €๋Š” ๋ณดํ†ต ZAP์—์„  breakpoint์™€ replace ๊ธฐ๋Šฅ, ๊ทธ๋ฆฌ๊ณ  ์Šคํฌ๋ฆฝํŒ…์„ ์ฃผ๋กœ ์‚ฌ์šฉํ–ˆ์—ˆ์Šต๋‹ˆ๋‹ค. (+Proxify์˜ DSL)

Read More

Zest + YAML = โค๏ธ

  • 1 min read

์ตœ๊ทผ์— Zest ์ชฝ์˜ Commit (zaproxy/zest/6d67925) ํ•˜๋‚˜๋ฅผ ์ฃผ์‹œํ•˜๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ Zest์—์„œ YAML ํฌ๋งท ์ง€์›์— ๋Œ€ํ•œ ๋‚ด์šฉ์ด์˜€๋Š”๋ฐ์š”. ๋“œ๋””์–ด ๊ณต์‹ ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ์ด๋ฃจ์–ด์กŒ๊ณ  ์ด์ œ Zest์—์„œ YAML ํฌ๋งท์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAPโ€™s Client Side Integration

  • 2 min read

์ตœ๊ทผ์— ZAP์— ์žฌ๋ฏธ์žˆ๋Š” Addon์ด ์ถ”๊ฐ€๋ฌ์Šต๋‹ˆ๋‹ค. GSoC(Google Summer of Code) 2023์˜ ๊ฒฐ๊ณผ๋ฌผ๋กœ BurpSuite์˜ Navigation Recorder์™€ ๋น„์Šทํ•ด๋ณด์ด๋Š” ๊ธฐ๋Šฅ์œผ๋กœ ๋ฆด๋ฆฌ์ฆˆ ์งํ›„๋ถ€ํ„ฐ ํ‹ˆํ‹ˆํžˆ ๊ฐ€์ง€๊ณ  ๋†€์•„๋ณธ ๊ฒฐ๊ณผ ๋‹ค๋ฅธ ์˜๋ฏธ๋กœ ๊ฐ€๋Šฅ์„ฑ์ด ๋ณด์ด๋Š” Addon์ด๋ž€ ์ƒ๊ฐ์ด ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

XSpear Reborn: Big Changes Coming

  • 2 min read

์ œ๊ฐ€ Dalfox ๋ฅผ ๊ฐœ๋ฐœํ•˜๊ธฐ ์ „์— Ruby๋กœ ์ž‘์„ฑํ–ˆ์—ˆ๋˜ XSpear๋ž€ ๋„๊ตฌ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋™์ผํ•˜๊ฒŒ XSS๋ฅผ ํ…Œ์ŠคํŒ…ํ•˜๊ธฐ ์œ„ํ•œ ๋„๊ตฌ์˜€๊ณ , ํ˜„์žฌ ์„ฑ๋Šฅ์€ ๋‹น์—ฐํžˆ Dalfox์ชฝ์ด ์••๋„์ ์œผ๋กœ ์ข‹์€ ์ƒํƒœ์ž…๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์ž‘๋…„๋ถ€ํ„ฐ XSpear์— ๋Œ€ํ•œ Reborn ๊ณ„ํš์„ ์ƒ๊ฐํ•ด ๋‘์—ˆ์—ˆ๋Š”๋ฐ, ์ตœ๊ทผ ๋งŒ๋“ค๋˜ ๋„๊ตฌ๋„ ์–ด๋Š ์ •๋„ ์œค๊ณฝ์ด ์žกํ˜€์„œ ์ด์ œ ๋ณธ๊ฒฉ์ ์œผ๋กœ XSpear์— ๋Œ€ํ•ด ๋Œ€๊ทœ๋ชจ ๊ฐœํŽธ์„ ์ง„ํ–‰ํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

Customize ZAP HUD ๐ŸŽฎ

  • 1 min read

Today, I write a post about how to use ZAP HUD in an engaging manner. While ZAP HUD may not have incredibly useful features at the moment, experimenting with it could be worthwhile since it has the potential to bring about changes in the analytical approach.

Read More

90-Day Certificate Validity

  • 2 min read

์˜ค๋Š˜์€ ๊ตฌ๊ธ€์—์„œ ์ถ”์นœํ•˜๋Š” 90์ผ์˜ ์ธ์ฆ์„œ ์œ ํšจ๊ธฐ๊ฐ„์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ๊ตฌ๊ธ€์ด ์˜ฌํ•ด 3์›”(2023)์— Chromium Security ๋ฅผ ํ†ตํ•ด ๊ณต์ง€(๋ฐฉํ–ฅ์„ฑ์— ๋Œ€ํ•œ ๊ณต์ง€)ํ•œ ์ดํ›„์— ์•„์ง ๋ณ„๋‹ค๋ฅธ ์•ก์…˜์ด ์—†๊ธด ํ•˜์ง€๋งŒ, ํ•œ๋ฒˆ์ฏค์€ ์ •๋ฆฌํ•˜๊ณ  ๋ฏธ๋ฆฌ ์ค€๋น„ํ•  ์ˆ˜ ์žˆ๋Š” ๊ฒƒ์€ ์ค€๋น„ํ•˜๋Š” ๊ฒƒ์ด ์ข‹์œผ๋‹ˆ ๊ธ€๋กœ ์ •๋ฆฌํ•˜์—ฌ ๋‚จ๊ฒจ๋ด…๋‹ˆ๋‹ค.

Read More

Optimizing ZAP and Burp with JVM

  • 1 min read

๋ˆ„๊ตฐ๊ฐ€๊ฐ€ ์ €์—๊ฒŒ Application Security, Pentest ๋“ฑ์—์„œ ๊ฐ€์žฅ ํ™œ๋ฐœํ•˜๊ฒŒ ์‚ฌ์šฉ๋˜๋Š” ๋„๊ตฌ๋ฅผ ์„ ํƒํ•˜๋ผ๊ณ  ํ•˜๋ฉด ๋‹น์—ฐํžˆ Burpsuite์™€ ZAP ๊ฐ™์€ Proxy ๋„๊ตฌ๋ฅผ ์„ ํƒํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์ตœ๊ทผ Caido๊ฐ€ ๋งŽ์ด ์˜ฌ๋ผ์˜ค๋Š” ์ถ”์„ธ์ด๊ธด ํ•˜๋‚˜, ์žฅ๊ธฐ๊ฐ„ ๋ฆฌ๋“œ ์—ญํ• ์„ ์ˆ˜ํ–‰ํ•ด ์˜จ ๋‘ ๋„๊ตฌ๋ฅผ ๋”ฐ๋ผ๊ฐ€๊ธฐ์—” ์•„์ง ์ถฉ๋ถ„ํ•œ ์‹œ๊ฐ„์ด ๋” ํ•„์š”ํ•  ๊ฒƒ์œผ๋กœ ๋ณด์ž…๋‹ˆ๋‹ค.

Read More

ZAP 2.13 Review โšก๏ธ

  • 1 min read

์˜ˆ์ƒ๋ณด๋‹ค ํ›จ์”ฌ ๋น ๋ฅธ ์‹œ๊ธฐ์— ZAP 2.13์ด ๋ฆด๋ฆฌ์ฆˆ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋ณดํ†ต ๋งค๋…„ ๊ฐ€์„, ๊ฒจ์šธ์ค‘์— ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ์žˆ์—ˆ๋Š”๋ฐ, ์ด๋ฒˆ์—๋Š” ์—ฌ๋ฆ„์— ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ์ƒ๊ฒผ๋„ค์š”. ๋ณ€ํ™”๋œ ๋ถ€๋ถ„์ด ํฌ์ง„ ์•Š์•„์„œ ๋ฆด๋ฆฌ์ฆˆ ๋…ธํŠธ๋ฅผ ๋ณด๋ฉด ๋Œ€๋ถ€๋ถ„ ์•Œ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. 2.13 ๋ฆด๋ฆฌ์ฆˆ ์งํ›„๋ถ€ํ„ฐ ๋ช‡์ผ ๋™์•ˆ ์‚ดํŽด๋ณด๊ณ  ๋Š๊ผˆ๋˜ ์  ์œ„์ฃผ๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

SSL Version์„ ์ฒดํฌํ•˜๋Š” ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๋ฐฉ๋ฒ•๋“ค

  • 3 min read

์—ฌ๋Ÿฌ๊ฐ€์ง€ ๋ช…๋ น์„ ํ†ตํ•ด ssl version ์ฒดํฌํ•˜๋Š” ๋ฐฉ๋ฒ•๋“ค ๊ฐ„๋žตํ•˜๊ฒŒ ๋ฉ”๋ชจํ•ด๋‘ก๋‹ˆ๋‹ค. ๊ฐœ์ธ์ ์œผ๋กœ ์ฃผ๋กœ testssl.sh๋ฅผ ์ž์ฃผ ์‚ฌ์šฉํ–ˆ์—ˆ๋Š”๋ฐ, ์“ฐ๋‹ค๋ณด๋‹ˆ ์ข…์ข… ๋‹ค๋ฅธ ๋„๊ตฌ์™€ ํฌ๋กœ์Šค ์ฒดํฌ๊ฐ€ ํ•„์š”ํ•œ ์ผ์ด ์žˆ๋„ค์š”. ์—ฌ๋Ÿฌ ๋„๊ตฌ๋“ค์ด ssl version ๊ด€๋ จ ์˜ต์…˜์€ ์ง€์›ํ•˜๊ณ  ์žˆ์œผ๋‹ˆ ์ˆ™์ง€ํ•ด๋‘๋ฉด ์ข…์ข… ์‚ฌ์šฉํ•  ์ผ์ด ์žˆ์„๋“ฏ ํ•ฉ๋‹ˆ๋‹ค :D

Read More

MSF Pivoting X SocksProxy

  • 2 min read

์ตœ๊ทผ์— MSF๋กœ Pivoting ํ™˜๊ฒฝ์—์„œ ํ…Œ์ŠคํŒ…์ด ํ•„์š”ํ•œ ๊ฒฝ์šฐ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐฉ๋ฒ• ์ž์ฒด๋Š” ์–ด๋ ค์šด๊ฒŒ ์•„๋‹ˆ๋ผ ๊ทธ๋ƒฅ ๋ชธ์— ์žˆ๋Š”๋Œ€๋กœ ์ง„ํ–‰ํ•˜๊ธด ํ–ˆ๋Š”๋ฐ, ์ƒ๊ฐํ•ด๋ณด๋‹ˆ ๋ธ”๋กœ๊ทธ์— ์ •๋ฆฌํ–ˆ๋˜ ์ ์€ ์—†๋Š” ๊ฒƒ ๊ฐ™์•„ ๊ฐ„๋‹จํ•˜๊ฒŒ ๋‚จ๊ฒจ๋ด…๋‹ˆ๋‹ค.

Read More

CVSS 4.0 Preview ์‚ดํŽด๋ณด๊ธฐ

  • 3 min read

CVSS(Common Vulnerability Scoring System)๋Š” ์‹œ์Šคํ…œ, ์†Œํ”„ํŠธ์›จ์–ด์˜ ์ทจ์•ฝ์„ฑ์„ ํ‰๊ฐ€ํ•˜๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉ๋˜๋Š” ์ทจ์•ฝ์„ฑ์— ๋Œ€ํ•œ ์Šค์ฝ”์–ด๋ง ์‹œ์Šคํ…œ์ž…๋‹ˆ๋‹ค. Offensive Security ๊ด€๋ จํ•˜์—ฌ ํ˜„์—…์— ์žˆ๋‹ค๋ฉด ์ต์ˆ™ํ•˜์ง€๋งŒ ๋ฐ˜๋Œ€๋กœ ๋ฌธ์ œ์ ๋„ ๋งŽ๋‹ค๊ณ  ๋Š๊ปด์ง€๋Š” ๊ทธ๋Ÿฐ ์นœ๊ตฌ์ฃ . ๋ณดํ†ต CVSS2 ๋˜๋Š” CVSS3๋ฅผ ๋งŽ์ด ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” ์ƒํƒœ์ธ๋ฐ, ์Šฌ์Šฌ CVSS4์˜ ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ์ ์  ๋‹ค๊ฐ€์˜ค๊ณ  ์žˆ์–ด ์‚ดํŽด๋ณผ ํ•„์š”๊ฐ€ ์žˆ๊ธด ํ•ฉ๋‹ˆ๋‹ค.

Read More

Attack Types in Web Fuzzing

  • 2 min read

Fuzzing์€ ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ํ…Œ์ŠคํŠธํ•˜๊ณ  ๋ณด์•ˆ ์ทจ์•ฝ์ ์„ ์ฐพ์•„๋‚ด๊ธฐ ์œ„ํ•ด์„œ ๊ฐ€์žฅ ์ผ๋ฐ˜์ ์œผ๋กœ ์‚ฌ์šฉํ•˜๋Š” ๊ธฐ์ˆ ์ž…๋‹ˆ๋‹ค. ๋ณดํ†ต Burpsuite์˜ Intruder, Turbo Intruder ๋˜๋Š” ZAP์˜ Fuzz, Caido์˜ Automate์™€ ๊ฐ™์ด Proxy ๋„๊ตฌ์—์„œ ์ œ๊ณตํ•˜๋Š” ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜ ffuf ๊ฐ™์€ cli fuzzer๋ฅผ ์‚ฌ์šฉํ•ด์„œ ํ…Œ์ŠคํŠธํ•˜๊ณค ํ•ฉ๋‹ˆ๋‹ค.

Read More

Hack the AI Prompt ๐Ÿค–

  • 3 min read

chatGPT๋Š” ์ถœ์‹œ ์ดํ›„ ์ •๋ง ๋งŽ์€ ๊ฒƒ๋“ค์„ ๋ฐ”๊ฟจ์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์‹ค์ œ ์ผ์— ํฐ ์˜ํ–ฅ์„ ์ค€๋‹ค๊ธฐ ๋ณด๋‹จ ์—ฌ๋Ÿฌ AI๊ฐ€ ์‚ฌ๋žŒ๋“ค์˜ ๋งŽ์€ ๊ด€์‹ฌ์„ ๋ฐ›๊ฒŒ๋˜๋ฉด์„œ ๋ณด์•ˆ์ ์ธ ๊ด€์ ์—์„œ๋„ ์ถฉ๋ถ„ํ•œ ๊ณ ๋ฏผ๊ณผ ๊ธฐ์ˆ ์˜ ๋ฐœ์ „์ด ์˜ค๋Š” ์‹œ๊ธฐ๋ผ๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค. ์ด์ „์— AI์— ๋Œ€ํ•œ ๊ณต๊ฒฉ์€ ํ•™์Šต ์ชฝ์— ๊ด€์—ฌํ•˜๋Š” ํ˜•ํƒœ๋กœ ์น˜์šฐ์ณค๋‹ค๋ฉด ํ˜„์žฌ๋Š” Prompt์— ๋Œ€ํ•œ ํ…Œ์ŠคํŒ…๊ณผ ๊ด€์‹ฌ๋„ ๋งŽ์€ ์ƒํƒœ์ž…๋‹ˆ๋‹ค.

Read More

ZAP Site Tree์—์„œ 404 ํŽ˜์ด์ง€ ํ•œ๋ฒˆ์— ์ง€์šฐ๊ธฐ

  • ~1 min read

ZAP์˜ Site tree๋Š” Burp์™€๋Š” ๋‹ค๋ฅด๊ฒŒ 404 Not found๋„ ๋ณด์—ฌ์ฃผ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ข…์ข… ์“ธ๋งŒํ•œ ์ •๋ณด๊ฐ€ ๋˜๊ธฐ ํ•˜์ง€๋งŒ ๋Œ€์ฒด๋กœ ๋ณด๊ธฐ ๋ถˆํŽธํ•œ ์กด์žฌ์ž…๋‹ˆ๋‹ค. ZAP์—์„œ๋Š” ๊ณต์‹์ ์œผ๋กœ ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•ด์ฃผ๊ณ  ์žˆ์ง€ ์•Š๊ธฐ ๋•Œ๋ฌธ์— ๊ฐ„๋‹จํ•˜๊ฒŒ ์Šคํฌ๋ฆฝํŒ…ํ•˜์—ฌ ์ œ๊ฑฐํ•˜๋Š” ๊ฒƒ์ด ํŽธ๋ฆฌํ•ฉ๋‹ˆ๋‹ค. ๊ฐ„๋‹จํ•˜๊ฒŒ ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Encoding Only Your Choices, EOYC

  • 2 min read

์š”์ฆ˜ ์žฅ๋‚œ๊ฐ ์‚ผ์•„ Crystal๊ณผ Elixir๋กœ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์ฝ”๋“œ๋ฅผ ์ž‘์„ฑํ•ด๋ณด๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ํŠนํžˆ Crystal์€ Ruby์™€ ์ œ๊ฐ€ ์˜ˆ์ „์— ํ•œ๋ฒˆ ์†Œ๊ฐœํ•˜๊ธฐ๋„ ํ—€๊ณ  Ruby์™€ ๊ฑฐ์˜ ์œ ์‚ฌํ•œ ๋ฌธ๋ฒ•์— ์†๋„๊นŒ์ง€ ๊ฐ–์ถ”๊ณ  ์žˆ์–ด ๊ฐœ์ธ์ ์œผ๋กœ ๊ด€์‹ฌ์ด ๋งŽ์•˜๋˜ ์–ธ์–ด์ž…๋‹ˆ๋‹ค. ์ตœ๊ทผ์— ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์ด์œ ๋กœ Crystal์€ ์ฃผ๋ ฅ ์–ธ์–ด๋กœ ๋งŒ๋“ค์–ด๊ฐ€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ Crystal๋กœ ์ž‘์„ฑํ•œ ๊ฐ„๋‹จํ•œ ๋„๊ตฌ ํ•˜๋‚˜ ๊ณต์œ ํ•˜๋ ค๊ณ  ๊ธ€์„ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Cross handling Cookies in Zest

  • 3 min read

์˜ค๋Š˜์€ Zest ์Šคํฌ๋ฆฝํŠธ์—์„œ Headless Browser์™€ ์ผ๋ฐ˜ ZAP ์š”์ฒญ๊ฐ„ Cookie๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. Headless Browser์™€ ZAP ๋‚ด๋ถ€์˜ Req/Res ๊ฐ„์— ์ฟ ํ‚ค ๊ตํ™˜์œผ๋กœ ์—ฌ๋Ÿฌ ์ƒํ™ฉ์—์„œ ์›น ์š”์ฒญ์„ ์‰ฝ๊ฒŒ ์ฒ˜๋ฆฌํ•˜์—ฌ ์›ํ•˜๋Š” ๋ณด์•ˆ ํ…Œ์ŠคํŒ…, ์ž๋™ํ™” ๋ฃจํ‹ด์„ ์ด์–ด๊ฐˆ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP์—์„œ ์šฐ์•„ํ•˜๊ฒŒ Cookie ๊ธฐ๋ฐ˜ Auth ํ…Œ์ŠคํŒ…ํ•˜๊ธฐ

  • 3 min read

Web์˜ Authorization, Permission, Access Control ํ…Œ์ŠคํŒ… ์‹œ ์–ด๋–ค ๋ฐฉ๋ฒ•์„ ํ™œ์šฉํ•˜์‹œ๋‚˜์š”? ๋ณดํ†ต ๋ณด์•ˆ ํ…Œ์ŠคํŒ… ๋‹จ๊ณ„์—์„  ๊ถŒํ•œ์„ ๋ฐ”๊ฟ”๊ฐ€๋ฉฐ ์ˆ˜๋™์œผ๋กœ ํ…Œ์ŠคํŠธํ•˜๊ฑฐ๋‚˜ ์ž๋™ํ™”๋œ ๋„๊ตฌ๋ฅผ ํ†ตํ•œ ํ…Œ์ŠคํŒ…, ๋˜๋Š” ๋‘๊ฐœ๋ฅผ ๋ณ‘ํ–‰ํ•˜์—ฌ ํ…Œ์ŠคํŠธํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์ž๋™ํ™”๋œ ํ…Œ์ŠคํŒ…์„ ์œ„ํ•ด์„  Burpsuite, ZAP, CLI Tools ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

Read More

Hello Caido ๐Ÿ‘‹๐Ÿผ

  • 2 min read

์ตœ๊ทผ Rust ๊ธฐ๋ฐ˜์˜ ๋ถ„์„๋„๊ตฌ์ธ Caido๊ฐ€ ๋“œ๋””์–ด Public Beta๋กœ ์ „ํ™˜๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ธฐ์กด Private Beta ๋‹น์‹œ ์ˆ˜๋ คํ•œ UI์™€ ๋น ๋ฅด๋‹ค๊ณ  ์•Œ๋ ค์ง„ ์†๋„ ๋•๋ถ„์— ์ผ๋ถ€ BugBountyHunter ๋“ค์—๊ฒŒ ์„ ํƒ๋˜์–ด ์‚ฌ์šฉ๋˜์—ˆ๊ณ  ๋งŽ์€ ๊ด€์‹ฌ์„ ๋ฐ›๊ณ  ์žˆ๋˜ ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

Read More

CORS Bypass via dot

  • 1 min read

Origin ํ—ค๋”์™€ ACAO(Access-Control-Allow-Origin) ํ—ค๋”๋Š” Cross-Origin ๊ด€๊ณ„์—์„œ ๋ฐ์ดํ„ฐ๋ฅผ ์ „๋‹ฌํ•˜๊ณ  ์ˆ˜์‹ ํ•˜๊ธฐ ์œ„ํ•œ ํ—ค๋”๋กœ SOP(Same-Origin Policy)๋ฅผ ๊ณต์‹์ ์œผ๋กœ ์šฐํšŒํ•˜๊ธฐ ์œ„ํ•œ ํ—ค๋”์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ CORS๋ผ๊ณ  ํ†ต์šฉ๋˜์–ด ๋ถ€๋ฅด๋ฉฐ, ์ด๋Š” JSON Hijacking๊ณผ CSRF ์ทจ์•ฝ์ ์— ํฐ ์ ‘์ ์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP Custom En/Decoder ๋งŒ๋“ค๊ธฐ

  • 2 min read

ZAP์˜ ํ™•์žฅ์„ฑ์€ Scripting Engine์˜ ํŒŒ์›Œ์—์„œ ๋‚˜์˜ต๋‹ˆ๋‹ค. URL, HTML, Base64 ๋“ฑ ํ…Œ์ŠคํŒ… ๋‹จ๊ณ„์—์„  ์ธ/๋””์ฝ”๋”ฉ์„ ํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๊ต‰์žฅํžˆ ๋งŽ์€๋ฐ์š”. ์ด ๋•Œ ์‚ฌ์šฉํ•˜๋Š” Encode/Decode/Hash ๊ธฐ๋Šฅ ๋˜ํ•œ Scripting์œผ๋กœ ํ™•์žฅํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Firefox + Container + Proxy = Hack Env

  • 2 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ ๋ถ„์„ํ•˜์‹ค ๋•Œ ์–ด๋–ค ๋ธŒ๋ผ์šฐ์ €๋ฅผ ์‚ฌ์šฉํ•˜์‹œ๋‚˜์š”? ์ €๋Š” ๋ณดํ†ต ๊ฐ ๋„๊ตฌ์˜ Embedded Browser(ZAP-Firefox/Burp-Chrome)์„ ์ฃผ๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์ข…์ข… ์ผ๋‹จ Firefox๋กœ๋„ ํ…Œ์ŠคํŠธ๋ฅผ ์ฆ๊ฒจํ•ฉ๋‹ˆ๋‹ค.

Read More

Front-End Tracker๋กœ DOM/Storage ๋ถ„์„ํ•˜๊ธฐ

  • 2 min read

ZAP ํŒ€์—์„œ ๊ด€๋ฆฌํ•˜๋Š” ๋„๊ตฌ๋“ค ์ค‘์— ์œ ๋… ๊ด€์‹ฌ์ด ๊ฐ€๋˜ ๋„๊ตฌ๊ฐ€ ํ•˜๋‚˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ๋“œ๋””์–ด ์ •๋ฆฌ๋ฅผ ๋งˆ๋ฌด๋ฆฌํ•ด์„œ ๋ธ”๋กœ๊ทธ ๊ธ€๋กœ ๊ณต์œ ๋“œ๋ฆฌ๋ฉด์„œ ์–ด๋–ป๊ฒŒ ์‚ฌ์šฉํ•˜๋Š”์ง€, ์ด๊ฑธ ํ†ตํ•ด ๋ฌด์—‡์„ ํ•  ์ˆ˜ ์žˆ๋Š”์ง€ ์ด์•ผ๊ธฐ๋“œ๋ฆฌ๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

Katana์™€ Web Crawler

  • 1 min read

ProjectDiscovery์˜ ๋„๊ตฌ๋“ค์€ ํ•ญ์ƒ ์ปค๋ฎค๋‹ˆํ‹ฐ์— ํฐ ํŒŒ์žฅ์„ ์ผ์œผํ‚ต๋‹ˆ๋‹ค. ์‹ค์ œ๋กœ ProjectDiscovery๋กœ ์ธํ•ด CLI ๊ธฐ๋ฐ˜์˜ ํ…Œ์ŠคํŒ…์ด ํ›จ์”ฌ ๋Œ€์ค‘ํ™”๋˜๊ณ , ์ด๋“ค์˜ ๋„๊ตฌ๋Š” ๊ฐ์ข… Pipeline์—์„œ์˜ ํ•ต์‹ฌ ๋„๊ตฌ๊ฐ€ ๋˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์ตœ๊ทผ์— Katana๋ž€ ๋„๊ตฌ๋ฅผ ์ถœ์‹œํ•˜๊ณ  Nuclei ๋งŒํผ ํฐ ํŒŒ์žฅ์„ ์ผ์œผํ‚ค๊ณ  ์žˆ๋Š” ๊ฒƒ ๊ฐ™๋„ค์š”.

Read More

XSSHunter๊ฐ€ ์ข…๋ฃŒ๋ฉ๋‹ˆ๋‹ค

  • 1 min read

Blind XSS ๋„๊ตฌ ์ค‘ ๊ฐ€์žฅ ์œ ๋ช…ํ•˜๊ณ  ๋งŽ์€ ๊ธฐ๋Šฅ์„ ๋‹ด์•˜๋˜ XSSHunter๊ฐ€ ์˜ฌํ•ด๊นŒ์ง€๋งŒ ์šด์˜๋˜๊ณ  ๋‚ด๋…„๋ถ€ํ„ฐ ์„œ๋น„์Šค๊ฐ€ ์ข…๋ฃŒ๋ฉ๋‹ˆ๋‹ค. ๊ธฐ์—… ๋‚ด๋ถ€์—์„œ๋Š” ๋ณดํ†ต ๋ณ„๋„์˜ BXSS Callback ์„œ๋น„์Šค๋ฅผ ๊ตฌ์ถ•ํ•˜๊ฑฐ๋‚˜ OAST๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ฒดํฌํ–ˆ๊ฒ ์ง€๋งŒ, ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ์œ ์ €๋‚˜ ์™ธ๋ถ€์—์„œ ํ…Œ์ŠคํŒ…ํ•˜๋Š” ๊ฒฝ์šฐ XSSHunter ์‚ฌ์šฉ ๋นˆ๋„๊ฐ€ ๋†’์•˜๋˜๊ฑธ๋กœ ์•Œ๊ณ  ์žˆ์–ด ์•„์‰ฌ์›€์ด ๋งŽ์ด ๋‚จ์Šต๋‹ˆ๋‹ค. (์ € ๋˜ํ•œ ๊ต‰์žฅํžˆ ์• ์šฉํ–ˆ๊ตฌ์š”.)

Read More

๋น ๋ฅธ ํ…Œ์ŠคํŒ…์„ ์œ„ํ•œ ZAP ๋‹จ์ถ•ํ‚ค๋“ค

  • 1 min read

ZAP์—์„œ ์ž์ฃผ ์‚ฌ์šฉํ•˜๋Š” ๋‹จ์ถ•ํ‚ค๋“ค ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค. ๊ฐœ์ธ์ ์œผ๋กœ Tab ๊ณ„ํ†ต(History, Fuzz, Sites, Scripts ๋“ฑ)์€ 3ํ‚ค ์ด์ƒ ๋ˆŒ๋Ÿฌ์•ผ ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋Œ€๋‹ค์ˆ˜๊ฐ€ 1-2 ํ‚ค ๊ตฌ์„ฑ์ž…๋‹ˆ๋‹ค. (๋ฌผ๋ก  ํƒญ๋“ค๋„ ์‰ฝ๊ฒŒ ์ ์šฉํ•˜๋Š” ๋ฒ•์ด ์žˆ์–ด์š”)

Read More

ZAP 2.12 Review โšก๏ธ

  • 2 min read

๋“œ๋””์–ด ZAP 2.12 ๋ฒ„์ „์ด ๋ฆด๋ฆฌ์ฆˆ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๐ŸŽ‰๐Ÿ‘๐Ÿผ๐Ÿพ 10์›” ์ค‘์ˆœ์ฏค์— ๋ฆด๋ฆฌ์ฆˆ ์˜ˆ์ •์ด์˜€์ง€๋งŒ, ์ด์Šˆ๋กœ ์•ฝ๊ฐ„ ๋Šฆ์–ด์กŒ๋‹ค๊ณ  ํ•˜๋„ค์š”. ์˜ค๋Š˜์€ ZAP 2.12 ๋ฒ„์ „์—์„œ ๋ฐ”๋€ ๋‚ด์šฉ๋“ค์„ ๋ฆฌ๋ทฐํ•ด๋ณด๋„๋ก ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค. ๊ทธ๋Ÿผ ์‹œ์ž‘ํ•˜์ฃ .

Read More

localStorage + getter = Prototype Pollution

  • 1 min read

์˜ค๋Š˜์€ Prototype Pollution์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ์ž ๊น ํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ๋‹ค๋ฆ„์ด ์•„๋‹ˆ๋ผ @garethheyes๊ฐ€ ์•„๋ž˜์™€ ๊ฐ™์€ ๋‚ด์šฉ์˜ ํŠธ์œ—์„ ์˜ฌ๋ ธ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

CSRF is dying

  • 3 min read

CSRF๋Š” XSS, SQL Injection๊ณผ ํ•จ๊ป˜ ์›น์—์„œ ๊ฐ€์žฅ ๋Œ€ํ‘œ์ ์ด ์ทจ์•ฝ์  ์ค‘ ํ•˜๋‚˜์ž…๋‹ˆ๋‹ค. ํ˜„์žฌ๊นŒ์ง€๋„ ์ข…์ข… ๋ฐœ๊ฒฌ๋˜๋Š” ์ทจ์•ฝ์ ์ด์ง€๋งŒ, ์—…๊ณ„์—์„œ๋Š” ์˜ค๋ž˜์ „๋ถ€ํ„ฐ ์„œ์„œํžˆ ์ฃฝ์–ด๊ฐ„๋‹ค๋Š” ํ‘œํ˜„์„ ํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Metasploit์—์„œ HTTP Debug ํ•˜๊ธฐ

  • 1 min read

MSF๋ฅผ ์‚ฌ์šฉํ•˜๋‹ค ๋ณด๋ฉด ์‹ค์ œ๋กœ ๊ณต๊ฒฉ ํŽ˜์ด๋กœ๋“œ๊ฐ€ ์ž˜ ์ „์†ก๋˜์—ˆ๋Š”์ง€ ํ™•์ธํ•˜๊ณ  ์‹ถ์„ ๋•Œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋˜ ๋ชจ๋“ˆ์„ ์ด์šฉํ•ด์„œ ํ…Œ์ŠคํŠธํ–ˆ์ง€๋งŒ ๊ฐœ๋ฐœ์ž ๋“ฑ์ด ์ดํ•ดํ•˜๊ธฐ ์‰ฝ๊ฒŒ HTTP ์š”์ฒญ์œผ๋กœ ๋ณด์—ฌ์ค˜์•ผํ•  ๋•Œ๋„ ์ข…์ข… ์ƒ๊น๋‹ˆ๋‹ค.

Read More

Broken link๋ฅผ ์ฐพ์ž! DeadFinder

  • 1 min read

์ตœ๊ทผ์— Broken Link(Dead Link)๋ฅผ ์‰ฝ๊ฒŒ ์ฐพ๊ธฐ ์œ„ํ•œ ๋„๊ตฌ๋ฅผ ํ•˜๋‚˜ ๋งŒ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค. ์ œ ๋ธ”๋กœ๊ทธ์˜ Broken Link๋ฅผ ์ฐพ๊ธฐ ์œ„ํ•œ ๋ชฉ์ ์ด์˜€์ง€๋งŒ, ๊ฐ€๋ณ๊ฒŒ๋ผ๋„ ํ•œ๋ฒˆ ๊ณต์œ ํ•˜๋Š”๊ฒŒ ์ข‹์„ ๊ฒƒ ๊ฐ™์•„์„œ ๋ธ”๋กœ๊ทธ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

OAST์— Hint๋ฅผ ๋”ํ•˜๋‹ค

  • 2 min read

OAST(OOB)๋ฅผ ํ†ตํ•œ ํ…Œ์ŠคํŒ… ๋ฐฉ๋ฒ•์€ ๋ช‡๋…„ ์‚ฌ์ด ์ •๋ง ๋งŽ์€ ๋ฐœ์ „์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Param Digger! Easy param mining via ZAP

  • 1 min read

์˜ฌํ•ด ZAP์˜ GSoC ํ”„๋กœ์ ํŠธ๋Š” Param Mining์„ ํ•˜๋Š” AddOn์ด ์„ ์ • ๋˜์—ˆ์—ˆ์Šต๋‹ˆ๋‹ค. BurpSuite์˜ Param Miner๋ฅผ ๋ชจํ‹ฐ๋ธŒ๋กœ ์‰ฝ๊ฒŒ Miningํ•˜๋Š” ๊ฒƒ์ด ๋ชฉํ‘œ๊ฐ€ ๋˜์—ˆ๊ธฐ์—, Scripting๊ณผ Fuzzing์œผ๋กœ๋งŒ Param Mining์„ ์ œ ์ž…์žฅ์—์„  ๋งค์šฐ ๋ฐ˜๊ฐ€์šด ์†Œ์‹์ด์˜€์—ˆ์ฃ .

Read More

Hex? Imhex and Hexyl

  • 1 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ ์–ด๋–ค Hex editor/viewer๋ฅผ ์‚ฌ์šฉํ•˜์‹œ๋‚˜์š”? ์ €๋Š” Linux๋ฅผ ๋ฉ”์ธ์œผ๋กœ ์‚ฌ์šฉํ•  ๋–ˆ Ghex์™€ hexdump, macOS์—์„  hexyl์™€ vim(+plug)์„ ์ฃผ๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ํฌ๋กœ์Šค ํ”Œ๋žซํผ์„ ์ง€์›ํ•˜๋Š” ์—„์ฒญ๋‚œ Hex Editor์ธ ImHex์— ๋Œ€ํ•ด ์†Œ๊ฐœํ•ด๋“œ๋ฆฌ๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ์ €๋„ ์ด์ œ๋Š” ImHex์™€ hexyl ์กฐํ•ฉ์œผ๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค :D

Read More

ZAPโšก๏ธ Replacer VS Sender Script

  • 2 min read

ZAP์—์„œ ๋ชจ๋“  ์š”์ฒญ์— ์ƒˆ๋กœ์šด ํ—ค๋”๋‚˜ ๋ฐ์ดํ„ฐ๋ฅผ ์ถ”๊ฐ€ํ•˜๋ ค๋ฉด ์–ด๋–ป๊ฒŒ ํ•ด์•ผํ• ๊นŒ์š”? ๋ณดํ†ต์€ Replacer ๋ผ๋Š” ๊ธฐ๋Šฅ์„ ์ด์šฉํ•ด์„œ ๊ฐ’์„ ๋ณ€๊ฒฝํ•˜๊ฑฐ๋‚˜ ์ƒˆ๋กœ ์ถ”๊ฐ€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

๊ฐ„๋‹จํ•˜๊ฒŒ ZAP Scripting ๋ฐฐ์›Œ๋ณด๊ธฐ

  • 1 min read

์˜ค๋Š˜์€ ZAP Scripting์„ ์ฒ˜์Œ ์ ‘ํ•  ๋•Œ ์ต์ˆ™ํ•ด์ง€๊ธฐ ์ข‹์€ ์˜ˆ์ œ ๋‘๊ฐ€์ง€๋ฅผ ์†Œ๊ฐœํ•ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ์ด ๊ธ€์„ ์ฝ์–ด์ฃผ์‹œ๋ฉด, ๊ฐ„๋‹จํ•œ ์ฝ”๋“œ ์ž‘์„ฑ์œผ๋กœ ZAP์—์„œ ๋ฐ์ดํ„ฐ๋ฅผ ์กฐํšŒํ•˜๊ฑฐ๋‚˜, 3rd party ์Šค์บ”์„ ์š”์ฒญํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ์–ป์–ด๊ฐ€์‹ค ์ˆ˜ ์žˆ์„๊ฑฐ์—์š” ๐Ÿ˜Š

Read More

ZAP Forced User Mode!!

  • 1 min read

์ œ๊ฐ€ ์ž‘๋…„๋ถ€ํ„ฐ ZAP์˜ Authentication / Authorization ๊ธฐ๋Šฅ๋“ค์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ๋งŽ์ด ํ–ˆ์—ˆ๋˜ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์‹ค์ œ๋กœ ํ…Œ์ŠคํŒ…์—๋„ ๋งŽ์€ ๋ถ€๋ถ„๋“ค์„ ์ ์šฉํ•˜๊ณ  ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Input/Custom Vectors๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ZAP์—์„œ ์ •๋ฐ€ํ•˜๊ฒŒ ์ทจ์•ฝ์  ์Šค์บ”ํ•˜๊ธฐ ๐ŸŽฏ

  • 1 min read

Active Scan

๋จผ์ € Active Scan์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ๊ฐ€๋ณ๊ฒŒํ•˜๊ณ  ์‹œ์ž‘ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค. ZAP์˜ Active Scan์€ ์ˆ˜์ง‘๋œ URL์„ ๊ธฐ๋ฐ˜์œผ๋กœ ์ง€์ •๋œ ํŒจํ„ด, ๋กœ์ง์œผ๋กœ ์ž๋™ํ™”๋œ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…์„ ํ•˜๋Š” ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค. ๋ณดํŽธ์ ์œผ๋ก  ์‚ฌ์ดํŠธ ์ „์ฒด์— ๋Œ€ํ•œ ์Šค์บ”์ด ๋งŽ์ด ์–ธ๊ธ‰๋˜์ง€๋งŒ, ZAP์˜ ๊ฐ•์  ์ค‘ ํ•˜๋‚˜๋Š” ์›ํ•˜๋Š” HTTP Request๋ฅผ ๋Œ€์ƒ์œผ๋กœ ๋‹จ๊ฑด์˜ ์Šค์บ๋‹์„ ์‰ฝ๊ฒŒ ํ•  ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์ž…๋‹ˆ๋‹ค.

Read More

Zest script in CLI

  • 2 min read

ZAP์˜ ๊ฐ•๋ ฅํ•œ ๊ธฐ๋Šฅ์ธ Scripting์—์„œ ํ•œ๋ฒˆ ๋” ๊ฐ•๋ ฅํ•˜๊ฒŒ ๋งŒ๋“ค์–ด ์ฃผ๋Š” ๊ฒƒ์ด ๋ฐ”๋กœ Zest script์ž…๋‹ˆ๋‹ค. JSON ๊ธฐ๋ฐ˜์˜ ์Šคํฌ๋ฆฝํŠธ๋กœ ์›น Req/Res ๊ทธ๋ฆฌ๊ณ  Headless browser์— ๋Œ€ํ•œ ์ปจํŠธ๋กค, ๋งˆ์ง€๋ง‰์œผ๋กœ Assertion ๋“ฑ ํ…Œ์ŠคํŒ… ๊ธฐ๋Šฅ์„ ์ด์šฉํ•ด ๊ฐ„๋‹จํ•œ ์ฝ”๋“œ๋กœ ๋ณต์žกํ•œ ํ…Œ์ŠคํŒ…์„ ํ•  ์ˆ˜ ์žˆ๋Š” ์Šคํฌ๋ฆฝํŠธ์ž…๋‹ˆ๋‹ค. ์ž์„ธํ•œ ๋‚ด์šฉ์€ ์ œ๊ฐ€ ์ „์— ์ž‘์„ฑํ–ˆ๋˜ ๊ธ€๋“ค์„ ์ฐธ๊ณ ํ•ด์ฃผ์„ธ์š”.

Read More

ZAP์—์„œ Zest Script๋กœ Headless ๊ธฐ๋ฐ˜์˜ ์ธ์ฆ ์ž๋™ํ™” ์ฒ˜๋ฆฌํ•˜๊ธฐ

  • 3 min read

์ตœ๊ทผ์— Headless ๊ธฐ๋ฐ˜์˜ Authentication script๋ฅผ ๋งŒ๋“ค๊ณ  ์žˆ์—ˆ๋Š”๋ฐ ์•ฝ๊ฐ„์˜ ์–ด๋ ค์›€์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์‹ค์ œ๋กœ headless browser๋ฅผ ํ†ตํ•ด ์ธ์ฆ ์ฒ˜๋ฆฌ๋Š” ์‰ฌ์šฐ๋‚˜ ๊ทธ ๋’ค์— ZAP์ด ์ด๋ฅผ ์ธ์ง€ํ•˜๊ฒŒ ํ•˜๋Š” ๊ฒƒ์ด ์‰ฝ์ง€๊ฐ€ ์•Š์•˜์—ˆ๋Š”๋ฐ์š”. ๋ฌธ๋œฉ ์ œ๊ฐ€ ์˜ˆ์ „์— Zest script๋ฅผ ์ž‘์„ฑํ•  ๋•Œ Client ๊ด€๋ จ ํ•ญ๋ชฉ์„ ๋ดค๋˜๊ฒŒ ๊ฐ‘์ž๊ธฐ ๊ธฐ์–ต์ด ๋‚˜์„œ GUI๋กœ ์ž‘์„ฑํ•ด๋ณด๋‹ˆ ์—ญ์‹œ๋‚˜ Client(Headless browser)๋ฅผ ์ง€์›ํ•˜๋Š”๊ฒŒ ๋งž์•˜๋„ค์š”.

Read More

ZAP Active Scan ์‹œ Progress์™€ Response chart ํ™œ์šฉํ•˜๊ธฐ

  • 2 min read

์˜ค๋Š˜์€ ZAP์˜ ActiveScan์—์„œ ๋ณผ ์ˆ˜ ์žˆ๋Š” Progress์™€ Response chart์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ์ž ๊น ํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ๋ญ”๊ฐ€ ํฌ๊ฒŒ ๋„์›€๋˜๋Š”๊ฑด ์•„๋‹ˆ์ง€๋งŒ ์Šต๊ด€์ ์œผ๋กœ ์ œ๊ฐ€ ์ฐฝ์— ๋„์–ด๋‘๊ณ  ์žˆ๋Š”๊ฒŒ ๋ฐ”๋กœ Scan์— ๋Œ€ํ•œ Progress์ธ๋ฐ์š”. ์™œ ๋„์šฐ๊ณ , ์–ด๋–ป๊ฒŒ ์‚ฌ์šฉํ•˜๋Š”์ง€ ์ด์•ผ๊ธฐํ•ด๋ณด์ฃ .

Read More

ZAP Bookmarklet for Speed up

  • 1 min read

Bookmarklet

Bookmarklet์€ Javascript ํ•จ์ˆ˜๋ฅผ Bookmark์— ์ถ”๊ฐ€ํ•˜์—ฌ ๋งˆ์น˜ ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ๊ณผ ์œ ์‚ฌํ•˜๊ฒŒ ์‚ฌ์šฉํ•˜๋Š” ๊ธฐ๋ฒ•์œผ๋กœ ๊ฐ„๋‹จํ•œ ์ƒ์„ฑ ๋ฐฉ๋ฒ•์— ๋น„ํ•ด ์›น์—์„œ์˜ ๋ถˆํŽธํ–ˆ๋˜ ์ž‘์—…๋“ค์„ ๋‹จ์ถ•์‹œํ‚ฌ ์ˆ˜ ์žˆ์–ด์„œ ๋งŽ์€ ์‚ฌ๋žŒ๋“ค์ด ์• ์šฉํ•˜๋Š” ๊ธฐ์ˆ ์ž…๋‹ˆ๋‹ค.

Read More

PyScript์™€ Security ๐Ÿ๐Ÿ—ก

  • 2 min read

์ตœ๊ทผ PyCon US 2022์˜ ๋ฐœํ‘œ ์ค‘ PyScript๊ฐ€ ๊ณต๊ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. PyScript๋Š” HTML์—์„œ Python ์ฝ”๋“œ๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ์ œ๊ณตํ•˜๋Š” ๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ๋กœ ์ตœ๊ทผ ์—„์ฒญ๋‚œ ๋ฒ”์šฉ์„ฑ๊ณผ ๋‚ฎ์€ ๋Ÿฌ๋‹ ์ปค๋ธŒ๋ฅผ ๊ฐ€์ง„ Python์ด ์›น์œผ๋กœ ํ™•์žฅํ•˜๋Š” ๋ถ€๋ถ„์ด๋ผ ๊ด€์‹ฌ๋„ ๋งŽ๊ณ  ๋ง๋„ ๋งŽ์Šต๋‹ˆ๋‹ค.

Read More

ZAP HTTP Sessions๋ฅผ ํ†ตํ•ด ๊ฐ„ํŽธํ•˜๊ฒŒ ์„ธ์…˜ ๊ธฐ๋ฐ˜ ํ…Œ์ŠคํŒ…ํ•˜๊ธฐ

  • 2 min read

ZAP์—๋Š” HTTP Sessions๋ผ๋Š” ๊ธฐ๋Šฅ์ด ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋ฆ„๊ณผ ์˜ต์…˜์— ์žˆ๋Š” ๋‚ด์šฉ์„ ๋ณด๊ณ  ์„ธ์…˜ ์ฒ˜๋ฆฌ ๊ด€๋ จ๋œ ๊ธฐ๋Šฅ์ด๊ตฌ๋‚˜ ์ƒ๊ฐ๋งŒ ํ–ˆ์ง€ ์‹ค์ œ๋กœ ํ•œ๋ฒˆ๋„ ์‚ฌ์šฉํ•ด๋ณด์ง€ ์•Š์•˜๋˜ ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค. ์˜ค๋Š˜ ๋†“์นœ ๊ธฐ๋Šฅ์ด ์žˆ์„๊นŒ ์‹ถ์–ด์„œ ๋ฉ”๋‰ด๋ฅผ ๋Œ์•„๋‹ค๋‹ˆ๋˜ ์ค‘ ๋ฐœ๊ฒฌํ•˜์—ฌ ํ…Œ์ŠคํŠธํ•ด๋ดค๋Š”๋ฐ ์ƒ๊ฐ๋ณด๋‹ค ํ…Œ์ŠคํŒ…์˜ ๋ถˆํŽธํ•จ์„ ์ค„์—ฌ์ค„ ์ˆ˜ ์žˆ๋Š” ๋ถ€๋ถ„์œผ๋กœ ๋ณด์—ฌ์„œ ๊ธ€๋กœ ์†Œ๊ฐœํ•ด๋“œ๋ฆฌ๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค :D

Read More

CSS Transition ๊ธฐ๋ฐ˜์˜ ontransitionend XSS

  • ~1 min read

@garethheyes๊ฐ€ ๋˜ ์ƒˆ๋กœ์šด XSS ๋ฒกํ„ฐ๋ฅผ ๋งŒ๋“ค์–ด ์™”์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ ontransitionend ๋ž€ ์ด๋ฒคํŠธ ํ•ธ๋“ค๋Ÿฌ์ธ๋ฐ์š”. ์ด ์ด๋ฒคํŠธ ํ•ธ๋“ค๋Ÿฌ๋Š” transition, ์ฆ‰ CSS์˜ ์• ๋‹ˆ๋ฉ”์ด์…˜์ด ๋๋‚  ๋•Œ ๋™์ž‘ํ•˜๋ฉฐ ๋™์ž‘์„ ์œ„ํ•ด์„  ํ•ด๋‹น Element์— ํฌ์ปค์Šค ์ƒํƒœ๊ฐ€ ๋˜์–ด์•ผํ•ฉ๋‹ˆ๋‹ค.

Read More

Metasploit ๋ฐ์ดํ„ฐ๋ฅผ Httpx๋กœ?

  • 3 min read

์˜ค๋žœ๋งŒ์— Metasploit ๊ด€๋ จ ๊ธ€์„ ์“ฐ๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๋‹ค๋ฆ„์ด ์•„๋‹ˆ๋ผ netpen์ด๋ผ๋Š” plugin์„ ํ•˜๋‚˜ ์ฐพ์•˜๋Š”๋ฐ, ์ด๋ฅผ ์ด์šฉํ•˜๋ฉด Metasploit์œผ๋กœ ์ˆ˜์ง‘ํ•œ ์ •๋ณด๋ฅผ ๊ฐ€์ง€๊ณ  nuclei๋‚˜ zap/burp ๋“ฑ ๋‹ค๋ฅธ ๋„๊ตฌ์™€ ํŒŒ์ดํ”„ ๋ผ์ธ์œผ๋กœ ๊ตฌ์„ฑํ•ด์„œ ์‚ฌ์šฉํ•˜๊ธฐ ์ข‹์•„๋ณด์˜€์Šต๋‹ˆ๋‹ค.

Read More

ZAP HUNT Remix

  • 1 min read

์ œ๊ฐ€ ์˜ค๋žฌ๋™์•ˆ ์ž˜ ์จ์˜ค๋˜ ๋„๊ตฌ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ HUNT์ธ๋ฐ์š”! ์ € ๋˜ํ•œ ๋ถ„์„ํ•˜๋Š” ๋ฐฉ๋ฒ• ์ค‘ Data Driven Testing์„ ์„ ํ˜ธํ•˜๋Š” ํŽธ์ด๋ผ HUNT ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์ •๋ง ์ž˜ ์“ฐ๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Context Technology๋กœ ZAP ์Šค์บ” ์†๋„ ์˜ฌ๋ฆฌ๊ธฐ

  • ~1 min read

ZAP์˜ Context(Scope)์—๋Š” Technology ๋ผ๋Š” ํ•ญ๋ชฉ์ด ์กด์žฌํ•ฉ๋‹ˆ๋‹ค. ์ด๋Š” Context > Technology ๊ฒฝ๋กœ์— ์กด์žฌํ•˜๋ฉฐ ์ž์„ธํžˆ ์‚ดํŽด๋ณด๋ฉด DB, Language, OS ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ Technology ๋ฆฌ์ŠคํŠธ์™€ ์ฒดํฌ๋ฐ•์Šค๊ฐ€ ์กด์žฌํ•ฉ๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ ์ „๋ถ€ ์ฒดํฌ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Spring4Shell RCE ์ทจ์•ฝ์  (CVE-2022-22965)

  • 2 min read

์ง€๋‚œ ์ฃผ Spring4Shell ์ทจ์•ฝ์ ์œผ๋กœ ์ธํ•ด ์ธํ„ฐ๋„ท์ด ๋˜ ๋ถˆํƒˆ ๋ป” ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋‹คํ–‰ํžˆ Log4Shell ๋ณด๋‹จ ์žฌํ˜„ํ•˜๊ธฐ ์–ด๋ ต๋‹ค๋Š” ๋ฌธ์ œ๋กœ ๋ฌด๋‚œํ•˜๊ฒŒ ์ง€๋‚˜๊ฐ”๋Š”๋ฐ์š”. ๊ฒธ์‚ฌ๊ฒธ์‚ฌ ์ข€ ๋Šฆ์—ˆ์ง€๋งŒ ์ด์Šˆ ์ •๋ฆฌํ•ด์„œ ๊ธ€๋กœ ์˜ฌ๋ ค๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

ZAP Structural Modifier

  • 2 min read

์ €๋Š” ์ทจ์•ฝ์ ์„ ์ฐพ์„ ๋•Œ ์ค‘์š”ํ•œ 3๊ฐ€์ง€๋ฅผ ๋ฝ‘์œผ๋ผ๊ณ  ํ•œ๋‹ค๋ฉด ์•„๋งˆ๋„ ๊ธฐ์ˆ ์— ๋Œ€ํ•œ ์ดํ•ด, ๋Œ€์ƒ์— ๋Œ€ํ•œ ์ดํ•ด, ๊ทธ๋ฆฌ๊ณ  ์„ผ์Šค๋ฅผ ํƒํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์ด์™ธ์—๋„ ์ค‘์š”ํ•œ ์š”์†Œ๋“ค์€ ์ •๋ง ๋งŽ๊ฒ ์ง€๋งŒ ์ด 3๊ฐ€์ง€๋Š” ์ผํ•  ๋•Œ ๊ฐ€์žฅ ๋งŽ์ด ๋Š๋ผ๋Š” ๋ถ€๋ถ„์ด์˜€์–ด์š”.

Read More

Ajax Spidering ์‹œ ๋ธŒ๋ผ์šฐ์ € ์—”์ง„ ๋ณ„ ์„ฑ๋Šฅ ๋น„๊ต ๐Ÿ

  • 3 min read

ZAP์˜ AjaxSpider๋Š” headless browser๋ฅผ ํ†ตํ•ด์„œ ์ง์ ‘ ๋ธŒ๋ผ์šฐ์ง•ํ•˜๋ฉฐ Spidering ํ•˜๋Š” ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค. ๊ธฐ๋ณธ์ ์œผ๋กœ๋Š” Firefox๊ฐ€ ์„ค์ •๋˜์–ด ์žˆ์ง€๋งŒ, ๊ฐœ์ธ์˜ ์ทจํ–ฅ์— ๋”ฐ๋ผ Chrome, PhantomJS ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ browser(headless or common)๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

MyEnv := ZAP+Proxify+Burp

  • 3 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…ํ•˜์‹ค ๋–„ ์–ด๋–ค ๋„๊ตฌ๋“ค์„ ์‚ฌ์šฉํ•˜์‹œ๋‚˜์š”? ์ €๋Š” ZAP์„ ๋ฉ”์ธ์œผ๋กœ ๊ทธ๋ฆฌ๊ณ  Burpsuite๋ฅผ ๋ณด์กฐ ์Šค์บ๋„ˆ๋กœ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ์ œ๊ฐ€ 2021๋…„ ๋งˆ์ง€๋ง‰๊ธ€(โ€œ๋‚˜์˜ ๋ฉ”์ธ Weapon ์ด์•ผ๊ธฐโ€œ)์— Proxify์— ๋Œ€ํ•ด ์–ธ๊ธ‰์„ ํ–ˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ์ด Proxify๋ฅผ ์ด์šฉํ•˜์—ฌ ์ œ๊ฐ€ ์ƒˆ๋กœ ๊ตฌ์„ฑํ•˜๋ ค๋Š” ๋ถ„์„ ํ™˜๊ฒฝ๊ณผ ์ด์œ , ๊ทธ๋ฆฌ๊ณ  ์ด๋ฅผ ํ†ตํ•ด ๋” ์–ป๊ณ ์ž ํ•˜๋Š” ๊ฒƒ๋“ค์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

XSS Weakness(JSON XSS) to Valid XSS

  • 3 min read

์˜ค๋Š˜์€ XSS Weakness๋ฅผ ํŠธ๋ฆฌ๊ฑฐ ๊ฐ€๋Šฅํ•œ XSS๋กœ ๋ฐ”๊พธ๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ์ƒˆ๋กœ์šด ๊ธฐ์ˆ ์€ ์•„๋‹ˆ๊ณ  ์˜ค๋ž˜์ „๋ถ€ํ„ฐ ๋‹ค๋“ค ์‚ฌ์šฉํ•˜์‹œ๋˜ ํŠธ๋ฆญ์ผํ…๋ฐ, ์ƒ๊ฐํ•ด๋ณด๋‹ˆ ์ œ๊ฐ€ ๋”ฐ๋กœ ์ •๋ฆฌํ–ˆ๋˜ ์ ์€ ์—†์–ด์„œ ์ด์ฐธ์— ๊ธ€๋กœ ๋‚จ๊ฒจ๋‘˜๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

System Hardening์„ ํ”ผํ•ด RCE๋ฅผ ํƒ์ง€ํ•˜๊ธฐ ์œ„ํ•œ OOB ๋ฐฉ๋ฒ•๋“ค

  • 3 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ RCE(Remote Code Execution)๋ฅผ ์‹๋ณ„ํ•˜๊ธฐ ์œ„ํ•ด ์–ด๋–ค ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋‚˜์š”? ์ €๋Š” ๊ฐœ์ธ์ ์œผ๋กœ OOB(Out-of-band)๋ฅผ ์ฆ๊ฒจ์„œ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. Sleep ๋“ฑ time ๊ธฐ๋ฐ˜๋„ ์ •ํ™• ํ•˜์ง€๋งŒ, ๋น„๋™๊ธฐ ๋กœ์ง์ด ๋งŽ์€ ์š”์ฆ˜ time ๋ณด๋‹จ oob๊ฐ€ ๋” ์ •ํ™•ํ•˜๋‹ค๊ณ  ์ƒ๊ฐ์ด ๋“œ๋„ค์š”. (๋ฌผ๋ก  ๋‘˜ ๋‹ค ์ฒดํฌํ•˜์ง€๋งŒ์š” ๐Ÿ˜Š)

Read More

Data URI(data:) XSS v2

  • 1 min read

์ œ๊ฐ€ ์˜ค๋ž˜์ „์— Data URI XSS๋ฅผ ๋‹ค๋ฃจ๋Š” โ€œForm action + data:๋ฅผ ์ด์šฉํ•œ XSS Filtering ์šฐํšŒ ๊ธฐ๋ฒ•โ€œ๋ž€ ๊ธ€์„ ์“ด ์ ์ด ์žˆ์—ˆ๋Š”๋ฐ์š”, ์˜ค๋Š˜์€ ์กฐ๊ธˆ ๋” ๊ฐœ์„ ๋œ ๋ฒ„์ „์œผ๋กœ ๊ธ€์„ ์ž‘์„ฑํ•ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

URL: prefix๋ฅผ ์ด์šฉํ•˜์—ฌ Deny-list ๊ธฐ๋ฐ˜ Protocol ๊ฒ€์ฆ ์šฐํšŒํ•˜๊ธฐ

  • 2 min read

phithon_xg๊ฐ€ ์žฌ๋ฏธ์žˆ๋Š” ํŠธ๋ฆญ์„ ํŠธ์œ—์— ๊ณต๊ฐœํ–ˆ๋Š”๋ฐ, ์‹ค์ œ๋กœ ๋ถ„์„์• ์„œ ์œ ์šฉํ•˜๊ฒŒ ์“ฐ์ผ ์ˆ˜ ์žˆ์–ด ๊ฐ„๋‹จํ•˜๊ฒŒ ์ •๋ฆฌํ•ด์„œ ๊ธ€๋กœ ๊ณต์œ ๋“œ๋ ค๋ด…๋‹ˆ๋‹ค.

Read More

Sequential Import Chaining์„ ์ด์šฉํ•œ CSS ๊ธฐ๋ฐ˜ ๋ฐ์ดํ„ฐ ํƒˆ์ทจ

  • 2 min read

์˜ค๋Š˜์€ CSS ๊ธฐ๋ฐ˜์˜ ๊ณต๊ฒฉ ๊ธฐ๋ฒ•์ธ Sequential Import Chaining์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ์ž์ฒด์ ์œผ๋กœ ๋ญ”๊ฐ€ ์˜ํ–ฅ๋ ฅ์ด ์žˆ๋Š”๊ฑด ์•„๋‹ˆ์ง€๋งŒ, CSS๋ฅผ ์ œ์–ดํ•  ์ˆ˜ ์žˆ์„ ๋•Œ ์˜ํ–ฅ๋ ฅ์„ ์ฆํญ์‹œ์ผœ์ค„ ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์ด๋‹ˆ ๊ผญ ์•Œ์•„๋‘๊ณ , ์œ ์šฉํ•˜๊ฒŒ ์‚ฌ์šฉํ•˜์‹œ๊ธธ ๋ฐ”๋ž˜์š” ๐Ÿ˜Š

Read More

Attack Surface Detector๋ฅผ ์ด์šฉํ•ด ์†Œ์Šค์ฝ”๋“œ์—์„œ Endpoint ์ฐพ๊ธฐ

  • 1 min read

์ œ๊ฐ€ ์ผํ•  ๋•Œ ์ข…์ข… ์‚ฌ์šฉํ•˜๋Š” ZAP/Burp Addon์ด ์žˆ๋Š”๋ฐ, ์ตœ๊ทผ ์—๋Ÿฌ๊ฐ€ ์žˆ์–ด์„œ ์ฐพ๋‹ค๋ณด๋‹ˆ ์ œ๊ฐ€ ํ•œ๋ฒˆ๋„ ๋ธ”๋กœ๊ทธ์—์„œ ์–ธ๊ธ‰ํ•œ์ ์ด ์—†์—ˆ๋”๊ตฐ์š”. ๊ทธ๋ž˜์„œ ์˜ค๋Š˜์€ ๊ทธ ๋„๊ตฌ์ธ Attack surface detector์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

ZAP์˜ ์ƒˆ๋กœ์šด Networking Stack

  • 2 min read

์ง€๋‚œ ๋ชฉ์š”์ผ ๋ฐค ZAP Developers Groups์— simon์ด ํ•œ๊ฐ€์ง€ ๋‚ด์šฉ์„ ๊ณต์œ ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ ZAP์˜ Networking Layer์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๊ณ , ์ €๋Š” ์ œ๋ชฉ์„ ๋ณด์ž๋งˆ์ž ์–ด๋–ค ๋‚ด์šฉ์ธ์ง€ ์ง๊ฐํ–ˆ์Šต๋‹ˆ๋‹ค. (์ œ๊ฐ€ ์ •๋ง ๊ธฐ๋‹ค๋ ธ๋˜ ๋‚ด์šฉ์ด๊ฑฐ๋“ ์š” ๐Ÿคฉ)

Read More

Custom Payloads๋กœ ZAP ์Šค์บ๋‹ ๊ฐ•ํ™” ๐Ÿš€

  • 3 min read

์˜ค๋Š˜์€ ์ œ๊ฐ€ ์ตœ๊ทผ์— ZAP์—์„œ ์•ฝ๊ฐ„ ๊ด€์‹ฌ์žˆ๊ฒŒ ๋ณด๊ณ ์žˆ๋˜ ๊ธฐ๋Šฅ ํ•˜๋‚˜๋ฅผ ์†Œ๊ฐœํ•ด๋“œ๋ฆด๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๋ฐ”๋กœ Custom Payloads์ธ๋ฐ์š”. Fuzzer๋‚˜ ZAP์˜ Scripting engine์„ ์‚ฌ์šฉํ•˜์ง€ ์•Š๊ณ  ์กฐ๊ธˆ ๋” ์‰ฝ๊ฒŒ ์ง€์ •๋œ ํŽ˜์ด๋กœ๋“œ ๊ธฐ๋ฐ˜์œผ๋กœ ํ…Œ์ŠคํŠธ๋ฅผ ํ•  ์ˆ˜ ์žˆ์–ด์„œ ์•Œ์•„๋‘์‹œ๋ฉด ๋ณด์•ˆ ํ…Œ์ŠคํŒ…์ด๋‚˜ ์ž๋™ํ™” ๊ตฌํ˜„์—์„œ ์ž˜ ์‚ฌ์šฉํ•˜์‹ค ์ˆ˜ ์žˆ์„๊ฑฐ๋ž€ ์ƒ๊ฐ์ด ๋“ญ๋‹ˆ๋‹ค.

Read More

Paragraph Separator(U+2029) XSS

  • 1 min read

Gareth Heyes๊ฐ€ ์žฌ๋ฏธ์žˆ๋Š” XSS ํŠธ๋ฆญ์„ ํ•˜๋‚˜ ๊ณต์œ ํ–ˆ๋Š”๋ฐ์š”. Browser๊ฐ€ ์ด๋ฅผ ์ฒ˜๋ฆฌํ•˜๋Š” ๋ฐฉ์‹์„ ์ž˜ ์ƒ๊ฐํ•ด๋ณด๋ฉด, ์—ฌ๋Ÿฌ ํ˜•ํƒœ๋กœ ์šฐํšŒํ•˜๋Š”๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์„ ๊ฒƒ ๊ฐ™๋‹จ ๋Š๋‚Œ์ด ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

๊ฐœ๋ฐœ์ž๋งŒ? ์•„๋‹ˆ ์šฐ๋ฆฌ๋„ ์Šคํฌ๋ž˜์น˜ ํŒจ๋“œ ํ•„์š”ํ•ด! Boop!

  • 1 min read

์ €๋Š” ์ข…์ข… ์žฌ๋ฏธ์žˆ๋Š” ์•ฑ์ด ์žˆ์„์ง€ ์•ฑ์Šคํ† ์–ด๋ฅผ ๋‘˜๋Ÿฌ๋ณด๊ณค ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿฌ๋˜ ์ค‘ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…์—์„œ ์“ธ๋งŒํ•  ๊ฒƒ ๊ฐ™์€ ๋„๊ตฌ๋ฅผ ์ฐพ์•„ ์ด๋ฒˆ ์—ฐํœด๋™์•ˆ ์‚ฌ์šฉํ•ด๋ณด๊ณ , ๊ดœ์ฐฎ๋‹ค๊ณ  ๋Š๊ปด์„œ ๋ธ”๋กœ๊ทธ๋ฅผ ํ†ตํ•ด ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค. ๋ฐ”๋กœ Boop ์ž…๋‹ˆ๋‹ค.

Read More

[Cullinan #26] Add XXE (XML External Entity)

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ๋กœ๊ทธ #26์ž…๋‹ˆ๋‹ค. XXE ํ•ญ๋ชฉ ์ถ”๊ฐ€ํ•˜์˜€์Šต๋‹ˆ๋‹ค. ๋ณดํ†ต ์ปฌ๋ฆฌ๋„Œ์— ์—ฌ๋Ÿฌ๊ฐœ ์ด๋ ฅ์ด ๋ˆ„์ ๋˜๋ฉด ์˜ฌ๋ฆฌ๋ ค๊ณค ํ•˜๋Š”๋ฐ, ์ด๋ฒˆ์—๋Š” ํ…€์ด ์ข€ ๊ธธ์–ด์ ธ์„œ ๋กœ๊ทธ๋กœ ์˜ฌ๋ ค๋ด…๋‹ˆ๋‹ค.

Read More

Authz0 v1.1 Released ๐ŸŽ‰

  • 1 min read

Hi security engineers and hackers! Authz0 v1.1.0 has been released ๐ŸŽ‰ First of all, I would like to thank many of you for your good feedback.

Read More

Chrome์—์„  ์ด์ œ open ์†์„ฑ์—†์ด XSS๊ฐ€ ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

  • ~1 min read

XSS ๋ฒกํ„ฐ ์ค‘ details ํƒœ๊ทธ์— ontoggle ์ด๋ฒคํŠธ ํ•ธ๋“ค๋Ÿฌ์™€ open ์†์„ฑ์„ ์ด์šฉํ•œ ๋ฐฉ๋ฒ•์ด ์žˆ์Šต๋‹ˆ๋‹ค. Chrome, Safari, Firefox, IE ๋ชจ๋‘ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•˜๊ณ  on* ๊ธฐ๋ฐ˜์˜ XSS ์ค‘ ๋น„๊ต์  ์‰ฝ๊ฒŒ ์‚ฌ์šฉ์ž interaction์„ ์ค„์ผ ์ˆ˜ ์žˆ์–ด์„œ ์ž์ฃผ ์‚ฌ์šฉ๋˜๋Š”๋ฐ์š”.

Read More

[Cullinan #25] ์•ž์œผ๋กœ์˜ ๊ณ„ํš

  • 1 min read

์ปฌ๋ฆฌ๋„Œ ๋กœ๊ทธ #25์ž…๋‹ˆ๋‹ค. ์‚ฌ์‹ค ์ด๋ฒˆ์—๋Š” ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ๋ผ๊ธฐ ๋ณด๋‹จ ์•ž์œผ๋กœ์˜ ๊ณ„ํš์„ ์ข€ ๋” ๊ณต์œ ๋“œ๋ฆด๊นŒ ํ•ด์„œ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

๋‚˜์˜ ๋ฉ”์ธ Weapon ์ด์•ผ๊ธฐ โš”๏ธ (ZAP and Proxify)

  • 2 min read

ํ•œ๊ตญ ๊ธฐ์ค€์œผ๋กœ ์ƒˆํ•ด๊นŒ์ง€ ์•ฝ 30๋ถ„์ด ๋‚จ์•˜๊ณ , ์˜ฌํ•ด์˜ ๊ธ€์€ ์ด ๊ธ€์ด ๋งˆ์ง€๋ง‰ ๊ธ€์ด ๋  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๋ถ„๋ช… 2020 ํšŒ๊ณ ํ•œ์ง€๊ฐ€ ์–ผ๋งˆ ์•ˆ๋œ ๊ฒƒ ๊ฐ™์€๋ฐ, ๋ฒŒ์จ 2021๋„ ํšŒ๊ณ ๋„ ์ด๋ฏธ ์ง€๋‚˜๋ฒ„๋ ธ๋„ค์š” ๐Ÿ˜ฑ

Read More

Log4 2.17 JDBCAppender RCE(CVE-2021-44832)

  • ~1 min read

๋˜โ€ฆ ๋˜๋‚˜์™”๋„ค์š”. ์ด์ „ ๊ธ€์—์„œ ํ•œ๋ฒˆ์— ์“ฐ๊ธฐ์— ๋„ˆ๋ฌด ๊ธด ๋‚ด์šฉ์ด๋ผ ์ถ”๊ฐ€ CVE๋Š” ํ•˜๋‚˜์”ฉ ๋ถ„๋ฆฌํ•ด๋‘˜ ์ƒ๊ฐ์ž…๋‹ˆ๋‹ค.

Read More

ZAP์˜ ์ƒˆ๋กœ์šด Import/Export Addon, ๊ทธ๋ฆฌ๊ณ  ๋ฏธ๋ž˜์— ๋Œ€ํ•œ ๋‡Œํ”ผ์…œ

  • 1 min read

์ตœ๊ทผ์— ZAP ๋‚ด ์—ฌ๋Ÿฌ๊ฐ€์ง€ Import, Save ๊ด€๋ จ ๊ธฐ๋Šฅ๋“ค์ด โ€œImport/Exportโ€๋ž€ ์ด๋ฆ„์˜ ์ƒˆ๋กœ์šด Addon์œผ๋กœ ํ†ตํ•ฉ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์‚ฌ์šฉ์ž Interface ์ƒ์—์„  ๋ณ€ํ™”๊ฐ€ ์—†์–ด์„œ ํฌ๊ฒŒ ๋‹ฌ๋ผ์ง„ ๊ฑด ์—†์ง€๋งŒ ์ด๋ฅผ ํ†ตํ•ด ์•ž์œผ๋กœ์˜ ZAP์—์„œ Import/Export ๊ธฐ๋Šฅ์— ๋Œ€ํ•œ ๋ฐฉํ–ฅ์„ฑ์„ ์—ฟ๋ณผ ์ˆ˜ ์žˆ์–ด์„œ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค ๐Ÿ˜Ž

Read More

Web Cache ์ทจ์•ฝ์ ๋“ค์„ ์Šค์บ๋‹ํ•˜์ž ๐Ÿ”ญ

  • 2 min read

Web Cache Poisoning, Web Cache Deception ๋“ฑ Web Cache ๊ด€๋ จ ์ทจ์•ฝ์ ์€ ๋‚˜๋ฆ„ ์˜ค๋ž˜๋œ ๊ธฐ๋ฒ•์ด์ง€๋งŒ ์š” ๋ช‡ ๋…„ ์‚ฌ์ด ์•Œ๋น„๋…ธ์™์Šค(@albinowax) ๋“ฑ Portswigger์˜ ์—ฐ๊ตฌ์›๋“ค์— ์˜ํ•ด ๋น ๋ฅด๊ฒŒ ๋ฐœ์ „ํ•œ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ์ด๋Ÿฌํ•œ ์ทจ์•ฝ์ ๋“ค์€ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ํ…Œ์ŠคํŒ… ๋ฐฉ๋ฒ•์„ ํ†ตํ•ด์„œ ์‹๋ณ„ํ•˜๊ณ  Exploit ํ•˜์ง€๋งŒ ์ด์ „๊นŒ์ง„ ํฌ๊ฒŒ ๊ฐ•๋ ฅํ•˜๋‹ค๊ณ  ์ƒ๊ฐํ•˜๋˜ ๋„๊ตฌ๊ฐ€ ์—†์—ˆ๋˜ ์ƒํƒœ์ž…๋‹ˆ๋‹ค. (๊ทธ๋‚˜๋งˆ burpsuite์˜ ๋‚ด์žฅ ์Šค์บ๋„ˆ๊ฐ€ ์žˆ๊ฒ ๋„ค์š”โ€ฆ)

Read More

ZAP๊ณผ Burpsuite์—์„œ feedback ์ •๋ณด๋ฅผ ์ˆ˜์ง‘ํ•˜์ง€ ๋ชปํ•˜๋„๋ก ์ œํ•œํ•˜๊ธฐ

  • 1 min read

์ตœ๊ทผ์— ZAP์˜ Core addon ์ค‘ ํ•˜๋‚˜์ธ Callhome์ด ์—…๋ฐ์ดํŠธ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ธฐ์กด์— Callhome์€ ๋‹จ์ˆœํžˆ ๋ฉ”์ธ์— News ์ •๋ณด๋ฅผ ๋ณด์—ฌ์ฃผ๊ธฐ ์œ„ํ•ด ๋งŒ๋“ค์–ด์ง„ ๊ธฐ๋Šฅ์ธ๋ฐ, ์ด๋ฒˆ์— Telemetry ๊ด€๋ จ ๋ถ€๋ถ„์ด ์ถ”๊ฐ€๋ฌ์Šต๋‹ˆ๋‹ค.

Read More

[Cullinan #24] Add ESI Injection and Update Others

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธย #24์ž…๋‹ˆ๋‹ค. ESI Injection์„ ์ถ”๊ฐ€ํ–ˆ๊ณ , SSTI์— RCE ๊ด€๋ จ ๋‚ด์šฉ ์ถ”๊ฐ€, ๊ทธ๋ฆฌ๊ณ  ๋„๊ตฌ ์—…๋ฐ์ดํŠธ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋งˆ์ง€๋ง‰์œผ๋กœ Cullinan์˜ ๋ฉ”์ธ ํŽ˜์ด์ง€ ๋””์ž์ธ์˜ ์ผ๋ถ€๋ฅผ ์ˆ˜์ •(max-width ์ œ๊ฑฐ)ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

Private OOB ํ…Œ์ŠคํŒ…์„ ์œ„ํ•œ Self Hosted Interactsh

  • 4 min read

์ด๋ฒˆ ์ฃผ๋ง์€ log4shell๋กœ ์ธํ•ด ์ •๋ง ์ธํ„ฐ๋„ท์ด ๋ถˆํƒ€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ž ์ด์ œ ๋ณด์•ˆ๋‹ด๋‹น์ž๋“ค์€ ์ด๋ฅผ ๋Œ€์‘ํ•˜๊ณ  ์ž์‚ฐ์— ๋Œ€ํ•ด ์Šค์บ๋‹์„ ์ง„ํ–‰ํ•˜๊ฒŒ ๋ ํ…๋ฐ, ์—ฌ๊ธฐ์„œ ์‹๋ณ„์— ์‚ฌ์šฉํ•˜๋Š” ๋Œ€ํ‘œ์ ์ธ ๋ฐฉ๋ฒ•์ธ OOB(Out-Of-Band)๋ฅผ ์•Œ๋ ค์ง„ ์„œ๋น„์Šค๋“ค(ZAP OAST, Burpsuite collaborator, Interactsh ๋“ฑ)์„ ์ด์šฉํ•˜์—ฌ ํŽธํ•˜๊ฒŒ ํ…Œ์ŠคํŒ…ํ•  ์ˆ˜ ์žˆ๊ฒ ์ง€๋งŒ, ์ด๋Š” ๊ฒฐ๊ตญ ์™ธ๋ถ€์— callback์ด ๋ฐœ์ƒํ•œ ์„œ๋ฒ„์˜ IP๊ฐ€ ๋‚จ๊ฒŒ๋˜๊ณ , ์ด๋ฅผ ํ†ตํ•ด์„œ ํ•ด๋‹น ์„œ๋น„์Šค๋ฅผ ์šด์˜ํ•˜๋Š” ์šด์˜ํ•˜๋Š” ํšŒ์‚ฌ ๋˜๋Š” ๊ทธ๋ฃน ๋“ฑ ์ •๋ณด๋ฅผ ์–ป์–ด๊ฐˆ ์ˆ˜ ์žˆ๋Š” ๊ตฌ๊ฐ„์ด ์กด์žฌํ•˜๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. (์ฉ ์ข‹์€ ๊ทธ๋ฆผ์€ ์•„๋‹ˆ์ฃ )

Read More

Log4shell ์ „ ์„ธ๊ณ„์˜ ์ธํ„ฐ๋„ท์ด ๋ถˆํƒ€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค ๐Ÿ”ฅ (CVE-2021-44228/CVE-2021-45046/CVE-2021-45105)

  • 4 min read

๋„ค ๋ฐ”๋กœ ์–ด์ œ(2021-12-10) Java์˜ logging package์ธ log4j2 ์—์„œ RCE 0-day ์ทจ์•ฝ์ ์ด ๊ณต๊ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. Service, Application์— ๋กœ๊ทธ๋ฅผ ์Œ“์„์ˆ˜๋งŒ ์žˆ๋‹ค๋ฉด ์–ด๋–ค ํ™˜๊ฒฝ์—์„œ๋„ ๊ณต๊ฒฉ ๊ฐ€๋Šฅ์„ฑ์ด ์กด์žฌํ•˜๊ณ , ๋ฆฌ์Šคํฌ๊ฐ€ RCE์ธ ๋งŒํผ ์ •๋ง ์ „ ์„ธ๊ณ„๊ฐ€ ๋ถˆํƒ€์˜ค๋ฅด๊ณ  ์žˆ๋„ค์š”. (ํ•˜ํ•˜ DM๋„ ํ„ฐ์ ธ๋‚˜๊ฐ‘๋‹ˆ๋‹ค. ์•ˆ๋ณผ๊ฑฐ์—์š”โ€ฆโ€ฆ)

Read More

์›น ํ•ด์ปค๋ฅผ ์œ„ํ•œ Browser Addons

  • 2 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ ๋ณด์•ˆ ํ…Œ์ŠคํŒ… ์‹œ ์›น ๋ธŒ๋ผ์šฐ์ € Addon ๋งŽ์ด ์‚ฌ์šฉํ•˜์‹œ๋‚˜์š”? ์ €๋Š” ํ•œ ๋–„ ์—„์ฒญ๋‚˜๊ฒŒ ๋งŽ์ด ์„ค์น˜ํ•ด์„œ ์‚ฌ์šฉํ–ˆ์ง€๋งŒ, ์ง€๊ธˆ์€ 5๊ฐœ ๋ฏธ๋งŒ์„ ์œ ์ง€ํ•˜๋Š” ๊ฒƒ ๊ฐ™๋„ค์š”.

Read More

ZAP RootCA๋ฅผ API์™€ Cli-Arguments๋กœ ์ œ์–ดํ•˜๊ธฐ

  • 2 min read

ZAP์— ์ƒˆ๋กœ์šด Addon์ด ์ถ”๊ฐ€๋ฌ์Šต๋‹ˆ๋‹ค. ์ด Addon์„ ์ด์šฉํ•˜๋ฉด ZAP์˜ ์ธ์ฆ์„œ, ์ฆ‰ Root CA๋ฅผ API๋‚˜ Cli๋“ฑ์œผ๋กœ ์ปจํŠธ๋กคํ•  ์ˆ˜ ์žˆ๋„๋ก ๊ธฐ๋Šฅ์ด ์ง€์›๋ฉ๋‹ˆ๋‹ค. ์ด๋ฅผ ํ™œ์šฉํ•˜๋ฉด Daemon ๋ชจ๋“œ๋กœ ๋™์ž‘ํ•˜๊ฑฐ๋‚˜ CI/CD Pipeline ๋“ฑ์—์„œ ์‚ฌ์šฉ ์‹œ ์กฐ๊ธˆ ๋” ์‰ฝ๊ฒŒ ์ธ์ฆ์„œ ์ฒ˜๋ฆฌ๋ฅผ ํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋ฉ๋‹ˆ๋‹ค.

Read More

DOM XSS? ๊ทธ๋ ‡๋‹ค๋ฉด Eval Villain

  • 2 min read

์˜ฌํ•ด ์ดˆ Burpsuite์—์„  DOM Invador๋ผ๋Š” ๋„๊ตฌ๋ฅผ ๊ณต๊ฐœํ–ˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์ œ๊ฐ€ ๊ฐ€๋ณ๊ฒŒ ๋ฆฌ๋ทฐํ•  ๋•Œ์—๋„ ์ด์•ผ๊ธฐ๋“œ๋ ธ์ง€๋งŒ DOM ๊ธฐ๋ฐ˜ ํ…Œ์ŠคํŒ…์—์„  ๊ต‰์žฅํžˆ ์œ ์šฉํ•˜๊ธฐ ๋•Œ๋ฌธ์— Burpsuite ์‚ฌ์šฉ์ž๋Š” ๋ฌผ๋ก  ZAP ๋“ฑ ๋‹ค๋ฅธ ๋„๊ตฌ ์‚ฌ์šฉ์ž๋„ ์ถฉ๋ถ„ํžˆ ๊ด€์‹ฌ๊ฐ€์ง€๊ณ  ํ…Œ์ŠคํŠธ ๋•Œ ์—ด์–ด์„œ ์จ๋ด์•ผํ•  ์ •๋„์˜ ๋„๊ตฌ์˜€์—ˆ์ฃ .

Read More

ZAP Browser์—์„œ Extension ์˜๊ตฌ ์ ์šฉํ•˜๊ธฐ

  • 1 min read

์ตœ๊ทผ ZAP์˜ Extension ์ค‘ selenium ๊ด€๋ จ ์—…๋ฐ์ดํŠธ๊ฐ€ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฌด์‹ฌํžˆ Change ๋‚ด์šฉ์„ ๋ดค๋‹ค๊ฐ€ โ€œSupport for browser extensionโ€ ๋ฌธ๊ตฌ๋ฅผ ๋ณด์ž๋งˆ์ž ๋ฐ˜๊ฐ€์šด ๋งˆ์Œ์— ๋ฐ”๋กœ ๊ธ€ ์ž‘์„ฑ์„ ์‹œ์ž‘ํ—€์ฃ  ๐Ÿ˜Ž

Read More

ZAP ์Šคํฌ๋ฆฝํŒ…์œผ๋กœ ๋น ๋ฅด๊ฒŒ Fake Response ๋งŒ๋“ค๊ธฐ

  • ~1 min read

Response ๋ณ€์กฐ๋Š” ์ธ์ฆ ์ ˆ์ฐจ๋‚˜ ๋น„์ฆˆ๋‹ˆ์Šค ๋กœ์ง์„ ์šฐํšŒํ•  ๋•Œ ์ž์ฃผ ์‚ฌ์šฉ๋˜๋Š” ๊ณต๊ฒฉ ๋ฐฉ๋ฒ• ์ค‘ ํ•˜๋‚˜์ž…๋‹ˆ๋‹ค. ๋ณดํ†ต์€ proxy๋กœ ์š”์ฒญ์„ ์žก์•„ ์ง์ ‘ response๋ฅผ ์ˆ˜์ •ํ•˜์—ฌ continue ํ•˜๋Š” ํ˜•ํƒœ๋กœ ํ…Œ์ŠคํŠธ๋ฅผ ์ง„ํ–‰ํ•ฉ๋‹ˆ๋‹ค.

Read More

Dalfox 2.6 Released ๐ŸŽ‰

  • 2 min read

Wow! Dalfox 2.6.0 has finally been released! This time, I improved the focus on Result and PoC object. and a new global flag called โ€“poc-type was added. Letโ€™s play it quickly ๐Ÿ˜Ž

Read More

[Cullinan #21] Add RFD(Remote File Download)

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธย #21์ž…๋‹ˆ๋‹ค. RFD(Remote File Download)๋ฅผ ์ถ”๊ฐ€ํ•˜๊ณ  Cache Poisoning์—์„œ wordlist ๋ถ€๋ถ„ ์ˆ˜์ •ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

[Cullinan #20] LDAP Injection, ClickJacking, Cache Poisoning ๊ทธ๋ฆฌ๊ณ  ๊ฐœ์„ ์‚ฌํ•ญ

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธย #20์ž…๋‹ˆ๋‹ค. ์˜ˆ์ „ Jekyll ๋ธ”๋กœ๊ทธ์—์„œ ์‚ฌ์šฉํ•˜๋˜ ๊ฒƒ๊ณผ ๋™์ผํ•˜๊ฒŒ Cullinan์˜ ๋ฉ”์ธ ํŽ˜์ด์ง€๋ฅผ ๊ตฌ์„ฑํ–ˆ๊ณ  Slug ๋ถ€๋ถ„์— ๊ฐœ์„ ์„ ํ•ด์„œ, ์ œ๋ชฉ์— ์•ฝ์ž ๋“ฑ ์ผ๋ถ€ ๋‚ด์šฉ๋“ค์ด ๋” ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  LDAP Injection, ClickJacking, Web Cache Poisoning ํ•ญ๋ชฉ์„ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค :D

Read More

New technic of HTTP Request Smuggling (chunked extension)

  • 2 min read

์˜ค๋žœ๋งŒ์— HRS(HTTP Request Smugglin) ๊ด€๋ จ ํ…Œํฌ๋‹‰์ด ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์•„์ง ์‹ค์ œ๋กœ ๊ณต๊ฒฉ ๊ฐ€๋Šฅํ–ˆ๋˜ ์‚ฌ๋ก€๊ฐ€ ์žˆ๋Š”๊ฑด ์•„๋‹ˆ๋ผ ์˜คํ”ผ์…œ์€ ์•„๋‹ˆ์ง€๋งŒ, ์–ด๋Š์ •๋„ ์‹ ๋น™์„ฑ์ด ์žˆ์–ด์„œ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

[Cullinan #19] Add SQLi and Cookie Bomb

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ #19์ž…๋‹ˆ๋‹ค. SQL Injection๊ณผ Cookie Bomb Attack์ด ์ถ”๊ฐ€๋ฌ๊ณ , Amass ๋ถ€๋ถ„์— ์ˆ˜์ •์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  ์ด๋ฒˆ์— chunked extension ๊ธฐ๋ฐ˜์˜ HTTP Request Smuggling ๊ด€๋ จ ๊ธ€์„ ์ž‘์„ฑํ•˜๋ฉด์„œ Cullinan - HTTP Requset Smuggling ๋ถ€๋ถ„์—๋„ ํ•ด๋‹น ๋‚ด์šฉ์„ ์ถ”๊ฐ€ํ•˜์˜€์Šต๋‹ˆ๋‹ค.

Read More

Amass + Scripting = ์ตœ๊ณ ์˜ ์„œ๋ธŒ๋„๋ฉ”์ธ ํƒ์ƒ‰

  • 4 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค Amass ๋งŽ์ด ์‚ฌ์šฉํ•˜์‹œ๋‚˜์š”? Amass๋Š” subdomain์„ ํƒ์ƒ‰ํ•˜๊ธฐ ์œ„ํ•œ ๋„๊ตฌ๋“ค ์ค‘ ํ•˜๋‚˜๋กœ ZAP๊ณผ ๋งˆ์ฐฌ๊ฐ€์ง€๋กœ OWASP์— ํ”Œ๋ž˜๊ทธ์‰ฝ ํ”„๋กœ์ ํŠธ์ž…๋‹ˆ๋‹ค. ๋˜ํ•œ ๋น„์Šทํ•œ ๋„๊ตฌ์ธ subfinder, assetfinder, findomain ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€์™€ ๋น„๊ตํ•ด๋ด๋„ ๊ฑฐ์˜ ์ตœ๊ณ ๋กœ ์†๊ผฝ์„ ์ˆ˜ ์žˆ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

Read More

403 forbidden์„ ์šฐํšŒํ•˜๋Š” 4๊ฐ€์ง€ ๋ฐฉ๋ฒ•๋“ค

  • 2 min read

๋•Œ๋•Œ๋กœ ๋ณด์•ˆ ํ…Œ์ŠคํŒ… ์‹œ WAF๋‚˜ Application์˜ ๋กœ์ง์— ๋”ฐ๋ผ 403 Forbidden ์œผ๋กœ ์ ‘๊ทผ์ด ์ œํ•œ๋˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋ณดํ†ต์€ ๋ฐฑ์—”๋“œ์˜ ์ฒ˜๋ฆฌ ๋กœ์ง์„ ๋ด์•ผ ์ •ํ™•ํ•˜๊ฒŒ ์šฐํšŒํ•  ์ˆ˜ ์žˆ๋Š” ํฌ์ธํŠธ๋ฅผ ์žก๊ฒ ์ง€๋งŒ, ๋ช‡๊ฐ€์ง€ ํŠธ๋ฆญ์„ ํ†ตํ•ด Black Box Testing ์ƒํƒœ์—์„œ๋„ ์ด๋ฅผ ์šฐํšŒํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Cullinan 18 XST and DOM Clobbering

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ #18์ž…๋‹ˆ๋‹ค. XST(Cross-Site Tracing)๊ณผ DOM Clobbering ํ•ญ๋ชฉ์„ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

์ด์ œ Interact.sh ๊ฐ€ ZAP OAST์—์„œ ์ง€์›๋ฉ๋‹ˆ๋‹ค

  • 1 min read

์ตœ๊ทผ์— ZAP OAST(Callback ๊ธฐ๋Šฅ)์— projectdiscovery์˜ Interactsh ์ง€์›์ด ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์•ฝ 2์ฃผ์ „์— commit ๋ฌ๊ณ  ์ €๋„ ์ธ์ง€ํ•œ์ง€ ์ข€ ๋ฌ์—ˆ๋Š”๋ฐ, ์ด์ œ์„œ์•ผ ๊ธ€๋กœ ์ž‘์„ฑํ•˜๋„ค์š” ๐Ÿ˜

Read More

ZAP update domains (core and addon)

  • ~1 min read

์ตœ๊ทผ์— ZAP์˜ ์—…๋ฐ์ดํŠธ ์„œ๋ฒ„ ์ฃผ์†Œ ๊ด€๋ จํ•ด์„œ ํ™•์ธํ• ๊ฒŒ ์žˆ์–ด์„œ user-groups์— ๋ฌธ์˜๋ฅผ ํ–ˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋•๋ถ„์— ์‰ฝ๊ฒŒ ์—…๋ฐ์ดํŠธ ์ฃผ์†Œ๋ฅผ ํ™•์ธ ํ–ˆ์ง€๋งŒ ๋ฉ”๋ชจํ•ด๋‘๋ฉด ์ข‹์„ ๋‚ด์šฉ๋“ค์ด ์žˆ์–ด์„œ ์ •๋ฆฌํ•ด์„œ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

[Cullinan #17] JWT ์ถ”๊ฐ€ ๋ฐ CSRF ๋‚ด Bypass Method ์ถ”๊ฐ€

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ #17์ž…๋‹ˆ๋‹ค. JWT์™€ ๊ด€๋ จ ๊ณต๊ฒฉ ๊ธฐ๋ฒ•๋“ค์— ๋Œ€ํ•œ ํ•ญ๋ชฉ ์ถ”๊ฐ€๋˜์—ˆ๊ณ , CSRF ๋‚ด bypass ๋ถ€๋ถ„์— Method bypass ๋ถ€๋ถ„ ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP 2.11 Review โšก๏ธ

  • 1 min read

์ตœ๊ทผ์— Simon, ZAP ๊ณต์‹ ํŠธ์œ„ํ„ฐ ๊ณ„์ •์—์„œ 2.11์— ๋Œ€ํ•œ ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ์ž„๋ฐ•ํ–ˆ์Œ์„ ์•Œ๋ ธ์Šต๋‹ˆ๋‹ค.

Read More

Dalfox 2.5 Released ๐Ÿš€

  • ~1 min read

There was a released minor version of Dalfox after a long time. Mainly performance improvement, it detects much better than before :D

Read More

[Cullinan #16] ZIP-Slip and HPP

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ #16์ž…๋‹ˆ๋‹ค. ZIP Slip๊ณผ HTTP Parameter Pollution์— ๋Œ€ํ•œ ๋‚ด์šฉ์„ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  HTTP2 H2C Smuggling์˜ Tools ๋ถ€๋ถ„์— ๋„๊ตฌ ์ถ”๊ฐ€๋กœ ์ˆ˜์ •์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP Script-base Authentication

  • 3 min read

์ตœ๊ทผ์— ZAP์˜ 2๊ฐ€์ง€ ๊ธฐ๋Šฅ์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐ๋ฅผ ๋“œ๋ ธ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ Authentication Spidering๊ณผ Access Control ํ…Œ์ŠคํŠธ์ธ๋ฐ์š”. ์ด 2๊ฐ€์ง€ ๊ธฐ๋Šฅ์˜ ํ•ต์‹ฌ์ ์ธ ๋ถ€๋ถ„์€ ZAP์—์„œ ์ œ๊ณตํ•˜๋Š” Authentication๊ณผ User๋ฅผ ํ™œ์šฉํ•ด์„œ ๋กœ๊ทธ์ธ/๋กœ๊ทธ์•„์›ƒ ํ”Œ๋กœ์šฐ๋ฅผ ๊ตฌํ˜„ํ•˜๋Š” ๊ฒƒ์ธ๋ฐ์š”.

Read More

ZAP์˜ fuzz-script๋ฅผ ์ด์šฉํ•ด Fuzzing ์Šคํ‚ฌ ์˜ฌ๋ฆฌ๊ธฐ

  • 3 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ Fuzzing ๋งŽ์ด ํ•˜์‹œ๋‚˜์š”? ์›นํ•ดํ‚น.. ์•„๋‹ˆ ๋Œ€๋‹ค์ˆ˜ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…์—์„œ Fuzzing์€ ๋งŽ์€ ์‹œ๊ฐ„์„ ์ฐจ์ง€ ํ•˜๊ธฐ๋„ ํ•˜๊ณ , ๋ฐ˜๋Œ€๋กœ ์‹œ๊ฐ„์„ ์ค„์—ฌ์ฃผ๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ์›น ํ…Œ์ŠคํŒ…์—์„œ ZAP์„ ์ด์šฉํ•ด Fuzzingํ•  ๋•Œ Script๋ฅผ ์ด์šฉํ•ด์„œ ์กฐ๊ธˆ ๋” ๋‚˜์€ ํ…Œ์ŠคํŒ…์„ ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

[Cullinan #14] Path Traversal and OWASP TOP 10 2021

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ #14์ž…๋‹ˆ๋‹ค. Path traversal์ด ์ถ”๊ฐ€๋˜๊ณ  CSRF์— ์ˆ˜์ •์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค(๋„๊ตฌ ์ถ”๊ฐ€).

Read More

Authentication Spidering in ZAP

  • 3 min read

์ตœ๊ทผ ZAP์˜ Auth(Authentication, Authorization) ๊ด€๋ จ ๊ธฐ๋Šฅ๊ณผ ์„ธ์…˜์— ๋Œ€ํ•œ ๋ถ€๋ถ„์„ ํŒŒํ—ค์น˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ œ๊ฐ€ ์ž˜ ๋ชจ๋ฅด๊ณ  ์‚ฌ์šฉํ•˜์ง€ ์•Š์•˜๋˜ ๊ธฐ๋Šฅ๋“ค์ธ๋ฐ, ์•Œ๊ณ ๋‚˜๋‹ˆ ์ง€๊ธˆ๊นŒ์ง€ ์•ฝ๊ฐ„ ๋‹ต๋‹ตํ•˜๊ฒŒ ์ผํ–ˆ๋˜ ์ œ๊ฐ€ ๋ถ€๋„๋Ÿฌ์›Œ์ง€๋„ค์š”.

Read More

[Cullinan #13] Add CSV Injection and CRLF Injection

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ #13์ž…๋‹ˆ๋‹ค. CSV Injection๊ณผ CRLF Injection์— ๋Œ€ํ•œ ๋‚ด์šฉ์„ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

Testing Access-Control with ZAP

  • 3 min read

์—ฌ๋Ÿฌ๋ถ„๋“ค์€ ์„ธ์…˜์— ๋Œ€ํ•œ ์ ‘๊ทผ ๊ถŒํ•œ, Authorization์— ๋Œ€ํ•œ ๋ถ€๋ถ„๋“ค์„ ์ ๊ฒ€ํ•˜์‹ค ๋•Œ ์–ด๋–ค ํ˜•ํƒœ๋กœ ํ…Œ์ŠคํŠธํ•˜์‹œ๋‚˜์š”?

Read More

[Cullinan #12] Add JSON/JSONP Hijacking

  • ~1 min read

์ปฌ๋ฆฌ๋„Œ ์—…๋ฐ์ดํŠธ ๋กœ๊ทธ #12์ž…๋‹ˆ๋‹ค. ์ด๋ฒˆ์—๋Š” JSON Hijacking, JSONP Hijacking์— ๋Œ€ํ•œ ๋‚ด์šฉ ์ถ”๊ฐ€๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ฆฌ๊ณ  XSS ๋‚ด์šฉ์ด ์—†๋˜ ๋ถ€๋ถ„์ด ์ข€ ์žˆ์—ˆ๋Š”๋ฐ, ๋‚ด์šฉ ์ถ”๊ฐ€ํ•˜์˜€์Šต๋‹ˆ๋‹ค :D

Read More

ZAP์— ๊ณง ์ถ”๊ฐ€๋  FileUpload AddOn ์‚ดํŽด๋ณด๊ธฐ

  • 1 min read

์ตœ๊ทผ์— ZAP Weekly ๋ฒ„์ „์— ์ƒˆ๋กœ์šด ๊ธฐ๋Šฅ์ด ์ถ”๊ฐ€๋ฌ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ FileUpload ๋ผ๋Š” AddOn ํ˜•ํƒœ๋กœ ์ถ”๊ฐ€๋œ ๊ธฐ๋Šฅ์ธ๋ฐ์š”, ์ด ๊ธฐ๋Šฅ์€ File upload ๊ด€๋ จ ์ทจ์•ฝ์ ์„ ์‹๋ณ„ํ•˜๊ณ  ์Šค์บ๋‹ํ•  ์ˆ˜ ์žˆ๋„๋ก ๋„์™€์ฃผ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

Read More

Macos์—์„œ LISTEN ์ค‘์ธ ํฌํŠธ์™€ ํ”„๋กœ์„ธ์Šค ์‰ฝ๊ฒŒ ํ™•์ธํ•˜๊ธฐ

  • ~1 min read

์ €๋Š” ๊ฐ„ํ˜น Macos์˜ native application์— ๋Œ€ํ•œ ๋ณด์•ˆ ํ…Œ์ŠคํŒ…์„ ์ง„ํ–‰ํ•  ๋•Œ๊ฐ€ ์žˆ๋Š”๋ฐ์š”. ์ด ๋•Œ Application์—์„œ binding, listening ํ•˜๊ณ  ์žˆ๋Š” ํฌํŠธ๋ฅผ ํ™•์ธํ•˜๊ณ  Endpoint๋ฅผ ์ฐพ์•„์•ผํ•  ๋•Œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

[Cullinan #11] Add CSRF and SSRF

  • ~1 min read

์˜ค๋žœ๋งŒ์— cullinan ์ปจํ…์ธ  ์—…๋ฐ์ดํŠธ๋ฅผ ์ง„ํ–‰ํ–ˆ์Šต๋‹ˆ๋‹ค. Draft ์ƒํƒœ์˜€๋˜ CSRF์™€ SSRF ๋‚ด์šฉ ์ถ”๊ฐ€ํ–ˆ๊ณ , ๋‹ค๋ฅธ ํ•ญ๋ชฉ(์Šค๋จธ๊ธ€๋ง ๋“ฑ)๋“ค ์ค‘ ์ผ๋ถ€ ์ปจํ…์ธ  ์ˆ˜์ •์„ ์ง„ํ–‰ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP Automation GUI

  • 1 min read

์ตœ๊ทผ์— ZAP Automation framework๊ฐ€ 0.4 ๋ฒ„์ „์œผ๋กœ ์—…๋ฐ์ดํŠธ ๋ฌ์Šต๋‹ˆ๋‹ค. ์‚ฌ์‹ค ์ œ๊ฐ€ 0.4 ๋ฒ„์ „์„ ๊ธฐ๋‹ค๋ฆฐ ๊ฒƒ์€ ์•„๋ž˜ ๋‚ด์šฉ ๋•Œ๋ฌธ์ธ๋ฐ์š”, StackHawk์—์„œ ์ŠคํŠธ๋ฆฌ๋ฐ์œผ๋กœ ์ง„ํ–‰ํ•œ Automation Framework์— ๋Œ€ํ•œ ์†Œ๊ฐœ ๋‚ด์šฉ ์ค‘ ZAP์—์„œ UI๋กœ Automation Framework๋ฅผ ์ปจํŠธ๋กคํ•˜๋Š” ์žฅ๋ฉด์ด ์žกํ˜”์—ˆ๊ณ , Simon์—๊ฒŒ ๋ฌผ์–ด๋ณด๋‹ˆ 0.4 ๋ฒ„์ „๋Œ€ ๊ธฐ๋Šฅ์ด๋ผ๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

ZAP OAST ๋ฆด๋ฆฌ์ฆˆ! ์ด์ œ ZAP์—์„œ Out-Of-Band๊ฐ€ ๋” ์‰ฌ์›Œ์ง‘๋‹ˆ๋‹ค ๐Ÿš€

  • 4 min read

์˜ค๋Š˜ ZAP OAST๊ฐ€ Alpha ๋ฒ„์ „์œผ๋กœ release ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์ง€๋‚œ๋ฒˆ์— ์ด์•ผ๊ธฐ๋“œ๋ฆฐ๋Œ€๋กœ OAST๋Š” callback ๊ณผ ๋น„์Šทํ•˜๊ฒŒ Out-Of-Band๋ฅผ ์‹๋ณ„ํ•˜๊ธฐ ์œ„ํ•œ ๋„๊ตฌ๋กœ SSRF, RCE ๋“ฑ์—์„œ ๊ต‰์žฅํžˆ ์œ ์šฉํ•˜๊ฒŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

[Faraday#2] Dispatcher๋ฅผ ์ด์šฉํ•œ Scanning CI

  • 2 min read

์ด๋ฒˆ ์ฃผ๋ง์—๋Š” ํ‹ˆํ‹ˆํžˆ Faraday ๊ด€๋ จํ•ด์„œ ๊ณ„์† ํ…Œ์ŠคํŠธํ•ด๋ณด๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ ์ค‘ faraday_agent_dispatcher ๋ผ๋Š” ๊ธฐ๋Šฅ์ด ๋ˆˆ์— ๋“ค์–ด์™”๋Š”๋ฐ์š”, ์ด ๊ธฐ๋Šฅ์€ faraday ์„œ๋ฒ„์— ์—ฌ๋Ÿฌ agent ๋ถ™์—ฌ์„œ ๋ฏธ๋ฆฌ ์ง€์ • ํ•ด๋‘” ํฌ๋งท ๊ทธ๋ฆฌ๊ณ  ์‚ฌ์šฉ์ž๊ฐ€ ์ „๋‹ฌํ•ด์ค€ ๋ฐ์ดํ„ฐ ๋”ฐ๋ผ ์Šค์บ๋‹์„ ์ง„ํ–‰ํ•˜๊ณ  ๊ฒฐ๊ณผ๋ฅผ faraday์— ๋ฐ˜์˜ํ•˜๋Š” ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค.

Read More

[Faraday#1] Penetration testing IDE!

  • 4 min read

ํ˜น์‹œ faraday๋ผ๊ณ  ๋“ค์–ด๋ณด์…จ๋‚˜์š”? pentesting ๊ด€๋ จํ•ด์„œ ์กฐ๊ธˆ ์ฐพ์•„๋ณด๋‹ค ๋ณด๋ฉด ํ•œ๋ฒˆ ์ฏค์€ ๋“ค์–ด๋ณผ ์ˆ˜ ์žˆ๋Š” framework๋กœ ์ € ๋˜ํ•œ ์˜ˆ์ „๋ถ€ํ„ฐ ๊ด€์‹ฌ์ด ์žˆ๊ธด ํ–ˆ์ง€๋งŒ, ์‹ค์ œ๋กœ ์‚ฌ์šฉํ•ด๋ณผ ์ผ์ด ์—†์–ด์„œ ๋ธ”๋กœ๊ทธ์—๋„ ์†Œ๊ฐœํ•ด๋“œ๋ฆฐ ์ ์ด ์—†์—ˆ๋„ค์š”. (๋ณดํ†ต ์ „ pentest ์‹œ msf + documents ๋„๊ตฌ๋ฉด ์ถฉ๋ถ„ํ•˜๋‹ค ๋Š๊ผˆ์–ด์„œโ€ฆ )

Read More

ZAP OAST ๋ฏธ๋ฆฌ ๊ตฌ๊ฒฝํ•˜๊ธฐ (for OOB)

  • 2 min read

ZAP developers์— ์ปจํ…์ธ  ํ•˜๋‚˜๊ฐ€ ๊ณต์œ ๋˜์—ˆ๋Š”๋ฐ์š” ๋ฐ”๋กœ OAST์— ๋Œ€ํ•œ ๋‚ด์šฉ์ด์˜€์Šต๋‹ˆ๋‹ค. OAST๋Š” ์ด๋ฒˆ์— ZAP core team(akshath)์—์„œ ์‹ ๊ทœ๋กœ ๊ฐœ๋ฐœ์ค‘์ธ AddOn์ž…๋‹ˆ๋‹ค. ๊ธฐ์กด zap callback ๊ธฐ๋Šฅ์— burp suite์˜ collaborator ์™€ ๊ฐ™์ด out-of-band๋ฅผ ์‰ฝ๊ฒŒ ํ…Œ์ŠคํŠธํ•  ์ˆ˜ ์žˆ๋„๋ก ์ง€์›ํ•ด์ฃผ๋Š” AddOn์ž…๋‹ˆ๋‹ค.

Read More

[Cullinan #9] Added history of owasp top 10

  • ~1 min read

Change Note

cullinan์— History Of OWASP TOP 10 ์ด๋ž€ ์ด๋ฆ„์˜ ํŽ˜์ด์ง€๋ฅผ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” OWASP TOP 10์˜ ๋ณ€ํ™”๋ฅผ ํ•œ๋ˆˆ์— ๋ณด๊ธฐ ์œ„ํ•ด ๋งŒ๋“  ํŽ˜์ด์ง€๋กœ ์ƒˆ๋กœ์šด ๋…„๋„์˜ ๋ฒ„์ „์ด ๋‚˜์˜ฌ ๋•Œ ๋งˆ๋‹ค ๊ฐฑ์‹ ํ•ด ๋‚˜๊ฐˆ ์˜ˆ์ •์ž…๋‹ˆ๋‹ค.

Read More

ZAP Plug-n-Hack์„ ์ด์šฉํ•œ DOM/PostMessage ๋ถ„์„

  • 2 min read

Plug-n-Hack(PnH)

Plug-n-hack, ์ฆ‰ PnH๋Š” Mozilla ๋ณด์•ˆํŒ€์ด ์ œ์•ˆํ•œ ํ‘œ์ค€์œผ๋กœ ๋ณด์•ˆ ๋„๊ตฌ์™€ ๋ธŒ๋ผ์šฐ์ €๊ฐ„์˜ ์ƒํ˜ธ ์ž‘์šฉ์„ ์‰ฝ๊ณ  ์œ ์šฉํ•˜๊ฒŒ ํ•  ์ˆ˜ ์žˆ๋„๋ก ๋งŒ๋“ค์–ด์ง„ ๋ฐฉ๋ฒ•์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค.

Read More

ZAP Scanning to Swagger Documents

  • ~1 min read

OpenAPI in ZAP

ZAP์€ ๋‹จ์ˆœํžˆ url ๋ฆฌ์ŠคํŠธ๋ฅผ import ํ•˜๋Š” ๊ธฐ๋Šฅ ์ด์™ธ์—๋„ GraphQL endpoint๋‚˜ OpenAPI๋ฅผ import ํ•˜๋Š” ๊ธฐ๋Šฅ์„ ๊ฐ€์ง€๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์—ฌ๊ธฐ์„œ OpenAPI Import๋ฅผ ํ™œ์šฉํ•˜๋ฉด ๋ณดํ†ต API Spec์— ๋งŽ์ด ์‚ฌ์šฉ๋˜๋Š” SwaggerUI์˜ doc ๋ฐ์ดํ„ฐ๋ฅผ ๊ฐ€์ง€๊ณ  Example ์ฝ”๋“œ์— ๋งž๊ฒŒ API ๋ฐ์ดํ„ฐ๋ฅผ ๋กœ๋“œํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Customize request/response panel in ZAP

  • 1 min read

์˜ค๋Š˜์€ ZAP์˜ ์†Œ์†Œํ•œ ํŒ ํ•˜๋‚˜๋ฅผ ๊ณต์œ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๋ณดํ†ต Request/Response ํƒญ์€ Layout ์ •๋„๋งŒ ๋ณ€๊ฒฝํ•˜๊ณ  ๊ธฐ๋ณธ ๊ฐ’์„ ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ๋งŽ์€๋ฐ์š” ์‚ฌ์‹ค ZAP์˜ Request/Response ํƒญ์€ ์ƒ๊ฐ๋ณด๋‹ค ๋””ํ…Œ์ผํ•˜๊ฒŒ ์„ค์ •์ด ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

Read More

DOM Invader, BurpSuite์˜ DOM-XSS Testing ๋„๊ตฌ

  • 2 min read

์•„.. PortSwigger์—์„œ ๋˜ ๋ฌผ๊ฑด ํ•˜๋‚˜ ๋งŒ๋“  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. PortSwigger์˜ BurpSuite ์Šค์บ” ์„ฑ๋Šฅ ์ค‘ ์†์— ๊ผฝ๋Š” ๋ถ€๋ถ„์ด ๋ฐ”๋กœ DOM Testing ๋ถ€๋ถ„์ž…๋‹ˆ๋‹ค. ๋ณดํ†ต์˜ ๋„๊ตฌ๋“ค์€ DOM XSS๋ฅผ ์ฐพ๊ธฐ ์œ„ํ•ด ์ •ํ•ด์ง„ ํŒจํ„ด์„ headless browser๋กœ ๋ Œ๋”๋งํ•˜์—ฌ ํ…Œ์ŠคํŠธํ•˜๊ฑฐ๋‚˜ js ์ฝ”๋“œ ๋‚ด ๊ณต๊ฒฉ์— ์ฃผ๋กœ ์‚ฌ์šฉ๋˜๋Š” ํŒจํ„ด(eval, innerHTML, document.write ๋“ฑ)์„ ๊ฐ์ง€ํ•˜๊ณ  ์‚ฌ์šฉ์ž์—๊ฒŒ ์ „๋‹ฌํ•ด์ฃผ๋Š” ํ˜•ํƒœ๋กœ ๋™์ž‘ํ•ฉ๋‹ˆ๋‹ค.

Read More

ZAP Passive Scan Tags์™€ Neonmarker ๊ทธ๋ฆฌ๊ณ  Highlighter

  • 2 min read

๋งŽ์€ ์–‘์˜ Web URL์„ ๋ถ„์„ํ•˜๊ฒŒ ๋˜๋ฉด ๋ˆˆ์— ์ž˜ ์•ˆ๋“ค์–ด์˜ค๊ณ , ์ค‘์š”ํ•œ ๋ถ€๋ถ„๋“ค์„ ๋†“์น˜๊ธฐ ๋งˆ๋ จ์ธ๋ฐ highlight ๊ด€๋ จ ๊ธฐ๋Šฅ๋“ค์€ ์กฐ๊ธˆ ๋” ์ค‘์š”ํ•œ ํฌ์ธํŠธ์— ์ง‘์ค‘์„ ํ•  ์ˆ˜ ์žˆ๋„๋ก ํฌ์ธํŠธ๋ฅผ ์žก์•„์ฃผ๊ธฐ ๋•Œ๋ฌธ์— ๊ฐœ์ธ์ ์œผ๋กœ๋Š” ์ž˜ ํ™œ์šฉํ•˜๋Š”๊ฒŒ ๋ถ„์„ํ•จ์— ์žˆ์–ด์„œ ํฐ ๋„์›€์ด ๋œ๋‹ค๊ณ  ์ƒ๊ฐํ•ฉ๋‹ˆ๋‹ค.

Read More

PDF ์•”ํ˜ธํ™”์™€ User-password ๊ทธ๋ฆฌ๊ณ  Owner-password

  • 2 min read

์ œ๊ฐ€ ์ตœ๊ทผ์— pdfcrack์„ ํ†ตํ•ด pdf ํŒŒ์ผ์— ๊ฑธ๋ฆฐ ํŒจ์Šค์›Œ๋“œ๋ฅผ ํฌ๋ž™ํ•˜๋Š” ๋‚ด์šฉ์œผ๋กœ ๊ธ€์„ ์ผ์—ˆ๋Š”๋ฐ์š”. ์ด๋Š” pdf ํŒŒ์ผ ํฌ๋ž™๋–„๋ฌธ์— ๋ฉ”๋ชจ ์ฐจ ์ž‘์„ฑํ•œ ๊ธ€์ด์˜€๊ณ , ์˜ค๋Š˜์€ pdf ํŒŒ์ผ์˜ ์•”ํ˜ธํ™” ์ž์ฒด์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋Ÿผ pdf์˜ ์•”ํ˜ธํ™”์™€ user-password, owner-password ์— ๋Œ€ํ•ด ์•Œ์•„๋ณด๋„๋ก ํ•˜์ฃ . (๊ฐ„๋‹จํ•œ ๋‚ด์šฉ์ด์—์š”)

Read More

PDF ํŒŒ์ผ Password Crack

  • 1 min read

pdf ํŒจ์Šค์›Œ๋“œ ํฌ๋ž™ํ•  ์ผ์ด ์žˆ์–ด์„œ ๋„๊ตฌ๋ž‘ ๊ฐ„๋‹จํ•˜๊ฒŒ ์‚ฌ์šฉ๋ฐฉ๋ฒ• ๋ฉ”๋ชจํ•ด ๋‘ก๋‹ˆ๋‹ค ๐Ÿ˜

Read More

ZAP Automation

  • 2 min read

์˜ฌ ์ดˆ์— ์ฒ˜์Œ ์—ด๋ฆฐ ZAPCon 2021์—์„œ ZAP Automation at Scale์ด๋ž€ ์„ธ์…˜์ด ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ ๋•Œ ๋‹น์‹œ์—๋Š” ๊ทธ๋ƒฅ ZAP Automation Addon์„ ํ†ตํ•ด ๊ธฐ์กด ์ž๋™ํ™” ์ž‘์—…์„ ์ข€ ๋” ์‰ฝ๊ฒŒ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ๋‹ค ์ •๋„๋กœ ๋ฐ›์•„๋“œ๋ ธ์—ˆ๋Š”๋ฐ, ์ตœ๊ทผ์— Scan Policy ๊ด€๋ จํ•ด์„œ ๋น„์Šทํ•œ ๊ณ ๋ฏผ์„ ํ•˜๋‹ค๋ณด๋‹ˆ ZAP Automation์˜ ์žฅ์ ์ด ๋ˆˆ์— ๋ณด์˜€์Šต๋‹ˆ๋‹ค.

Read More

ZAP Token Generation and Analysis ์‚ดํŽด๋ณด๊ธฐ

  • 1 min read

ZAP์—๋Š” Token Generation and Analysis๋ž€ Addon์ด ์žˆ์Šต๋‹ˆ๋‹ค. ์‚ฌ์‹ค ์ด๋ฆ„๋งŒ ๋ณด๊ณ  ์˜ˆ์ „๋ถ€ํ„ฐ ์„ค์น˜๋Š” ํ•ด๋‘์—ˆ๋Š”๋ฐ ํ•œ๋ฒˆ๋„ ์‚ฌ์šฉํ•˜์ง€ ์•Š์•˜๋˜ ๊ฒƒ ๊ฐ™๋„ค์š”.. ๊ทธ๋ž˜์„œ ์˜ค๋Š˜ ํ•œ๋ฒˆ ์‚ฌ์šฉํ•ด๋ณด๊ณ  ์ •ํ™•ํžˆ ์–ด๋–ค ๋„๊ตฌ์ธ์ง€, ์–ด๋–ค ์šฉ๋„๋กœ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์„์ง€ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Bypass host validation with Parameter Pollution

  • 1 min read

์˜ค๋Š˜์€ host validation ๋กœ์ง ์šฐํšŒ ๋•Œ ์‚ฌ์šฉํ–ˆ๋˜ ๊ฐ„๋‹จํ•œ ํŒ ํ•˜๋‚˜ ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค. ๋ญ ๋ˆ„๊ตฌ๋‚˜ ์•„๋Š” ๋‚ด์šฉ์ด๋ผ ๋ณ„๊ฑฐ ์—†๊ธด ํ•˜์ง€๋งŒ, ๊ธฐ๋ก์œผ๋กœ ๋‚จ๊ฒจ๋‘์–ด์•ผ ๋‚˜์ค‘์— ํ•œ๋ฒˆ์— ๊ด€๋ จ ๋‚ด์šฉ๋“ค์„ ์ •๋ฆฌํ•  ๋•Œ ์‰ฝ๊ฒŒ ์ฐพ๊ณ  ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์–ด์„œ ๋ธ”๋กœ๊ทธ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

Options rule configuration in ZAP

  • 1 min read

ZAP์—์„œ ์˜ต์…˜์ชฝ ์ข€ ๋ณด๋‹ค๊ฐ€ Rule configuration ์ด๋ž€ ๋ถ€๋ถ„์ด ์žˆ๋Š”๋ฐ, ์ œ๊ฐ€ ์•„๋Š” ์ผ๋ฐ˜์ ์ธ ์Šค์บ” ๋ฃฐ ์„ค์ •์ด๋ผ๋Š” ๋‹ฌ๋ผ์„œ ๊ธด๊ฐ€๋ฏผ๊ฐ€ํ•œ ๋ถ€๋ถ„์ด ์žˆ์–ด ๋‚ด์šฉ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

CSS Injection Bypassing Trick (with dashdash and var)

  • 1 min read

CSS(Style) Injection

CSS Injection์€ XSS๋‚˜ HTML Injection๊ณผ ๊ฐ™์ด ์›น ์ƒ์—์„œ CSS, ์ฆ‰ ์Šคํƒ€์ผ ์‹œํŠธ์— Injetion์ด ๊ฐ€๋Šฅํ•œ ๊ฒฝ์šฐ๋ฅผ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ๋ณดํ†ต ์‚ฌ์šฉ์ž์—๊ฒŒ ์ง์ ‘์ ์ธ ์˜ํ–ฅ๋ ฅ์ด ์žˆ๋Š”๊ฑด ์•„๋‹ˆ์ง€๋งŒ, ์Šคํƒ€์ผ ์‹œํŠธ ์ œ์–ด๋ฅผ ํ†ตํ•ด์„œ ๋งคํ•‘๋œ ์ด๋ฒคํŠธ ํ•ธ๋“œ๋Ÿฌ๋ฅผ ํ†ตํ•ด XSS๋‚˜ ๋‹ค๋ฅธ ๊ธฐ๋Šฅ์„ ์ˆ˜ํ–‰์‹œํ‚ค๊ฑฐ๋‚˜ ๊ต๋ชจํ•œ ํ”ผ์‹ฑ ํŽ˜์ด์ง€๋ฅผ ๊ตฌ์„ฑํ•˜๋Š”๋ฐ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

The reverse tabnabbing has weakened more

  • 1 min read

Reverse tabnabbing์€ ๋ฆฌ์Šคํฌ๊ฐ€ ๋†’์€ ๊ณต๊ฒฉ์€ ์•„๋‹ˆ์ง€๋งŒ ํ”ผ์‹ฑ์—์„œ ์ถฉ๋ถ„ํžˆ ์‚ฌ์šฉ๋  ์ˆ˜ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ๋ณด์•ˆ์„ ์กฐ๊ธˆ ๋” ์‹ ๊ฒฝ์“ด๋‹ค๋ฉด ๋ถ„๋ช…์ด ์ฒดํฌํ•˜๊ณ  ๊ฐ€์•ผํ•  ๋ถ€๋ถ„์ž…๋‹ˆ๋‹ค. ํ•ด๋‹น ๊ณต๊ฒฉ์— ๋Œ€ํ•œ ์„ค๋ช…์€ ์•„๋ž˜ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ•ด์ฃผ์„ธ์š”.

Read More

Import remote JS in IMG tag. for bypass XSS

  • 1 min read

๋ฐค์— ํŠธ์œ—์„ ๋ณด๋‹ค๊ฐ€ ๊ฐ„๋‹จํ•œ XSS ํŠธ๋ฆญ์„ ๋ดค๋Š”๋ฐ ํŠน๋ณ„ํžˆ ๋ญ”๊ฐ€๊ฐ€ ์žˆ๋Š”๊ฑด ์•„๋‹ˆ์ง€๋งŒ ๊ฐ€๋”์”ฉ CSP ์šฐํšŒ์—๋„ ์‚ฌ์šฉ๋  ์ˆ˜ ์žˆ์„ ๊ฒƒ ๊ฐ™์•„ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

Secure JWT and Slinding Sessions

  • 3 min read

Sessions ์ด๋ž€?

Sessions์€ ์ปดํ“จํŒ…์—์„œ ๋น„์Šทํ•˜์ง€๋งŒ ์—ฌ๋Ÿฌ ์˜๋ฏธ๋กœ ์‚ฌ์šฉ๋˜๋Š” ์šฉ์–ด์ž…๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ ์ƒํƒœ๋ฅผ ์˜๋ฏธํ•œ๋‹ค๊ณ  ๋ณด๋ฉด ๋  ๊ฒƒ ๊ฐ™๊ณ , ์›น์—์„œ๋Š” HTTP๊ฐ€ ๋น„ ์—ฐ๊ฒฐํ˜• ํ”„๋กœํ† ์ฝœ์ด๊ธฐ ๋•Œ๋ฌธ์— ์„œ๋ฒ„๊ฐ€ ๊ธฐ์กด์— ์ ‘์†ํ–ˆ๋˜ ํด๋ผ์ด์–ธํŠธ์ธ์ง€ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋Š” ์ˆ˜๋‹จ์œผ๋กœ ์‚ฌ์šฉ๋ฉ๋‹ˆ๋‹ค. (ํŒŒ์ผ ์ฟ ํ‚ค๋ž‘ ๋น„์Šทํ•˜์ฃ . ๋‹ค๋งŒ ์ฒ˜๋ฆฌ์—์„  ์•ฝ๊ฐ„ ๋‹ค๋ฅด๊ธดํ•ฉ๋‹ˆ๋‹ค.)

Read More

OOB Testing with interactsh!

  • 2 min read

OOB(Out-Of-Band)์™€ Callback ์„œ๋ฒ„

SSRF, RCE ๋“ฑ์—์„œ ๊ณต๊ฒฉ ํŽ˜์ด๋กœ๋“œ์˜ ์„ฑ๊ณต ์—ฌ๋ถ€๋ฅผ ์–ด๋– ํ•œ ๋ฐฉ์‹์œผ๋กœ ์ฒดํฌํ•˜์‹œ๋‚˜์š”? ๋ณดํ†ต์€ ์›๊ฒฉ์ง€์˜ ์„œ๋ฒ„๋ฅผ ๋‘๊ณ  HTTP๋‚˜ DNS ์š”์ฒญ์ด ๋ฐœ์ƒํ•˜๋Š”๊ฑธ ๊ฐ์ง€ํ•ด์„œ ์ฒดํฌํ•˜๊ณค ํ•ฉ๋‹ˆ๋‹ค. BurpSuite์—” ์ด๋Ÿฌํ•œ ์ž‘์—…์„ ์œ„ํ•ด collaborator๋ผ๋Š” ์•„์ฃผ ์œ ์šฉํ•œ ๋„๊ตฌ(์‚ฌ์šฉ์ž๋ณ„๋กœ ๋ณ„๋„์˜ ๋„๋ฉ”์ธ๊ณผ callback-notify๋ฅผ ์ œ๊ณต)๊ฐ€ ์žˆ๊ณ  ์ด๋ฅผ ๊ธฐ๋ฐ˜์œผ๋กœํ•œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ํ™•์žฅ๊ธฐ๋Šฅ(taborator, activescan, collaborator everywhere)์ด ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Get webpage screenshot with gowitness for CICD

  • ~1 min read

What is gowitness

gowitness๋Š” ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ์ปค๋ฎค๋‹ˆํ‹ฐ์—์„œ ์ž˜ ์•Œ๋ ค์ง„ ๋„๊ตฌ๋กœ ๋Œ€๋Ÿ‰์˜ URL์„ ๋Œ€์ƒ์œผ๋กœ ์›น ์Šคํฌ๋ฆฐ์ƒท์„ ๋น ๋ฅด๊ฒŒ ์ฐ์„ ์ˆ˜ ์žˆ๋Š” ๋„๊ตฌ์ž…๋‹ˆ๋‹ค.

Read More

RCE with exposed k8s api

  • 1 min read

ํœด๊ฐ€์ค‘์ด๋ผ ํ”ผ๋“œ๋‚˜ ํŠธ์œ—๋“ฑ์„ ์ž์ฃผ ๋ณด์ง„ ๋ชปํ•˜์ง€๋งŒ k8s RCE ๊ด€๋ จํ•˜์—ฌ ๊ธ€์ด ์žˆ์–ด์„œ ๊ฐ€๋ณ๊ฒŒ ์‚ดํŽด๋ณด๊ณ  ํฌ์ŠคํŒ…ํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

[Cullinan #6] Add reverse tabnabbing

  • ~1 min read

Reverse Tabnabbing ๊ด€๋ จํ•ด์„œ ๊ธฐ์กด์—๋Š” phoenix์— ํ…Œ์ŠคํŠธ์šฉ ํŽ˜์ด์ง€๋งŒ ๋งŒ๋“ค์–ด๋‘๊ณ  ์ผ์—ˆ๋Š”๋ฐ ๋‚ด์šฉ ์ •๋ฆฌ์ข€ ํ• ๊ฒธ cullinan์— ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

OpenData for bug-bounty

  • ~1 min read

์ตœ๊ทผ์— ๊ฐœ์ธ resources ํŽ˜์ด์ง€๋ฅผ ๋ฆฌ๋‰ด์–ผ ํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ธฐ์กด์—๋Š” ๊ทธ๋ƒฅ ์ž์ฃผ ์‚ฌ์šฉํ•˜๋Š” ์˜จ๋ผ์ธ ๋„๊ตฌ๋“ค์˜ ๋งํฌ ์ •๋„๋งŒ ์žˆ์—ˆ๋Š”๋ฐ, ํ…Œ์ŠคํŒ… / ์›Œ๋“œ๋ฆฌ์ŠคํŠธ / ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ๋„๋ฉ”์ธ ๋“ฑ ๊ด€๋ จํ•ด์„œ ์ฃผ๊ธฐ์ ์œผ๋กœ ํŒŒ์ผ์„ ์ƒ์„ฑํ•˜์—ฌ ๊ณต๊ฐœํ•˜๋ ค๊ณ (์–ด์ฐจํ”ผ ๊ฑฐ์˜ ์ €๋งŒ ์“ฐ๊ธด ํ•˜๊ฒ ์ง€๋งŒ..) ๊ฐ„๋‹จํ•˜๊ฒŒ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP context based scanning

  • 1 min read

ZAP์—์„œ์˜ quickscan์ด๋‚˜ spider, active scan ๋“ฑ์„ ๊ธฐ๋ณธ์ ์œผ๋กœ ๋‹ค์ค‘ URL์„ ์ง€์›ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ์˜ˆ์ „์— ์•„๋ž˜ ํฌ์ŠคํŠธ์™€ ๊ฐ™์€ ๋ฐฉ๋ฒ•์œผ๋กœ API๋ฅผ ์ด์šฉํ•œ ๋ฐฉ๋ฒ•, ๊ทธ๋ฆฌ๊ณ  ๋ณ„๋„์˜ ๋„๊ตฌ๋ฅผ ๋งŒ๋“ค์–ด์„œ ์Šค์บ”ํ•˜๋Š” ๋ฐฉ๋ฒ•์„ ์‚ฌ์šฉํ•˜๊ณค ํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

well-known ๋””๋ ‰ํ† ๋ฆฌ์™€ securty.txt ๊ทธ๋ฆฌ๊ณ  humans.txt

  • 1 min read

๊ฐ„ํ˜น ์›น ํŽ˜์ด์ง€๋ฅผ ๋“ค์—ฌ๋‹ค๋ณด๋ฉด .well-known ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ๋งŒ๋‚˜๊ฒŒ๋ฉ๋‹ˆ๋‹ค. ์ œ ์‚ฌ์ดํŠธ๋„ ์˜ฌ 1์›”์— security.txt๋ฅผ ์ถ”๊ฐ€ํ–ˆ์—ˆ๋Š”๋ฐ, ๊ทธ ๋• ๋‹จ์ˆœํžˆ ๋ณด์•ˆ ์ทจ์•ฝ์ ์ด๋‚˜ ์ด์Šˆ์— ๋Œ€ํ•œ ์ œ๋ณด๋ฅผ ์œ„ํ•ด์„œ ๋งŒ๋“ค์—ˆ์—ˆ์Šต๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ ์ด .well-known ๋””๋ ‰ํ† ๋ฆฌ์˜ ์˜๋ฏธ์™€ ์–ด๋–ป๊ฒŒ ์‚ฌ์šฉ๋˜๋Š”์ง€ ์กฐ๊ธˆ๋” ์‚ดํŽด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

How to set ZAP active scan input vector in daemon mode

  • 1 min read

What is ZAP Active Scan Input Vector?

Active Scan Input Vector๋Š” ZAP์—์„œ Active Scan ์‹œ Injection ์˜์—ญ์„ ์˜๋ฏธํ•ฉ๋‹ˆ๋‹ค. ๋ฌผ๋ก  ํŠน์ • Injection ์ทจ์•ฝ์ ์„ ์˜๋ฏธํ•˜๋Š” ๊ฑด ์•„๋‹ˆ๊ณ  ์ ๊ฒ€ํ•  ๋ถ€๋ถ„์ด๋ผ๊ณ  ๋ณด์‹œ๋Š”๊ฒŒ ๋” ์ ํ•ฉํ•ฉ๋‹ˆ๋‹ค. ZAP์˜ ๊ธฐ๋ณธ๊ฐ’์€ URL + POST๋กœ ๊ธฐ๋ณธ์ ์œผ๋กœ URI/Param ๋“ฑ์— ๋Œ€ํ•ด์„œ ํ…Œ์ŠคํŠธ๋ฅผ ์ง„ํ–‰ํ•˜์ง€๋งŒ ์ฟ ํ‚ค๋‚˜ ํ—ค๋”๋“ฑ์—๋Š” ํ…Œ์ŠคํŠธ๋ฅผ ์ง„ํ–‰ํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค. (์‹œ๊ฐ„์ด ์˜ค๋ž˜๊ฑธ๋ ค์„œ, ์ด๋Š” ZAP์ด CICD์— ๋งŽ์ด ๋“ค์–ด๊ฐ€๊ธฐ ๋•Œ๋ฌธ)

Read More

Make and change default scan policy in ZAP cli interface

  • 1 min read

ZAP Scan Policy

ZAP์€ Passive/Active Scan์— ๋Œ€ํ•œ ์ •์ฑ…์„ ์ปค์Šคํ…€ํ•˜๊ฒŒ ๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ๋„๋ก ์ œ๊ณตํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” ๋‹จ์ˆœํžˆ ํ•ด๋‹น ์Šค์บ” ๋ชจ๋“ˆ์˜ ์‚ฌ์šฉ ์—ฌ๋ถ€ ๋ฟ๋งŒ ์•„๋‹ˆ๋ผ Risk level๋„ ์กฐ์ •ํ•  ์ˆ˜ ์žˆ์–ด ์Šค์บ๋„ˆ๋กœ ํ™œ์šฉํ•˜๊ธฐ์—๋„ ์ข‹์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ์ธ์ง€ DevSecOps๋ฅผ ๊ตฌ์ถ•ํ•  ๋•Œ ZAP์€ ์ž์ฃผ ๊ฑฐ๋ก ๋˜๋Š” DAST ์Šค์บ๋„ˆ์ด๊ธฐ๋„ ํ•˜์ฃ .

Read More

ZAP Forced browse ์™€ Fuzz์—์„œ Sync wordlist ์‚ฌ์šฉํ•˜๊ธฐ

  • 3 min read

Forced Browse๋Š” ๋”•์…”๋„ˆ๋ฆฌ ๊ธฐ๋ฐ˜ ๋˜๋Š” ๋‹จ์ˆœ ๋ธŒ๋ฃจํŠธํฌ์Šค๋ฆ ํ†ตํ•ด์„œ ์„œ๋น„์Šค์—์„œ ๊ฒฝ๋กœ์™€ ํŽ˜์ด์ง€๋ฅผ ์‹๋ณ„ํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ์•„์ฃผ ์ „ํ†ต์ ์ด์ง€๋งŒ Recon ์ธก๋ฉด์—์„  ์•„์ง๋„ ๊ต‰์žฅํžˆ ์ค‘์š”ํ•œ ๋ถ€๋ถ„์ด๊ธฐ๋„ ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ์ด๋Ÿฌํ•œ ์ž‘์—…๋“ค์„ ์œ„ํ•ด์„œ ๊ธฐ์กด์˜ dirsearch, dirbuster ๋“ฑ์˜ ๋„๊ตฌ๋ถ€ํ„ฐ ์ตœ๊ทผ feroxbuster, gobuster ๋“ฑ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ๊ธฐ๋Šฅ๊ณผ ๊ฐœ์„ ์„ ์ ์šฉํ•œ ์ƒˆ๋กœ์šด ๋„๊ตฌ๋“ค๋„ ๋Š์ž„์—†์ด ๋‚˜์˜ค๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Openssl๋งŒ ์‚ฌ์šฉํ•˜์—ฌ ์›น ์‚ฌ์ดํŠธ์—์„œ ์ง€์›ํ•˜๋Š” SSL cipher suite ํŒŒ์•…ํ•˜๊ธฐ

  • 2 min read

๋ณดํ†ต ์›น ์‚ฌ์ดํŠธ์˜ SSL์— ๋Œ€ํ•œ ๋ณด์•ˆ์ ์ธ ์ฒดํฌ๋Š” ์ž˜ ๋‚˜์™€์žˆ๋Š” ์—ฌ๋Ÿฌ ๋„๊ตฌ๋“ค์ด ์žˆ์–ด์„œ ์‰ฝ๊ฒŒ ํ…Œ์ŠคํŠธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Zest์™€ ZAP์„ ์ด์šฉํ•œ Semi-Automated Security Testing

  • 3 min read

What is Zest script

Zest script๋Š” ZAP์—์„œ ์ œ๊ณตํ•˜๋Š” ์Šคํฌ๋ฆฝํŒ… ์–ธ์–ด๋กœ ZAP ๋‚ด๋ถ€์—์„œ์˜ ์š”์ฒญ๊ณผ ์ฒ˜๋ฆฌ ๋“ฑ ๋งŽ์€ ๊ธฐ๋Šฅ์„ JSON ๊ธฐ๋ฐ˜์˜ ์Šคํฌ๋ฆฝํŠธํ™” ํ•˜๊ณ  ์‚ฌ์šฉ/๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ๋Š” ์–ธ์–ด์ž…๋‹ˆ๋‹ค. BurpSuite ๋“ฑ ๋‹ค๋ฅธ ๋ฉ”๋‰ด์–ผ ํ…Œ์ŠคํŒ… ๋„๊ตฌ์—์„œ๋Š” ์—†๋Š” ZAP๋งŒ์˜ ๊ฐ•์ ์ธ ๊ธฐ๋Šฅ์ด์ฃ .

Read More

How to share other device settings in Axiom

  • 1 min read

์ œ Axiom ์„ธํŒ…์€ ์ฃผ๋กœ ์‚ฌ์šฉํ•˜๋Š” ๋งฅ๋ถ์— ๋˜์–ด์žˆ์Šต๋‹ˆ๋‹ค. ์ตœ๊ทผ์— ์ง‘์— ์žˆ๋Š” ์„œ๋ฒ„์—๋„ ๋™์ผํ•˜๊ฒŒ ์„ธํŒ…ํ•˜๊ธฐ ์œ„ํ•ด์„œ axiom-install์„ ์ง„ํ–‰ํ–ˆ๋Š”๋ฐ์š”, instance ์ •๋ณด๋ฅผ ์ƒˆ๋กœ ๋งŒ๋“œ๋Š” ์ž‘์—…์ด ์ง„ํ–‰๋˜์—ˆ์Šต๋‹ˆ๋‹ค. (์ด๋ฏธ ๋‚œ ์žˆ๋Š”๋ฐ?)

Read More

Autochrome - ๋น ๋ฅด๊ฒŒ ๋ณด์•ˆ ํ…Œ์ŠคํŠธ์šฉ ์›น ๋ธŒ๋ผ์šฐ์ € ํ™˜๊ฒฝ์„ ๊ตฌ์„ฑํ•˜์ž!

  • 1 min read

ํŠธ์œ— ๋ณด๋˜ ์ค‘ ์ฒ˜์Œ๋ณด๋Š” ๋„๊ตฌ๊ฐ€ ์žˆ์–ด์„œ ํ…Œ์ŠคํŠธํ•ด๋ดค๊ณ , ์“ธ๋งŒํ•œ ๊ฒƒ ๊ฐ™์•„ ๊ธ€๋กœ ๊ณต์œ ํ•ฉ๋‹ˆ๋‹ค. ์˜ค๋Š˜ ์†Œ๊ฐœํ•ด๋“œ๋ฆด ๋„๊ตฌ๋Š” ๋น ๋ฅด๊ฒŒ ํ…Œ์ŠคํŒ…์šฉ ๋ธŒ๋ผ์šฐ์ €๋ฅผ ๊ตฌ์„ฑํ•  ์ˆ˜ ์žˆ๋Š” autochrome์ž…๋‹ˆ๋‹ค.

Read More

[Cullinan #2] Added change log

  • ~1 min read

Cullinan์—์„œ change log๋ฅผ ์ถ”๊ฐ€ํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ฐ„๋‹จํ•œ ๋ฐฉ์‹์œผ๋กœ ๊ตฌํ˜„ํ–ˆ๊ณ , ์ด๋ ฅ ๊ด€๋ฆฌ์ฐจ ๊ธ€๋กœ ๋‚จ๊ฒจ๋‘ก๋‹ˆ๋‹ค.

Read More

How to applying IntelliJ theme in ZAP

  • 1 min read

์–ด์ œ BurpSuite์˜ Customizer์— ๋Œ€ํ•œ ๊ธ€์„ ์ผ์—ˆ์Šต๋‹ˆ๋‹ค. BurpSuite์—์„œ FlatLaf์˜ IntelliJ Theme๋ฅผ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ์ง€์›ํ•ด์ฃผ๋Š” ํ™•์žฅ ๊ธฐ๋Šฅ์ด์˜€๊ณ , ๊ธ€ ๋ง๋ฏธ์™€ ๋Œ“๊ธ€์—๋„ ์ž‘์„ฑํ–ˆ๋“ฏ์ด ZAP ๋˜ํ•œ 2.10 ๋ฒ„์ „๋ถ€ํ„ฐ FlatLaf๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๊ธฐ ๋•Œ๋ฌธ์— ๊ตฌํ˜„์ด ๊ฐ€๋Šฅํ• ๊ฑฐ๋ž€ ์ƒ๊ฐ์ด ๋“ค์—ˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Burp Customizer! Change your burpsuite theme

  • 2 min read

There has been a significant change in UI since version 2020.12 of Burp site. (Personally, Iโ€™m unsure) The most important part is the change of LAF(Look and Feel)โ€™s class to PlateLaf. This class can also support other themes developed for IntelliJ Platform, enabling it to apply different themes to the BuffSuite.

Read More

[Cullinan #1] ์ปฌ๋ฆฌ๋„Œ ํ”„๋กœ์ ํŠธ ์†Œ๊ฐœ

  • 1 min read

์ œ๊ฐ€ ๋ธ”๋กœ๊ทธ๋ฅผ ์šด์˜ํ•˜๋Š” ๊ฐ€์žฅ ํฐ ์ด์œ  ์ค‘ ํ•˜๋‚˜๋Š” ๊ฐœ์ธ์ ์ธ ์ •๋ฆฌ๊ฐ€ ๋ชฉ์ ์ž…๋‹ˆ๋‹ค. ๋ฌผ๋ก  ๋…ธ์…˜์ด๋‚˜ ๋‹ค๋ฅธ ๋„๊ตฌ๋“ค๋กœ ๋”ฐ๋กœ ์ •๋ฆฌํ•˜์ง€๋งŒ, ๊ธฐ์ˆ ์— ๊ด€๋ จ๋œ ๋‚ด์šฉ๋“ค์€ ์•„๋ฌด๋ž˜๋„ ๋ธ”๋กœ๊น…์„ ํ†ตํ•ด ์ •๋ฆฌํ•˜๋Š”๊ฒŒ ์ต์ˆ™ํ•˜๋‹ค ๋ณด๋‹ˆ ๊ธด ์‹œ๊ฐ„๋™์•ˆ ๊ณ„์† ์ด๋ ‡๊ฒŒ ์ž‘์„ฑํ•˜๊ฒŒ ๋˜๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

Hack the browser extension ๐Ÿš€ (์›น ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ ์ทจ์•ฝ์  ์ ๊ฒ€ํ•˜๊ธฐ)

  • 5 min read

์ƒˆํ•ด ์ฒซ๊ธ€์ž…๋‹ˆ๋‹ค. ์‚ฌ์‹ค 12์›” ๋งˆ์ง€๋ง‰ ๊ธ€๋กœ ์ž‘์„ฑํ•˜๋ ค๊ณ  ํ–ˆ๋Š”๋ฐ, ๋งˆ๋ฌด๋ฆฌ๋ฅผ ๋ชปํ•ด์„œ ์ƒˆํ•ด ์ฒซ๊ธ€์ด ๋˜์–ด๋ฒ„๋ ธ๋„ค์š”. ์ตœ๊ทผ์— ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ด€๋ จํ•ด์„œ ๊ธฐ์กด์— ์•Œ๋˜ ๊ฒƒ ๋ณด๋‹ค ์กฐ๊ธˆ ๋” ๋ฆฌ์„œ์น˜ํ•  ์ผ์ด ์žˆ์—ˆ๋Š”๋ฐ, ๊ฒธ์‚ฌ๊ฒธ์‚ฌ ์ •๋ฆฌํ• ๊ฒธ ๋ถ„์„ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ๊ธ€๋กœ ์ •๋ฆฌํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

ToCToU๋ฅผ ์ด์šฉํ•œ ๊ฒ€์ฆ ๋กœ์ง ์šฐํšŒํ•˜๊ธฐ(SSRF/OOB/XXE/ETC)

  • 1 min read

โš ๏ธ SSRF์— ๊ด€๋ จ๋œ ๋‚ด์šฉ์€ Cullinan > SSRF์—์„œ ๊ด€๋ฆฌํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ToCToU๋ฅผ ํฌํ•จํ•˜์—ฌ ์ตœ์‹  ๋ฐ์ดํ„ฐ๋กœ ์œ ์ง€๋˜๊ณ  ์žˆ์œผ๋‹ˆ ์ฐธ๊ณ  ๋ถ€ํƒ๋“œ๋ ค์š”!

Read More

Security considerations for browser extensions

  • 5 min read

๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ์˜ ๋ณด์•ˆ ๊ด€๋ จํ•˜์—ฌ ํ…Œ์ŠคํŠธํ• ๊ฒŒ ํ•„์š”ํ•˜์—ฌ ์ œ๊ฐ€ ์•Œ๋˜ ๋‚ด์šฉ์— ์กฐ๊ธˆ ๋” ๋ฆฌ์„œ์น˜ํ•˜์—ฌ ๊ธ€๋กœ ์ž‘์„ฑํ•ด ๋ด…๋‹ˆ๋‹ค. ์šฐ์„  ๋ธŒ๋ผ์šฐ์ € ํ™•์žฅ ๊ธฐ๋Šฅ์€ ์›น ๋ธŒ๋ผ์šฐ์ €์— ์ถ”๊ฐ€๋˜๋Š” ์ž‘์€ ๋‹จ์œ„์˜ ์•ฑ์œผ๋กœ Chrome / Safari / Firefox ๋“ฑ๋“ฑ ๋‹ค์ˆ˜ ๋ธŒ๋ผ์šฐ์ €์—์„œ ์›น ๋ธŒ๋ผ์šฐ์ง•, ๊ด‘๊ณ ์ฐจ๋‹จ, ๊ฐ์ข… ํ…Œ์ŠคํŠธ ๊ธฐ๋Šฅ ๋“ฑ ์—ฌ๋Ÿฌ ์‚ฌ์šฉ์ž๋“ค์—๊ฒŒ ์„œ๋น„์Šค๋˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” ์•ฑ ์ƒํƒœ๊ณ„์™€ ๋™์ผํ•˜๊ฒŒ ๊ฐœ์ธ/๊ธฐ์—… ๋“ฑ๋“ฑ์˜ ๊ฐœ๋ฐœ์ž๊ฐ€ ๊ทœ๊ฒฉ์— ๋”ฐ๋ผ ๋งŒ๋“ค๊ณ  ์Šคํ† ์–ด์— ์—…๋กœ๋“œ ํ›„ ์Šน์ธ ์ ˆ์ฐจ๋ฅผ ํ†ตํ•ด ๋“ฑ๋ก๋˜๋Š” ๊ฒƒ์œผ๋กœ ์•Œ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP 2.10 Review โšก๏ธ

  • 3 min read

2020 ๋งˆ์ง€๋ง‰์ด ์–ผ๋งˆ ๋‚จ์ง€ ์•Š์€ ์˜ค๋Š˜ ๋“œ๋””์–ด ZAP 2.10.0์ด ๋ฆด๋ฆฌ์ฆˆ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋™์•ˆ dark mode ๋“ฑ์„ ์ด์œ ๋กœ weekly ๋ฒ„์ „์„ ์‚ฌ์šฉํ–ˆ์—ˆ๋Š”๋ฐ, ์ด์ œ๋Š” ๊ณต์‹ ๋ฒ„์ „์œผ๋กœ ๋„˜์–ด๊ฐ€๋„ ์ข‹์„ ๊ฒƒ ๊ฐ™๋„ค์š”.

Read More

Why I Use ZAP

  • 5 min read

๐Ÿ—ก Army-Knife for AppSec

Application Security ๋˜๋Š” Pentest, Bugbounty ๋“ฑ ์ „๋ฐ˜์ ์ธ Offensive security ๊ด€๋ จ ์ผ์—์„œ ๊ฐ€์žฅ ํ•ต์‹ฌ์ ์ธ ๋„๊ตฌ๋Š” Burp/ZAP ๊ณผ ๊ฐ™์€ Proxy ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. ์ดˆ๊ธฐ์—๋Š” Proxy ๋„๊ตฌ๋ผ๋Š” ์„ฑํ–ฅ์ด ๊ฐ•ํ–ˆ์ง€๋งŒ, ์ด์ œ๋Š” Proxy ๋„๊ตฌ๋ผ๊ธฐ ๋ณด๋‹จ Army-Knife ๋ผ๊ณ  ๋ณด๋Š”๊ฒŒ ๋” ์ ํ•ฉํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

Setup a Pentest environment with Axiom

  • 3 min read

What is Axiom

Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud enviornments, build and deploy repeatable infrastructure focussed on offensive and defensive security.

Read More

Docker scratch image from a Security perspective

  • 2 min read

์ตœ๊ทผ ๋„์ปค ๊ด€๋ จํ•ด์„œ ํ…Œ์ŠคํŠธํ•˜๋˜ ์ค‘ Scratch ๋ผ๋Š” ์ด๋ฏธ์ง€๋ฅผ ๋ณด๊ฒŒ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ฐœ์ธ์ ์œผ๋ก  ์ฒ˜์Œ๋ณด๋Š” ์ด๋ฏธ์ง€์ธ๋ฐ, ํŠน์ดํ•˜๊ฒŒ๋„ ๋ณดํŽธ์ ์ธ OS์—์„œ ์‚ฌ์šฉ๋˜๋Š” ๋ช…๋ น์–ด๋ถ€ํ„ฐ ์—ฌ๋Ÿฌ๊ฐ€์ง€ ์ค‘์š”ํ•œ ๋ฐ”์ด๋„ˆ๋ฆฌ๋‚˜ ์„ค์ •๊นŒ์ง€ ์—†๋Š” ๋…ํŠนํ•œ ์ด๋ฏธ์ง€์˜€์ฃ . ์ฐพ๋‹ค๋ณด๋‹ˆ ์ƒ๊ฐ๋ณด๋‹ค ์žฌ๋ฏธ์žˆ๋Š” ์ด๋ฏธ์ง€์—ฌ์„œ ๊ด€๋ จ ๋‚ด์šฉ๊ณผ ์ €์˜ ์ƒ๊ฐ์„ ์•ฝ๊ฐ„ ๋”ํ•ด์„œ ๊ธ€์„ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Forcing HTTP Redirect XSS

  • 1 min read

TL;DR

If you are in English, I hope you read this! Iโ€™ve tested more, but thereโ€™s no unusual pattern. If youโ€™re curious about my story, try using a translator! not writing in two languages because I am little tired today.

Read More

Amass, go deep in the sea with free APIs

  • 5 min read

There are several types of Subdomains scanning tools. Amass, Subfinder, findomain, etcโ€ฆ In my opinion, the tool at its peak is Amass, and many Bugbounty hunters have automated systems through Amass. Today Iโ€™m going to talk about ways to expand Amassโ€™ datasources and get more results.

Read More

์•จ๋ฆฌ์Šค(Alice)์™€ ๋ฐฅ(Bob) ๊ทธ๋ฆฌ๊ณ  ์บ๋กค(Carol), ์ด๋ฆ„์˜ ์˜๋ฏธ๋Š”?

  • 1 min read

๋ณด์•ˆ์ชฝ์—์„œ ์ž์ฃผ ๋‚˜์˜ค๋Š” ์‚ฌ๋žŒ ์ด๋ฆ„์ด ์žˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ ์•จ๋ฆฌ์Šค(Alice)์™€ ๋ฐฅ(Bob), ๊ทธ๋ฆฌ๊ณ  ์บ๋กค(Carol)์ธ๋ฐ์š”. 02๋ž‘ ์ด์•ผ๊ธฐํ•˜๋˜ ์ค‘ A/B/C ์ด์•ผ๊ธฐ๊ฐ€ ๋‚˜์™€ ์ฐพ๋‹ค๋ณด๋‹ˆ ์ œ๊ฐ€ ์•„๋Š” ๊ฒƒ ๋ณด๋‹ค ์ข…๋ฅ˜๊ฐ€ ํ›จ์”ฌ ๋งŽ๊ณ  ๊ฐ๊ฐ ์˜๋ฏธ๋„ ๋‹ค ๋ถ€์—ฌ๋˜์–ด ์žˆ๋”๊ตฐ์š”. (์ „ ๊ทธ๋ƒฅ ์•ŒํŒŒ๋ฒณ ์ˆœ์„œ์— ๋”ฐ๋ผ์„œ 1~n๋ฒˆ์งธ ๋‹น์‚ฌ์ž๋ผ๊ณ  ์ƒ๊ฐํ–ˆ๋Š”๋ฐ..) โ€‹ ์•Œ์•„์„œ ๋‚˜์ ๊ป€ ์—†์œผ๋‹ˆ ๊ฐ€๋ณ๊ฒŒ ์ •๋ฆฌํ•ด์„œ ๊ธ€๋กœ ์˜ฌ๋ ค๋‘ก๋‹ˆ๋‹ค :D โ€‹

Names

Read More

Future of the WebHackersWaepons

  • 1 min read

Concept feature in future

So far I have been github repoing tools simply to enumerate them, but weโ€™re thinking about how weโ€™ll be able to easily install/uninstall/update the tools that are included in the future.

Read More

Scanning multiple targets in ZAP

  • 1 min read

์ €๋Š” ZAP๊ณผ Burp pro ๋ชจ๋‘๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๊ฐ๊ฐ ๋„๊ตฌ๊ฐ€ ๊ฐ€์ง„ ํŠน์„ฑ๊ณผ ๋ผ์ด์„ ์Šค์ ์ธ ๋ฌธ์ œ๋กœ ์ธํ•ด์„œ ๊ฐ™์ด ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š”๋ฐ, ์‚ฌ์‹ค ๋ˆ„๊ฐ€ ์ข‹๋‹ค๊ณ  ์šฐ์œ„๋ฅผ ๊ฐ€๋ฆฌ๊ธฐ๋Š” ์–ด๋ ต์Šต๋‹ˆ๋‹ค. (์›Œ๋‚™ ํŠน์„ฑ๋„ ๋‹ค๋ฅด๊ณ , ๊ฐ ๋„๊ตฌ๊ฐ€ ๋ฐ”๋ผ๋ณด๋Š” ๋ชฉํ‘œ๋„ ๋ถ„๋ช…ํžˆ ๋‹ฌ๋ผ์š”)

Read More

How to add custom header in ZAP and zap-cli

  • 3 min read

The zap-cli is a tool that helps make ZAP easy to use on the command line. From simple scanning to CI/CD Pipeline, itโ€™s a tool thatโ€™s used everywhere. Unlike other scanners, it does not support custom headers.

Read More

NMAP CheatSheet

  • 2 min read

Cullinan(Wiki) ํ”„๋กœ์ ํŠธ๋ฅผ ์ง„ํ–‰ํ•˜๋ฉด์„œ Cullinan - Nmap์— ๋‹ค์‹œ ์ •๋ฆฌํ•ด๋‘์—ˆ์Šต๋‹ˆ๋‹ค. ํ•ด๋‹น ํŽ˜์ด์ง€๊ฐ€ ์ตœ์‹ ์ด๋‹ˆ ์ฐธ๊ณ  ๋ถ€ํƒ๋“œ๋ ค์š” ๐Ÿ˜Ž

Read More

One custom certificate, Using all tools and your devices (for bug bounty/pentesting)

  • 5 min read

์ €๋Š” Burp pro / ZAP / Cli base proxy 3๊ฐ€์ง€ ๋ชจ๋‘๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค. ๋‹จ์ˆœํžˆ ์›น๋งŒ ํ…Œ์ŠคํŒ…ํ•  ๋• ํฌ๊ฒŒ ์™€๋‹ฟ์ง€ ์•Š์ง€๋งŒ, ๋ชจ๋ฐ”์ผ์„ ํ…Œ์ŠคํŠธํ•  ๋• ์ธ์ฆ์„œ๊ฐ€ ์ƒ๋‹นํžˆ ๊ท€์ฐฎ์Šต๋‹ˆ๋‹ค. (ํŠนํžˆ ์ž„์‹œ๋กœ ์‚ฌ์šฉํ•˜๋Š” ํฐ๋“ค์€..)

Read More

E-mail ํฌ๋งท์„ ์ด์šฉํ•œ ์—ฌ๋Ÿฌ๊ฐ€์ง€ Exploiting ๊ธฐ๋ฒ•๋“ค

  • 2 min read

Recently, the nahamcon2020 was in over. I difficult to watching it in my time zone, so I just looked at the documents after itโ€™s over. They were all very interesting and I learned a lot of new things. Today Iโ€™m going to talk about the email attack that I saw the most interesting among them. Of course, if you using english, best document is original material, so refer to the link below, and I will write only in Korean today!

Read More

Find reflected parameter on ZAP for XSS!

  • 1 min read

์˜ฌํ•ด๋ถ€ํ„ฐ ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ์‹œ ์‚ฌ์šฉํ•˜๊ธฐ ์ข‹์€ ์›น ํ•ดํ‚น ๋„๊ตฌ๋“ค์„ ์ •๋ฆฌํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๊ทธ์ค‘์—” BurpSuite์™€ ZAP์˜ ํ™•์žฅ ๊ธฐ๋Šฅ ์ปฌ๋ ‰์…˜๋„ ์žˆ๊ณ  ํŠธ์œ—ํ†ตํ•ด ์ถ”์ฒœ์„ ๋ฐ›๋˜ ์ค‘ ์“ธ๋งŒํ•œ ZAP ํ™•์žฅ ๊ธฐ๋Šฅ์„ ์ฐพ์•„ ๊ธ€๋กœ ๊ฐ„๋žตํ•˜๊ฒŒ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

How to use DalFoxโ€™s Fun Options (if found notify , custom grepping)

  • 7 min read

As you can see from my blog and tweet, I recently full-change(new projectโ€ฆ) my XSpear and created an XSS Scanning tool called DalFox. Today, Iโ€™m going to share some tips for using DalFox. ์ œ ๋ธ”๋กœ๊ทธ๋‚˜ ํŠธ์œ—์„ ๋ณธ๋‹ค๋ฉด ์•Œ๊ฒ ์ง€๋งŒ, ์ตœ๊ทผ XSpear๋ฅผ ๊ฐˆ์•„์—Ž๊ณ  DalFox๋ผ๋Š” XSS Scanning ๋„๊ตฌ๋ฅผ ๋งŒ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

New my XSS scanning tool โ€œDalFoxโ€ :D

  • 3 min read

Hi, hackers and bugbounty hunters. Today Iโ€™m going to talk about my new XSS tool, DalFox. Iโ€™m sure there are a lot of bugs because itโ€™s still under development, but Iโ€™m going to talk it lightly now because itโ€™s somewhat functional and has a critical bug fixed!

Read More

How to import external spidering output to Burpsuite or ZAP

  • 1 min read

Normally, BurpSuite or ZAP is the main tool of testing during bugbounty or security testing. Itโ€™s good to navigate directly with the spider function in there, but sometimes you need help from an external crawler. (especially when using a waybackmachine) ํ‰์†Œ์— ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ๋‚˜ ํ…Œ์ŠคํŒ… ์‹œ BurpSuite์—์„œ ์ฃผ๋กœ ํ…Œ์ŠคํŒ…์„ ์ง„ํ–‰ํ•ฉ๋‹ˆ๋‹ค. Burp์—์„œ์˜ spider ๊ธฐ๋Šฅ๊ณผ ์ง์ ‘ ๋Œ์•„๋‹ค๋‹ˆ๋Š”๊ฒŒ ์ข‹๊ธดํ•˜์ง€๋งŒ, ๋•Œ๋ก  ์™ธ๋ถ€ ํฌ๋กค๋Ÿฌ์˜ ๋„์›€์ด ํ•„์š”ํ• ๋•Œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. (ํŠนํžˆ waybackmachine์„ ์‚ฌ์šฉํ• ๋•์š”)

Read More

Recon using fzf and other tools. for bugbounty

  • 4 min read

๋•Œ๋•Œ๋กœ ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ๋ฅผ ํ•˜๋‹ค๋ณด๋ฉด, ๊ต‰์žฅํžˆ ๋งŽ์€ ํŒŒ์ผ์„ ๋งŒ๋‚˜๊ฒŒ ๋ฉ๋‹ˆ๋‹ค. ํŠนํžˆ meg, gospider ๋“ฑ recon ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•œ ๊ฒฐ๊ณผ์˜ ์–‘์€ ์ƒ์ƒ์„ ์ดˆ์›”ํ•ฉ๋‹ˆ๋‹ค.

Read More

Ways to XSS without parentheses

  • 1 min read

Introduction

๊ฐ„๋งŒ์— @garethheyes ๊ฐ€ ๊ต‰์žฅํžˆ ์“ธ๋งŒํ•œ ํ…Œํฌ๋‹‰์„ ํ•˜๋‚˜ ๊ณต์œ ํ–ˆ์Šต๋‹ˆ๋‹ค. DOMMatrix ๋ฅผ ์ด์šฉํ•ด์„œ ๊ด„ํ˜ธ ๊ฒ€์ฆ์„ ๋‚˜๊ฐ€๋Š” ๋ฐฉ๋ฒ•์ด๊ณ , ๊ธฐ์กด์— ์‚ฌ์šฉํ•˜๋˜ ๋ฐฉ๋ฒ•๋“ค์— ์–ด๋ ค์›€์ด ์žˆ์„ ๋•Œ ์ฐธ๊ณ ํ•ด๋ณผ๋งŒํ•œ ๊ธฐ๋ฒ•์ž…๋‹ˆ๋‹ค. ๊ผญ ํ•œ๋ฒˆ ์ฝ์–ด๋ณด์„ธ์š”.!

Read More

Find S3 bucket takeover , S3 Misconfiguration using pipelining(s3reverse/meg/gf/s3scanner)

  • 1 min read

Hi hackers! Today, iโ€™m going to talk about easy-to-find methods using S3 Bucket takeover and Misconfiguration (Write/Readโ€ฆ). ์˜ค๋žœ๋งŒ์— ๊ธ€์„ ์“ฐ๋Š” ๊ฒƒ ๊ฐ™๋„ค์š”. ์š”์ฆ˜ ์ฝ”๋กœ๋‚˜19๋กœ ์ธํ•ด ์žฌํƒ๊ทผ๋ฌด๋ฅผ ํ•œ๋‹ฌ๋„˜์ง“ ํ•œ ๊ฒƒ ๊ฐ™์€๋ฐ, ํ‰์†Œ๋ณด๋‹ค ์ผ์„ ๋” ๋งŽ์ดํ•˜๊ฒŒ ๋˜๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. ๋•๋ถ„์— ๋ธ”๋กœ๊ทธ์— ์•ฝ๊ฐ„ ์†Œํ˜ํ–ˆ๋˜ ๊ฒƒ ๊ฐ™์€๋ฐ์š”, ๋‹ค์‹œ ๊ฐ€๋‹ค์žก๊ณ  ๊ธ€ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค. ์˜ค๋Š˜์€ S3 Bucket takeover์™€ Misconfiguration(Write/Read, etc..) pipelining์„ ์ด์šฉํ•˜์—ฌ ์‰ฝ๊ฒŒ ์ฐพ๋Š” ๋ฐฉ๋ฒ•๋“ค์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

Recon with waybackmachine. For BugBounty!

  • 2 min read

Iโ€™m busy with work these days, so I think Iโ€™m writing in two weeks. (Actually, I couldnโ€™t write it because I was tired. LOL) Today Iโ€™m going to share a tip that I used a lot on bugbounty. ์š”์ฆ˜ ์ผ๋กœ ์ธํ•ด ๋ฐ”๋น ์„œ ๊ฑฐ์˜ 2์ฃผ๋งŒ์— ๊ธ€์„ ์“ฐ๋Š” ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค. (์‚ฌ์‹ค ํ”ผ๊ณคํ•ด์„œ ๋ชป์ผ์–ด์š”..ใ…‹ใ…‹) ์˜ค๋Š˜์€ ๋‚ด๊ฐ€ ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ์—์„œ ์ž์ฃผ ์‚ฌ์šฉํ•˜๋˜ ํŒ ํ•˜๋‚˜๋ฅผ ๊ณต์œ ํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

Using the Flat Darcula theme(dark mode) in ZAP!!

  • ~1 min read

ํŠธ์œ„ํ„ฐ๋ฅผ ๋ณด๋˜ ์ค‘ ์‚ฌ์ด๋จผ์˜ ์–ด๋งˆ์–ด๋งˆํ•œ ํŠธ์œ—์„ ๋ณด๊ฒŒ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ ZAP์˜ Dark ๋ชจ๋“œ ์ง€์›์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ์˜€๋Š”๋ฐ์š”. ๊ฐ€๋ณ๊ฒŒ ๋ฆฌํŠธ์œ—ํ–ˆ๋”๋‹ˆ ์ด๋ฏธ commit ๋œ ๋‚ด์šฉ์ด๊ณ  ๋ฐ”๋กœ ์‚ฌ์šฉํ•ด ๋ณผ ์ˆ˜ ์žˆ๋‹ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ ์•„์ง Weekly ๋ฒ„์ „์—๋„ ๋ฐ˜์˜๋˜์ง€ ์•Š์•˜์ง€๋งŒ, ๋ฏธ๋ฆฌ ์ฒดํ—˜ํ•ด๋ณด๊ธฐ๋กœ ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.

Read More

Find testing point using tomnomnomโ€™s tool, for bugbounty!

  • 3 min read

I recently watched a video that looked for inspection points in a unique way from Stokโ€™s video(interviewed tomnomnom) So, today, Iโ€™m going to introduce you to some of the tools and techniques introduced in that video. ์ตœ๊ทผ์— Stok ์˜์ƒ ์ค‘ tomnomnom ๋ฅผ ์ธํ„ฐ๋ทฐํ•œ๊ฒŒ ์žˆ์–ด์„œ ๋ณด๋˜ ์ค‘ ํŠน์ดํ•œ ๋ฐฉ์‹์œผ๋กœ ์ ๊ฒ€ ํฌ์ธํŠธ๋ฅผ ์ฐพ๋Š” ์˜์ƒ์„ ๋ณด๊ฒŒ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ๊ทธ๋ž˜์„œ, ์˜ค๋Š˜์€ ํ•ด๋‹น ์˜์ƒ์—์„œ ์†Œ๊ฐœ๋œ ํˆด๊ณผ ๊ธฐ๋ฒ•๋“ค ์ค‘ ์ผ๋ถ€๋ฅผ ๊ฐ€๋ณ๊ฒŒ ์†Œ๊ฐœํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. (์ €๋„ ์ •๋ฆฌ๊ฐ€ ํ•„์š”ํ•ด์„œ๋ฆฌ..)

Read More

First new XSS Payload of 2020(svg animate, onpointerrawupdate)

  • ~1 min read

Hi hackers and bugbounty hunter! Recently, two previously unknown XSS Payloads were disclosure one after another. Itโ€™s not a payload thatโ€™s very difficult to understand, so Iโ€™ll share it briefly! ์ตœ๊ทผ ๊ธฐ์กด์— ์•Œ๋ ค์ง€์ง€ ์•Š์€ XSS Payload 2๊ฐœ๊ฐ€ ์—ฐ๋‹ฌ์•„ ๊ณต๊ฐœ๋ฌ์Šต๋‹ˆ๋‹ค. ์ดํ•ด์— ํฐ ์–ด๋ ค์›€์ด ์žˆ๋Š” ํŽ˜์ด๋กœ๋“œ๋Š” ์•„๋‹ˆ๋‹ˆ, ๊ฐ„๋žตํ•˜๊ฒŒ๋งŒ ๋‚ด์šฉ ๊ณต์œ ํ• ๊ฒŒ์š”!

Read More

BurpSuite 2020.01 Release Review, Change HTTP Message Editor!

  • 1 min read

The first release of Burp 2020.01 was released recently. I think end of last year, the Navigation Embedded Browser in the 2.1.05 release may not be a big change because of its impact, but it has improved a lot in usability because this update. ์ตœ๊ทผ์— Burp 2020.01 ์ฒซ ๋ฆด๋ฆฌ์ฆˆ๊ฐ€ ๋‚˜์™”์Šต๋‹ˆ๋‹ค. ์‚ฌ์‹ค ์ž‘๋…„ ๋ง์ฏค์— 2.1.05 ๋ฆด๋ฆฌ์ฆˆ์—์„œ์˜ Navigation Embedded Browser๊ฐ€ ์›Œ๋‚™ ์ž„ํŒฉํŠธ๊ฐ€ ์žˆ์–ด์„œ ํฐ ๋ณ€ํ™”๋ผ๊ณ ๋Š” ๋ชป๋Š๋ผ๊ฒ ์ง€๋งŒ, ๊ทธ๋ž˜๋„ ์‚ฌ์šฉ์„ฑ์— ์žˆ์–ด์„œ ๊ต‰์žฅํžˆ ๋งŽ์€ ๋ถ€๋ถ„๋“ค์ด ๊ฐœ์„ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Metasploit์—์„œ Database connection์ด ์ž์ฃผ ๋Š๊ธด๋‹ค๋ฉด?

  • 1 min read

๊ฐ„ํ˜น Metasploit์„ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์œผ๋ฉด ๊ฐ‘์ž๊ธฐ DB Connection์ด ์‚ฌ๋ผ์ง€๊ณคํ•ฉ๋‹ˆ๋‹ค. ์ œ ํ™˜๊ฒฝ์—์„œ๋„ ํŠน์ • PC์—์„œ ์œ ๋… ์ž˜ ๋Š์–ด์ง€๋Š”๋ฐ์š”, ๊ฐ„๋‹จํ•œ ํŠธ๋ฆญ์œผ๋กœ ์‰ฝ๊ฒŒ ํ•ด๊ฒฐ์ด ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

Read More

Write Metasploit Module in Golang

  • 2 min read

Metaploit์—์„œ 2018๋…„ 12์›”๋ถ€ํ„ฐ golang module ์ง€์›์ด ์‹œ์ž‘๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์ €๋„ ์ž˜ ๋ชจ๋ฅด๊ณ  ์žˆ๋‹ค๊ฐ€ ์ตœ๊ทผ์—์„œ์•ผ ์•Œ๊ฒŒ ๋˜์—ˆ๋„ค์š”.

Read More

JSON Hijacking, SOP Bypass Technic with Cache-Control

  • 3 min read

Today, I write post at technique that bypasses SOP using cache during JSON Hijacking. Itโ€™s not always available because conditions are necessary, but if the conditions are right, you can get an unexpected good result. (์˜ค๋Š˜์€ JSON Hijacking ์ค‘ cache๋ฅผ ์ด์šฉํ•˜์—ฌ SOP๋ฅผ ์šฐํšŒํ•˜๋Š” ๊ธฐ๋ฒ•์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์ด ๋ฐฉ๋ฒ•์€ ์กฐ๊ฑด์ด ํ•„์š”ํ•˜๊ธฐ ๋•Œ๋ฌธ์— ํ•ญ์ƒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์ง„ ์•Š์ง€๋งŒ, ์กฐ๊ฑด๋งŒ ๋งž๋Š”๋‹ค๋ฉด ๋œป๋ฐ–์˜ ์ข‹์€ ๊ฒฐ๊ณผ๋ฅผ ์–ป์„์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค)

Read More

Stepper! Evolution repeater on Burp suite

  • 1 min read

์˜ค๋Š˜์€ Burp suite์˜ ํ™•์žฅ ๊ธฐ๋Šฅ ํ•˜๋‚˜๋ฅผ ์†Œ๊ฐœํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ๊ฐœ์ธ์ ์œผ๋กœ ์ตœ๊ทผ์— ์ฐพ์€ ๊ฒƒ ์ค‘์— ์ •๋ง ์“ธ๋งŒํ•˜๋‹ค๊ณ  ๋Š๋ผ๋Š” ํ™•์žฅ ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค.

Read More

BurpSuite์—์„œ Request ์ •๋ณด๋ฅผ ํฌํ•จํ•˜์—ฌ CLI ์•ฑ ์‹คํ–‰ํ•˜๊ธฐ)

  • 2 min read

์˜ค๋Š˜์€ Burp suite์—์„œ ์™ธ๋ถ€ ์•ฑ์„ ์‹คํ–‰ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค. ์‚ฌ์‹ค ๋น„์Šทํ•œ ๋‚ด์šฉ(ZAP)์œผ๋กœ ์˜ˆ์ „์— ๊ธ€์„ ์“ด์ ์ด ์žˆ์—ˆ๋Š”๋ฐ์š”, ๋“œ๋””์–ด ๊ด€๋ จ ํ™•์žฅ ๊ธฐ๋Šฅ์ด ์—…๋ฐ์ดํŠธ๋˜์–ด์„œ Burp suite์—์„œ๋„ ๋™์ผํ•œ ์ง“์„ ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Test with GoBuster! (Powerful bruteforcing tool of golang)

  • 2 min read

directory ์Šค์บ” ๋„๊ตฌ์˜ dirbuster๊ฐ€ ์•„์ฃผ ๊ฐ•์„ธ์˜€์Šต๋‹ˆ๋‹ค๋งŒ, ์˜ฌํ•ด๋ถ€ํ„ฐ gobuster๊ฐ€ ๋” ๋งŽ์ด์“ฐ์ด๋Š” ๊ฒƒ ๊ฐ™์€ ๋Š๋‚Œ์ด ๋“ญ๋‹ˆ๋‹ค. ๋‹น์—ฐํžˆ ์Šค์บ” ๋„๊ตฌ๋Š” ์ด์   golang์ด ์••๋„์ ์ผ๊ฒ๋‹ˆ๋‹ค. (๊ณ ๋ฃจํ‹ด๊ณผ ๊ณ ์ฑ„๋„์˜ ํž˜์ด๋ž€..) The directory scan toolโ€™s dirbuster has been very strong, but it feels like gobuster going to be more popular this year. Of course, now the scanners are going to be dominated by golang.

Read More

Arachni scanner์—์„œ Webhook์œผ๋กœ Slack ์—ฐ๋™ํ•˜๊ธฐ(Send msg to slack when arachni scan is complete)

  • 2 min read

Arachni๋Š” ์„ฑ๋Šฅ ์ข‹์€ ์›น ์ทจ์•ฝ์  ์Šค์บ๋„ˆ์ž„๊ณผ ๋™์‹œ์— CI/CD ๋ฐ ํ™•์žฅ์„ฑ์ด ๊ต‰์žฅํžˆ ์ข‹์Šต๋‹ˆ๋‹ค. Web-UI, REST Server , RPCd, Cli, Interactive Shell ์ง€์›ํ•˜๋Š” ๊ฒƒ๋งŒ ๋ด๋„ ๊ฐœ๋ฐœ์ž๊ฐ€ ์—„์ฒญ ์‹ ๊ฒฝ์ผ๋‹ค๋Š”๊ฒŒ ๋Š๊ปด์ง€์ง€์š”. Arachni is powerful scanner of universe.

Read More

Two easy ways to get a list of scopes from a hackerone

  • 1 min read

Hi hackers, I write post for easy get bugbounty target scope. simple 2 way. ํ•ด์ปค์› ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ํ”„๋กœ๊ทธ๋žจ๋“ค์„ ๋ณด๋ฉด ํƒ€๊ฒŸ ๋„๋ฉ”์ธ์ด ๊ต‰์žฅํžˆ ๋งŽ์€ ๊ฒฝ์šฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋งค๋ฒˆ Scope ์ฒ˜๋ฆฌํ•˜๊ฑฐ๋‚˜, ํ…Œ์ŠคํŠธ ํ•  ๋•Œ ํ™•์ธํ•˜๊ธฐ ๋ถˆํŽธํ•œ๊ฐ์ด ์žˆ๋Š”๋ฐ, ์ด๋ฅผ ์‰ฝ๊ฒŒ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ๋Š” 2๊ฐ€์ง€ ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

Check logic vulnerability point using GET/HEAD in Ruby on Rails

  • 3 min read

์ตœ๊ทผ์— Github OAuth flow bypass ์ทจ์•ฝ์ ์ด ๊ณต๊ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. ์ด ์ทจ์•ฝ์ ์€ Rails ์•ฑ์˜ ํŠน์„ฑ์„ ์ด์šฉํ•œ ์ทจ์•ฝ์ ์ด๊ณ , Github๋งŒ์˜ ๋ฌธ์ œ๊ฐ€ ์•„๋‹ˆ๊ณ  ํŒจ์น˜๋กœ ๋ชจ๋“  Rails ์•ฑ์„ ๋ณดํ˜ธํ•  ์ˆ˜๋„ ์—†์Šต๋‹ˆ๋‹ค. Today, I going to review one vulnerability that needs to be checked in the Rails App environment through the Github OAuth flow bypass vulnerability. (B recently shared something interesting to me.)

Read More

How to diable detectportal.firefox.com in firefox(enemy of burpsuite)

  • ~1 min read

When i hack the web with proxy tools like Firefox + Burp suite or ZAP, thereโ€™s a very annoying request. ํŒŒ์ด์–ดํญ์Šค์™€ Burp suite, ZAP ๋“ฑ์˜ ํ”„๋ก์‹œ ๋„๊ตฌ๋กœ ํ…Œ์ŠคํŠธ๋ฅผ ํ•˜๋‹ค๋ณด๋ฉด, ๊ต‰์žฅํžˆ ๊ฑฐ์Šฌ๋ฆฌ๋Š” ์š”์ฒญ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Burp suite using Tor network

  • 1 min read

๋ฒ„๊ทธ ๋ฐ”์šดํ‹ฐ๋ฅผ ํ•˜๋‹ค๋ณด๋ฉด, ๊ฐ„ํ˜น ์ฐจ๋‹จ๋˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค์‹œ ์ฐจ๋‹จ์„ ์šฐํšŒํ•˜๊ณ  ์ ‘์†ํ•  ์ˆ˜ ์žˆ๋Š” ๋ฐฉ๋ฒ•์—๋Š” ์—ฌ๋Ÿฌ๊ฐ€์ง€๊ฐ€ ์žˆ์œผ๋‚˜ tor๋ฅผ ์ด์šฉํ•˜๋ฉด ๊ฐ„๋‹จํ•˜๊ฒŒ ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

Upgrade self XSS to Exploitable XSS an 3 Ways Technic

  • 3 min read

์˜ค๋Š˜์€ Self-XSS๋ฅผ ์œ ํšจํ•œ XSS๋กœ ์—…๊ทธ๋ ˆ์ด๋“œ ํ•˜๋Š” ๋ฐฉ๋ฒ• 3๊ฐ€์ง€์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

์›น ์†Œ์ผ“์˜ ์ƒˆ๋กœ์šด ๊ณต๊ฒฉ ๊ธฐ๋ฒ•! WebSocket Connection Smuggling ๐Ÿ˜ˆ

  • 3 min read

์˜ค๋Š˜์€ WebSocket Connection Smuggling์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๋ฅผ ํ• ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. Hacktivity 2019 ์ปจํผ๋Ÿฐ์Šค์—์„œ ๋ฐœํ‘œ๋œ ๋‚ด์šฉ์ด๊ณ , ์‹ ๊ธฐํ•œ๊ฑฐ ๊ฐ™์•„์„œ ๋ช‡๋ฒˆ ํ…Œ์ŠคํŠธํ•ด๋ณด๋‹ˆ ์‹ค์ œ ์ผ€์ด์Šค์—์„œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” ๋ฌธ์ œ๋กœ ๋ณด์ด๋„ค์š”.. (์ € ๋ฉ€๋ฆฌ ํ—๊ฐ€๋ฆฌ์—์„œ ํ•˜๋Š” ์ปจํผ๋Ÿฐ์Šค๋ผ ๊ฐ€๋ณธ์ ๋„ ์—†๊ณ ํ•œ๋ฐ, ๋ณผ๋งŒํ•œ ๋‚ด์šฉ๋“ค์ด ์ข€ ์žˆ๋„ค์š”!)

Read More

PHP7 UnderFlow RCE Vulnerabliity(CVE-2019-11043) ๊ฐ„๋‹จ ๋ถ„์„

  • 5 min read

์ผ์ฃผ์ผ์ „์— PHP FPM ์ทจ์•ฝ์  ๊ด€๋ จ ๋‚ด์šฉ ๋ฐ PoC๊ฐ€ ๊ณต๊ฐœ๋˜์—ˆ์Šต๋‹ˆ๋‹ค. RCE๊ฐ€ ๊ฐ€๋Šฅํ•˜๊ณ , PoC๊ฐ€ ์›Œ๋‚™ ์ž˜ ๋‚˜์˜จ ์ผ€์ด์Šค๋ผ ์•„๋งˆ ๋Œ€๋‹ค์ˆ˜๊ฐ€ ๊ธด๊ธ‰์œผ๋กœ ๋Œ€์‘ํ•˜์ง€ ์•Š์•˜์„๊นŒ ์‹ถ์Šต๋‹ˆ๋‹ค.

Read More

CPDoS(Cache Poisoned Denial of Service) Attack for Korean

  • 4 min read

์ตœ๊ทผ์— CPDos์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ๊ฐ€ ํ•ซํ•ฉ๋‹ˆ๋‹ค. HTTP Desync Attack ๋•Œ ์ด๋ฏธ ๊ฒฝํ—˜ํ–ˆ๋˜ ๋ถ€๋ถ„์ด์ง€๋งŒ, ์—ฌ๋Ÿฌ๋ชจ๋กœ ์ด์Šˆํ™” ๋˜๋‹ค๋ณด๋‹ˆ ์ผ์ ์œผ๋กœ๋‚˜ ๊ฐœ์ธ์ ์œผ๋กœ๋‚˜ ํ…Œ์ŠคํŠธ๋ฅผ ์ข€(๊ฐ•์ œ๋กœ..) ํ•ด๋ณด๊ฒŒ ๋˜์—ˆ๋„ค์š”.

Read More

Find Subdomain Takeover with Amass + SubJack

  • 1 min read

Subdomain takeover was once a very popular vulnerability. Itโ€™s still constantly being discovered. Of course, there are so many hackers running automated code that itโ€™s hard to actually find it. but youโ€™ll find it with lucky. and from the corporate security point of view, you have to check it out. so i share it.

Read More

jwt-cracker๋ฅผ ์ด์šฉํ•œ secret key crack

  • ~1 min read

JWT๋Š” ๋‚ด์šฉ์— ๋Œ€ํ•œ ์„œ๋ช…์„ ๋‚ด์šฉ ๋’ค์— ๋ถ™์—ฌ์ฃผ์–ด ์œ„๋ณ€์กฐ๋ฅผ ๊ฐ์ง€ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๊ฐ„ํ˜น secret์ด ๊ฐ„๋‹จํ•˜๊ฒŒ ์„ค์ •๋œ ๊ฒฝ์šฐ์—๋Š” secret์„ ์ฐพ๊ณ  ๋ณ€์กฐ๋œ JWT๋ฅผ ๋งŒ๋“ค ์ˆ˜ ์žˆ๋Š”๋ฐ, ์ด๋ฅผ ์ธ์ฆ์— ์‚ฌ์šฉํ•˜๊ฑฐ๋‚˜ ์ค‘์š” ๋กœ์ง์—์„œ ๋ฐ์ดํ„ฐ๋ฅผ ์ฝ์–ด ์‚ฌ์šฉํ•˜๋Š” ๊ฒฝ์šฐ ํฐ ๋ณด์•ˆ์ ์ธ ๋ฆฌ์Šคํฌ๋ฅผ ๊ฐ€์ง€๊ฒŒ๋ฉ๋‹ˆ๋‹ค.

Read More

Bypass referer check logic for CSRF

  • 2 min read

Referer header check is probably the most frequently used CSRF countermeasure. Itโ€™s easier to implement and less performance issues than the token approach, so itโ€™s the preferred approach, and thatโ€™s the some risk for bypass.

Read More

New Technic of HTTP Desync Attack

  • ~1 min read

After the HTTP Desync Attack announcement, the bugbounty hunters and corporate security personnel seem to be very busy. Albino recently announced that he would be writing additional articles, and new post were posted on the portswigger blog.

Read More

If you find powerful OXML XXE tool? itโ€™s โ€œDOCEMโ€

  • 3 min read

XXE ํ…Œ์ŠคํŠธ ์‹œ ์“ธ๋งŒํ•œ ๋„๊ตฌ ํ•˜๋‚˜ ์ฐพ์•„์„œ ๊ณต์œ ๋“œ๋ฆฝ๋‹ˆ๋‹ค. ์ง์ ‘ ๋…ธ๊ฐ€๋‹คํ•˜๊ฑฐ๋‚˜ ๊ธฐ์กด์— ๊ณต๊ฐœ๋ฌ๋˜ ํˆด๋ณด๋‹จ ํ›จ์”ฌ ํŽธ๋ฆฌํ•  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

Normalized Stored XSS (\xef\xbc\x9c => \x3c)

  • ~1 min read

ํ•ด์ปค์› ๋ณด๊ณ ์„œ๋ฅผ ์ฝ๋˜ ์ค‘ ์žฌ๋ฏธ์žˆ๋Š” XSS ์ทจ์•ฝ์ ์ด ์žˆ์–ด ๊ณต์œ ํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Path Traversal pattern of ../

  • ~1 min read

Path traversal ํŽ˜์ด๋กœ๋“œ ๊ด€๋ จํ•ด์„œ ํˆด ์‚ฌ์šฉ์ด ์–ด๋ ค์šธ ๋•Œ ๋งค๋ฒˆ ํƒ€์ดํ•‘ํ•˜๊ธฐ ๊ท€์ฐฎ์•„์„œ ํ•˜๋‚˜ ๋งŒ๋“ค์–ด๋‘๊ณ  ์“ฐ๊ณ  ์ด์—ˆ์Šต๋‹ˆ๋‹ค. cheatsheet์ชฝ์— ์ •๋ฆฌํ•˜๋ ค๋‹ค๊ฐ€, ์•„์ง ๊ฐœํŽธ(์ง„ํ–‰์ค‘์ด๋ž๋‹ˆ๋‹ค..)์ค‘์ด๊ณ  ์ดํ›„์— ์–ด๋–ค ํ˜•ํƒœ๋กœ ๋‚˜ํƒ€๋‚ผ์ง€ ์ž๋ฆฌ์žกํžˆ์ง€ ์•Š์•„์„œ ๊ธ€๋กœ ๋ฏธ๋ฆฌ ์ž‘์„ฑํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

Bypass host validation Technique in Android (Common+Golden+MyThink)

  • 2 min read

SSRF, CSRF, Open Redirect ๋“ฑ ์‚ฌ์šฉ์ž๋กœ๋ถ€ํ„ฐ ์ž…๋ ฅ๋ฐ›์€ URL์„ ๊ฒ€์ฆํ•ด์•ผํ•  ์ผ์€ ๋งŽ์Šต๋‹ˆ๋‹ค. ์ง์ ‘ ๊ฒ€์ฆ ๋กœ์ง์„ ํ•˜๋‚˜ํ•˜๋‚˜ ๊ตฌํ˜„ํ•˜๋Š” ๋ฐฉ๋ฒ•๋„ ์žˆ์ง€๋งŒ, ๋ณดํ†ต์€ ๊ฐ ์–ธ์–ด์—์„œ ์ œ๊ณตํ•˜๋Š” ๋ฉ”์†Œ๋“œ๋ฅผ ํ†ตํ•ด host, scheme๋ฅผ ๋ถ„๋ฆฌํ•œ ํ›„ ๊ฒ€์ฆํ•˜๋Š” ๊ฒƒ์ด ์ข‹์€ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

OWASP Amass - DNS Enum/Network Mapping

  • 1 min read

OWASP Amass๋Š” OWASP์—์„œ go๋กœ ๋งŒ๋“  DNS Enum, Network Mapping ๋„๊ตฌ์ด์ž Project์ž…๋‹ˆ๋‹ค. Recon, OSINT ๋„๊ตฌ๋กœ ๋ณด์‹œ๋ฉด ๋ ๋“ฏํ•˜๊ณ  ์„ฑ๋Šฅ์€ ์•„์ง ์ฒด๊ฐ์ƒ ๋Š๊ปด์ง€์ง„ ์•Š์œผ๋‚˜ ์ง€์›ํ•˜๋Š” ๊ธฐ๋Šฅ์˜ ๋ฒ”์œ„๊ฐ€ ๋„“์–ด์„œ ํ™œ์šฉ๋„๊ฐ€ ๋†’์€ ํ”„๋กœ๊ทธ๋žจ์œผ๋กœ ์ƒ๊ฐ๋ฉ๋‹ˆ๋‹ค.

Read More

Bypass blank,slash filter for XSS

  • 1 min read

โš ๏ธ XSS์— ๋Œ€ํ•œ ์ „๋ฐ˜์ ์ธ ๋‚ด์šฉ์€ Cullinan > XSS ํŽ˜์ด์ง€์—์„œ ๊ด€๋ฆฌํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ํ•ด๋‹น ํŽ˜์ด์ง€์—์„œ ์ตœ์‹  ๋ฐ์ดํ„ฐ๊ฐ€ ์œ ์ง€๋˜๋‹ˆ ์ฐธ๊ณ  ๋ถ€ํƒ๋“œ๋ ค์š” :D

Read More

JSONP Hijacking

  • 3 min read

Hi hackers. Itโ€™s a long time I didnโ€™t write blog post. I found JSONP Hijacking a not SOP case. Iโ€™m going to briefly explain it. ์˜ค๋žœ๋งŒ์— SOP์šฐํšŒ๊ฐ€ ์•„๋‹Œ JSONP Hijacking ๋ฐœ๊ฒฌํ•ด์„œ ๊ฐ„๋žตํ•˜๊ฒŒ ๋‚ด์šฉ ํ’€์–ด๋ด…๋‹ˆ๋‹ค.

Read More

Event handler for mobile used in XSS (ontouch*)

  • ~1 min read

Some event handlers do not appear in the OWASP list. It is a touch event like ontouch*. It is a limited item on mobile devices, so it has a less effective effect than general purpose, but it is a good item to trigger XSS.

Read More

HTTP Request(ZAP, Burp) Parsing on Ruby code

  • 1 min read

XSpear ๊ด€๋ จํ•ด์„œ ์ด๋Ÿฐ ๊ฑด์˜์‚ฌํ•ญ์ด ํ•˜๋‚˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. Burp, ZAP ๋“ฑ์—์„œ ์‚ฌ์šฉํ•˜๋Š” ํŒจํ‚ท ๋ฐ์ดํ„ฐ๋ฅผ ํŒŒ์ผ๋กœ ์ €์žฅํ•œ ํ›„ ์˜ต์…˜์„ ์ฃผ์–ด ์ฝ์œผ๋ฉด ์ž๋™์œผ๋กœ URL, Header ๋“ฑ์„ ํŒŒ์‹ฑํ•ด์„œ ์‚ฌ์šฉํ•˜๋Š” ํ˜•ํƒœ๋ฅผ ๋ง์”€ํ•˜์‹  ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.(๋งˆ์น˜ sqlmap์˜ ๊ทธ๊ฒƒ ์ฒ˜๋Ÿผ)

Read More

XSS payload for escaping the string in JavaScript

  • ~1 min read

์˜ค๋Š˜ ์˜คํ›„์ฏค ์‹ ๊ธฐํ•œ ํŽ˜์ด๋กœ๋“œ๋ฅผ ํ•˜๋‚˜ ์ฐพ์•„์„œ ๋ฉ”๋ชจํ•ด๋’€๋‹ค๊ฐ€ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค. ์•„๋งˆ๋„ ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ ๋‚ด๋ถ€์— ์ฝ”๋“œ๊ฐ€ ์‚ฝ์ž…๋˜์—ˆ์ง€๋งŒ ๋ฌธ์ž์—ด์„ ํƒˆ์ถœํ•  ์ˆ˜ ์—†์„ ๋•Œ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ ์ด๋Ÿฐ ํ˜•ํƒœ์˜ ํŒจํ„ด์ด ๋“ค์–ด๊ฐ€๋Š” ๊ณณ๋„ ์€๊ทผํžˆ ์žˆ์„ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

Run other application in ZAP ๐ŸŽฏ

  • 2 min read

ZAP has one interesting feature. It is a function that can use external applications. This makes it easier and more powerful for security testing to work with external tools. Todayโ€™s post is how to use the Apply bridge(?) in ZAP.

Read More

OAuth ๊ณผ์ •์—์„œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” ์žฌ๋ฏธ์žˆ๋Š” ์ธ์ฆํ† ํฐ ํƒˆ์ทจ ์ทจ์•ฝ์ (Chained Bugs to Leak Oauth Token) Review

  • 1 min read

์˜ค๋Š˜ OAuth ๊ด€๋ จ ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ์žฌ๋ฏธ์žˆ๋Š”๊ฑด์„ ๋ด์„œ ํฌ์ŠคํŒ…์œผ๋กœ ํ’€์–ด๋ด…๋‹ˆ๋‹ค. ๊ฐ„๋‹จํžˆ ์š”์•ฝํ•˜๋ฉด ์šฐ๋ฒ„์™€ ํŽ˜๋ถ OAuth ๊ณผ์ • ์ค‘ ๋ฌธ์ œ๊ฐ€ ์žˆ์–ด์„œ ์‚ฌ์šฉ์ž ์ธ์ฆ์ •๋ณด๋ฅผ ๊ณต๊ฒฉ์ž์—๊ฒŒ ํƒˆ์ทจํ•  ์ˆ˜ ์žˆ๋Š” ๋ถ€๋ถ„์ด์˜€๊ณ  ๋ฆฌํฌํŒ…ํ•œ @ngalog ๋Š” $7,500๋‚˜ ๋ฐ›์•˜๋‹ค๊ณ  ํ•˜์ฃ .

Read More

XSS Payload without Anything

  • 1 min read

What is XSS Payload without Anything?

When I work for a company or bug bounty, the unexpected hurdle is a protection(xss filter) of special char in the JS(Javascript) area. So I am devising a way to easily solve these problems, and one of the processes is this document.

Read More

GraphQLmap - testing graphql endpoint for pentesting & bugbounty

  • 3 min read

๋ฐค์— ํŠธ์œ—๋ณด๋‹ค๋ณด๋‹ˆ swissky๊ฐ€ ํˆด ํ•˜๋‚˜๋ฅผ ๋งŒ๋“ค์–ด์„œ ๋ฐฐํฌํ–ˆ๋”๊ตฐ์š”. ์‹ฌ์ง€์–ด GraphQL ๊ด€๋ จ ์ž๋™ํ™”๋„๊ตฌ๋ผ ๋ฐ”๋กœ ๋Œ€์ถฉ ์ •๋ฆฌํ•ด์„œ ํฌ์ŠคํŒ…ํ•ด๋ด…๋‹ˆ๋‹ค. GraphQLmap ์ž…๋‹ˆ๋‹ค.

Read More

Ruby on Rails Double-Tap ์ทจ์•ฝ์ (CVE-2019-5418, CVE-2019-5420)

  • 4 min read

๊ฐ„๋งŒ์— ์ทจ์•ฝ์  ๋ฆฌ๋ทฐํ•ด๋ด…๋‹ˆ๋‹ค. ์˜ฌ ๋ด„์— ์ •๋ฆฌํ•œ๋ฒˆํ•˜๊ณ  ์ตœ๊ทผ์— ์ถ”๊ฐ€๋กœ ์ •๋ฆฌํ–ˆ๋˜๊ฑฐ๋ผ ๋จธ๋ฆฌ์†์—์„œ ๋‚ ์•„๊ฐ€๊ธฐ ์ „์— ๋ธ”๋กœ๊ทธ ๊ธ€๋กœ ๋‚จ๊ฒจ๋ณด์•„์š”. ์šฐ์„  ์˜ฌ ํ•ด 3์›” ์ •๋„์— ๋ ˆ์ผ์ฆˆ ๊ด€๋ จ ์ทจ์•ฝ์ ์ด 3๊ฐœ์ •๋„ ์˜ฌ๋ผ์™”์—ˆ์Šต๋‹ˆ๋‹ค. CVE-2019-5418 ~ 5420 ์ด์Šˆ์ธ๋ฐ, ๊ฒฐ๊ณผ์ ์œผ๋ก  Rails์—์„œ ์‹œ์Šคํ…œ ํŒŒ์ผ์„ ์ฝ๊ณ , ๋ช…๋ น ์‹คํ–‰๊นŒ์ง€ ๊ฐ€๋Šฅํ•œ 3๊ฐ€์ง€์˜€์Šต๋‹ˆ๋‹ค.

Read More

Finding in-page scripts & map files with javascript (very simple..)

  • ~1 min read

๋ณ„ ์ฝ”๋“œ๋Š” ์•„๋‹ˆ์ง€๋งŒ ๋งŒ๋“ค์–ด ๋†“๊ณ  ์“ฐ๋ฉด ํŽธํ•˜๋‹ˆ.. ํŽ˜์ด์ง€์— ์žˆ๋Š” ์™ธ๋ถ€ ์Šคํฌ๋ฆฝํŠธ ๋งํฌ์™€ map ํŒŒ์ผ ๋งํฌ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. (map์€ ๊ทธ๋ƒฅ ๋ฌด์กฐ๊ฑด ๋‚˜ํƒ€๋‚˜๊ฒŒ..)

Read More

Tap n Ghost Attack(ํƒญ ์•ค ๊ณ ์ŠคํŠธ) - ์ƒˆ๋กœ์šด ๋ฌผ๋ฆฌ์ (?) ํ•ดํ‚น ๊ณต๊ฒฉ ๋ฒกํ„ฐ

  • 1 min read

์ง€๋‚œ์ฃผ์ธ๊ฐ€ ์ง€์ง€๋‚œ์ฃผ์ธ๊ฐ€ ์ด ๋‚ด์šฉ์„ ๋ณด๊ณ  ์•„์ฃผ์•„์ฃผ์•„์ฃผ์•„์ฃผ ๋Œ€์ถฉ ์ดˆ์•ˆ์„ ์จ๋†จ์—ˆ๋Š”๋ฐ, ์ด์ œ์„œ์•ผ ๊ธ€๋กœ ํฌ์ŠคํŒ…ํ•˜๋„ค์š”. ์˜ค๋Š˜์€ ๋ฌผ๋ฆฌ์ ์ธ ํ•ดํ‚น ๊ธฐ๋ฒ•์˜ ์ƒˆ๋กœ์šด ๊ณต๊ฒฉ ๋ฒกํ„ฐ์ธ ํƒญ ์•ค ๊ณ ์ŠคํŠธ(Tap n Ghost) ๊ณต๊ฒฉ์— ๋Œ€ํ•ด ์•Œ์•„๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

ZAP 2.8 Review โšก๏ธ

  • 1 min read

๋“œ๋””์–ด, ์ •๋ง ๋“œ๋””์–ด ZAP 2.8์ด ๋ฆด๋ฆฌ์ฆˆ ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

How to fuzzing with regex on ZAP Fuzzer

  • 1 min read

ZAP Fuzzer is a very useful tool for reply attack, brute force, and multiple entropy calculations. Personally, I think itโ€™s better than the burp suite intruder (itโ€™s more flexible).

Read More

ZAP์—์„œ ์ •๊ทœํ‘œํ˜„์‹์„ ์ด์šฉํ•˜์—ฌ ์›น ํผ์ง•ํ•˜๊ธฐ

  • 1 min read

ZAP์˜ Fuzzer๋Š” reply attack, brute force ๋ฐ ์—ฌ๋Ÿฌ ์—”ํŠธ๋กœํ”ผ ๊ณ„์‚ฐ์— ์žˆ์–ด ๊ต‰์žฅํžˆ ์œ ์šฉํ•œ ๋„๊ตฌ์ž…๋‹ˆ๋‹ค. ๊ฐœ์ธ์ ์œผ๋กœ๋Š” Burp suite์˜ intruder๋ณด๋‹ค ๋” ์œ ์—ฐํ•˜๋‹ค๊ณ  ์ƒ๊ฐ๋˜๋„ค์š”. ZAP Fuzzer์—์„œ Regex์„ ์ด์šฉํ•ด์„œ ํŽ˜์ด๋กœ๋“œ ๋ฆฌ์ŠคํŠธ๋ฅผ ๋งŒ๋“ค๊ณ  ํ…Œ์ŠคํŠธํ•  ์ˆ˜ ์žˆ๋Š”๋ฐ, ์˜ค๋Š˜์€ ๊ทธ ์ด์•ผ๊ธฐ๋ฅผ ์ข€ ํ•ด๋ณผ๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ์‹œ์ž‘ํ•˜์ฃ .

Read More

์นจํˆฌํ…Œ์ŠคํŠธ ์•ฝ๊ฐ„ ์œ ์šฉํ•œ nmap NSE ์Šคํฌ๋ฆฝํŠธ 4๊ฐ€์ง€

  • 3 min read

์˜ค๋Š˜์€ nmap NSE ์Šคํฌ๋ฆฝํŠธ 4๊ฐœ์— ๋Œ€ํ•ด ๊ธ€ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค. ์Œ, ์ดˆ์•ˆ?์€ ์ข€ ์จ๋†“์€์ง€ ๋˜์—ˆ๋Š”๋ฐ, ์ตœ๊ทผ์— ์—ฌ๋Ÿฌ๋ชจ๋กœ ์‹ ๊ฒฝ์“ธ์ผ์ด ๋งŽ์•„์„œ ์ด์ œ์„œ์•ผ ๊ธ€ ์˜ฌ๋ฆฌ๊ฒŒ๋˜๋„ค์š”. ์šฐ์„ , ์‹ ๋ฐ•ํ•œ ๋‚ด์šฉ์€ ์•„๋‹ˆ๊ณ  ๊ทธ๋ƒฅ ๋ณดํŽธ์ ์œผ๋กœ ๋งŽ์ด๋“ค ์“ฐ์‹œ๋Š” ์Šคํฌ๋ฆฝํŠธ 4๊ฐœ์ •๋„ ์ถ”๋ ค๋ดค์Šต๋‹ˆ๋‹ค. ํ˜น์‹œ๋‚˜ ์ข‹์€ ์Šคํฌ๋ฆฝํŠธ๋ฅผ ์•„์‹ ๋‹ค๋ฉด ๋Œ“๊ธ€๋กœ ๊ณต์œ ํ•ด์ฃผ์‹œ๋ฉด ์ •๋ง ๊ฐ์‚ฌํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค :)

Read More

How to protect iframe XSS&XFS using sandbox attribute(+CSP)

  • 1 min read

iframe์—๋Š” sandbox๋ผ๋Š” ์†์„ฑ์ด ํ•˜๋‚˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋Š” iframe ์‚ฌ์šฉ์— ์žˆ์–ด์„œ ์ข€ ๋” ์•ˆ์ „ํ•˜๊ฒŒ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ๋„๋ก ๋ณด์กฐํ•ด์ฃผ๋Š” ์ •์ฑ…์ธ๋ฐ์š”, CSP์™€ ํ•จ๊ป˜ ์ž˜ ์‚ฌ์šฉ๋œ๋‹ค๋ฉด ๊ต‰์žฅํžˆ ํŠผํŠผํ•œ iframe ์ •์ฑ…์„ ์œ ์ง€ํ•  ์ˆ˜ ์žˆ์–ด์ง‘๋‹ˆ๋‹ค.

Read More

ZAP(Zed Attack Proxy)์˜ 4๊ฐ€์ง€ ๋ชจ๋“œ(Four modes of ZAP)

  • ~1 min read

ZAP์„ ์ฒ˜์Œ ์ผ์„ ๋•Œ ๋”ฑ ๋ฐ”๋กœ ๊ถ๊ธˆํ–ˆ๋˜๊ฒŒ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ ์ขŒ์ธก ์ƒ๋‹จ์˜ Mode๋“ค์ธ๋ฐ์š”, ์ฐพ์•„๋ณผ๊นŒ ํ•˜๋‹ค๊ฐ€ ๊ทธ๋ƒฅ ๋„˜์–ด๊ฐ”์—ˆ๋Š”๋ฐ, ๋“œ๋””์–ดโ€ฆ ๋Œ€์ถฉ ์–ด๋–ค๊ฑด์ง€ ๊ธ€๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Jailbreak iOS Cydia ๋‚ด ์„ค์น˜/์—…๋ฐ์ดํŠธ ์‹œ gzip:iphoneos-arm ์—๋Ÿฌ ํ•ด๊ฒฐ๋ฐฉ๋ฒ•

  • 1 min read

iPad ํ•˜๋‚˜๋ฅผ ๊ฑฐ์˜ ํ…Œ์ŠคํŠธ ๊ธฐ๊ธฐ์ฒ˜๋Ÿผ ์“ฐ๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ์ด๋ฅผ ์œ„ํ•ด์„œ ์ด์ „์— ํƒˆ์˜ฅ์„ ์‹œ์ผœ๋‘์—ˆ๋Š”๋ฐ ํ•˜๋‚˜ ๊ณ ์งˆ์ ์ธ ๋ฌธ์ œ๊ฐ€ ์žˆ์—ˆ์ฃ . ๋ฐ”๋กœ Cydia์—์„œ ์•ฑ ์„ค์น˜๋ฅผ ํ•˜๊ฑฐ๋‚˜ ์—…๋ฐ์ดํŠธ๋ฅผ ํ•˜๋ ค๊ณ  ํ•˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์€ ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ–ˆ์Šต๋‹ˆ๋‹ค.

Read More

Access-Control-Allow-Origin๊ฐ€ wildcard(*)์ผ ๋•Œ ์™œ ์ธ์ฆ ์ •๋ณด๋ฅผ ํฌํ•จํ•œ ์š”์ฒญ์€ ์‹คํŒจํ•˜๋Š”๊ฐ€ ๐Ÿ˜ซ

  • 1 min read

TL;DR

CORS ์ •์ฑ… ์ƒ Access-Control-Allow-Origin: * ์ธ ๊ฒฝ์šฐ Origin์˜ ์ œํ•œ์—†์ด ์š”์ฒญํ•˜๊ณ  ๊ฒฐ๊ณผ๋ฅผ ์ฝ์„ ์ˆ˜ ์žˆ์ง€๋งŒ, ์ด๋Ÿฌํ•œ ๊ฒฝ์šฐ ์ฟ ํ‚ค๋ฅผ ์ œ๊ฑฐํ•˜๊ณ  ์š”์ฒญํ•˜๋„๋ก ์ •์ฑ…์ด ๊ตฌ์„ฑ๋˜์–ด ์žˆ์–ด์„œ ์ธ์ฆ ์ •๋ณด๋ฅผ ํฌํ•จํ•œ ์š”์ฒญ์—์„œ๋Š” ๋ถˆ๊ฐ€๋Šฅํ•ฉ๋‹ˆ๋‹ค.

Read More

MacOS์—์„œ Proxy ์„ค์ •ํ•˜๊ธฐ(for ZAP, BurpSuite)

  • ~1 min read

MacOS์—์„œ ํ”„๋ก์‹œ ์„ค์ •ํ•˜๋Š” ๋ฐฉ๋ฒ• ๋ฉ”๋ชจํ•ด๋‘˜๊นŒ ํ•ฉ๋‹ˆ๋‹ค. ์‚ฌ์‹ค ๋ญ ๋ณ„๋‹ค๋ฅธ๊ฑด ์•„๋‹ˆ๊ณ .. ๋‹ค๋ฅธ OS์—์„œ ์ง์ ‘ ์„ค์ •ํ•˜๋Š” ๊ฒƒ๊ณผ ๋™์ผํ•ฉ๋‹ˆ๋‹ค. ๋‹ค๋งŒ MacOS์˜ ๊ฒฝ์šฐ ์ข€ ๋” On/Off๊ฐ€ ์‰ฌ์šด ํŽธ์ด๋ผ ๋ณ„๋„์˜ ํ”„๋กœ๊ทธ๋žจ์ด ํ•„์š”ํ•˜๋‹จ ๋Š๋‚Œ์„ ๋ฐ›์ง„ ์•Š์•˜๋„ค์š”.

Read More

๐Ÿฆ Brave Browser = ๋ณด์•ˆ + ์†๋„ + ์ƒˆ๋กœ์šด ์‹œ๋„

  • 2 min read

์ตœ๊ทผ์— ๋ธŒ๋ผ์šฐ์ € ํ•˜๋‚˜๋ฅผ ์ ‘ํ–ˆ์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ Brave๋ผ๋Š” ์›น ๋ธŒ๋ผ์šฐ์ €์ธ๋ฐ์š”, ์ง€๊ธˆ๊นŒ์ง€ ์“ฐ๋˜ ์˜คํŽ˜๋ผ๋ฅผ ํ•œ๋ฒˆ์— ๋ฐ€์–ด๋‚ด๊ณ  Safari, Firefox์™€ ํ•จ๊ป˜ ์ €์˜ ์ฃผ๋ ฅ ๋ธŒ๋ผ์šฐ์ €๋กœ ์„ ํƒ๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

๋Š๋ฆฐ ZAP์„ ๋น ๋ฅด๊ฒŒ ๋งŒ๋“ค์ž! Zed Attack Proxy ์ตœ์ ํ™”ํ•˜๊ธฐ

  • ~1 min read

์ทจ์•ฝ์  ๋ถ„์„์—์„œ ํ•„์ˆ˜์ ์œผ๋กœ ์‚ฌ์šฉ๋˜๋Š” ๋„๊ตฌ ์ค‘ ํ•˜๋‚˜์ธ ZAP(or Burp ์ด์ง€๋งŒ, ์ด๋ฒˆ ํฌ์ŠคํŒ…์—์„  ZAP๋งŒ ๋‹ค๋ฃน๋‹ˆ๋‹ค)์€ ๋งŽ์€ ๊ธฐ๋Šฅ์„ ๊ฐ€์ง€๊ณ  ์žˆ์ง€๋งŒ, ๋ชจ๋“  ๊ธฐ๋Šฅ์„ ํ•œ๋ฒˆ์— ์‚ฌ์šฉํ•˜๊ธฐ์—๋Š” ํ™•์‹คํžˆ ์†๋„๋ฅผ ๊ฑฑ์ •ํ•˜์ง€ ์•Š์„ ์ˆ˜๊ฐ€ ์—†์Šต๋‹ˆ๋‹ค.

Read More

Metasploit-framework install & Setting on MacOS

  • ~1 min read

macos์—์„œ Metasploit-framework ์„ค์น˜ํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ๋ฉ”๋ชจํ•ฉ๋‹ˆ๋‹ค. ์Œ ์†”์งํžˆ ๋ฆฌ๋ˆ…์Šค ๋ฒ„์ „์ด๋ž‘ ๊ฑฐ์˜ ๋™์ผํ•œ ๊ฒƒ ๊ฐ™์€๋ฐ, ์ตœ๊ทผ ๋ฒ„์ „์ด๋ผ ๊ทธ๋Ÿฐ๊ฐ€ path๋‚˜ db ์„ค์ •๋„ ์ž๋™์œผ๋กœ ํ•ด์ฃผ๋„ค์š”.. (์˜ค.. ์†Œ์Šค์ฝ”๋“œ ๋ฐ›์•„์„œ ํ•˜๋‹ค๊ฐ€ ํŒจํ‚ค์ง€๋กœ ๋ฐ”๊พธ๋‹ˆ๊น ์‹ ์„ธ๊ณ„)

Read More

Bypass domain check protection with data: for XSS

  • ~1 min read

์˜ค๋Š˜์€.. ๋ฒ„๊ทธ๋ฐ”์šดํ‹ฐ ํ•˜๋‹ค๊ฐ€ ์ด๋Ÿฐ ํ˜•ํƒœ์˜ XSS ์ฝ”๋“œ๋„ ๊ฐ€๋Šฅํ•˜๊ธธ๋ž˜ ๊ณต์œ ๋“œ๋ ค๋ด…๋‹ˆ๋‹ค.

Read More

XSStrike geckodriver no such file error ํ•ด๊ฒฐํ•˜๊ธฐ

  • ~1 min read

XSStrike๋ฅผ ๋งฅ์—์„œ ์“ฐ๋ ค๊ณ  ํ•˜๋‹ˆ ์ด๋Ÿฐ ์—๋Ÿฌ๊ฐ€ ๋‚˜ํƒ€๋‚ฌ์—ˆ์Šต๋‹ˆ๋‹ค. (๋ณดํ†ต์€ ๋ฆฌ๋ˆ…์Šค์—์„œ ์ž‘์—…์„ ๋งŽ์ด ํ–ˆ์–ด๊ฐ€์ง€๊ณ .. )

Read More

Kage(GUI Base Metasploit Session Handler) Review

  • 1 min read

์ด๋ฒˆ์ฃผ์ค‘์ด์˜€๋‚˜์š”, kitploit์— ๋ˆˆ๊ธธ์ด ๊ฐ€๋Š” ํˆด ํ•˜๋‚˜๊ฐ€ ์˜ฌ๋ผ์™”์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ Metasploit์˜ shell sessions์„ ๊ด€๋ฆฌํ•˜๋Š” ์›น ๋„๊ตฌ์ธ Kage ์ž…๋‹ˆ๋‹ค.

Read More

Javascript Entity XSS์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ(oldโ€ฆstyleโ€ฆnot working)

  • 1 min read

์ด๋Ÿฐ ํ˜•ํƒœ์˜ xss ์ฝ”๋“œ๋ฅผ ๋ณด์‹ ์ ์ด ์žˆ๋‚˜์š”? ์ตœ๊ทผ์— ์ด XSS ํŽ˜์ด๋กœ๋“œ๋กœ ํŠธ์œ—์—์„œ ์˜๊ฒฌ์„ ์ข€ ๋‚˜๋ˆด์—ˆ๋Š”๋ฐ, ๊ทธ ๋‚ด์šฉ ์ •๋ฆฌํ•ด์„œ ํฌ์ŠคํŒ…ํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

XSS with style tag and onload event handler

  • ~1 min read

์ง€์ง€๋‚œ์ฃผ์ธ๊ฐ€.. ํŠธ์œ„ํ„ฐ ๋ณด๋‹ค๊ฐ€ ๋ˆˆ์— ๋“ค์–ด์˜จ XSS Payload๊ฐ€ ์žˆ์–ด ๊ณต์œ ๋“œ๋ฆฝ๋‹ˆ๋‹ค. (ํฌ์ŠคํŒ…ํ•ด์•ผํžˆ๊ณ  ๋”ฐ๋กœ ์จ๋†“๊ณ , ์ด์ œ์•ผ ๊ธ€๋กœ ์“ฐ๋„ค์š”..)

Read More

postMessage XSS on HackerOne(by adac95) Review

  • 1 min read

์ฃผ์ค‘์— HackerOne ๋ฆฌํฌํŠธ ๋’ค์ ๋’ค์  ์ฐพ์•„๋ณด๋‹ค๊ฐ€ postMessage๋ฅผ ์ด์šฉํ•œ DOM Base XSS๊ฐ€ ์žˆ์–ด ๊ณต์œ ์ฐจ ๊ธ€ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Bypass SSRF Protection using HTTP Redirect

  • 1 min read

์˜ค๋Š˜๋„ SSRF ์šฐํšŒ ํŒจํ„ด ์ •๋ฆฌํ•ด๋ด…๋‹ˆ๋‹ค. ์ž์ฃผ ์“ฐ๋˜ ๋ฐฉ๋ฒ• ์ค‘ ํ•˜๋‚˜์ธ๋ฐ ์ตœ๊ทผ์— ์ œ๋Œ€๋กœ ๋จนํ˜€์„œ ๊ธฐ๋ถ„์ด ์ข‹๋„ค์š”. ๋ณ„๋‹ค๋ฅธ๊ฑด ์•„๋‹ˆ๊ณ  HTTP Redirect๋ฅผ ์ด์šฉํ•œ ์šฐํšŒ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค.

Read More

Compiler Bomb!

  • 1 min read

Compiler Bomb๋ผ๊ณ  ๋“ค์–ด๋ณด์…จ๋‚˜์š”? ์ทจ์•ฝ์  ๋ถ„์„ ํ•˜๋‹ค๊ฐ€ ์•Œ๊ฒŒ๋œ ๋ถ€๋ถ„์ธ๋ฐ, ์ข…์ข… ์ƒํ™ฉ์— ๋”ฐ๋ผ ํ…Œ์ŠคํŒ…์ด ํ•„์š”ํ•  ์ˆ˜๋„ ์žˆ์–ด์„œ ๊ฐ„๋žตํ•˜๊ฒŒ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค.

Read More

DOMAIN CNAME๊ณผ A Record๋ฅผ ์ด์šฉํ•˜์—ฌ SSRF ์šฐํšŒํ•˜๊ธฐ

  • 1 min read

โš ๏ธ SSRF์— ๋Œ€ํ•œ ๊ณต๊ฒฉ/์šฐํšŒ๋ฐฉ์•ˆ/๋Œ€์‘๋ฐฉ์•ˆ ๋“ฑ์€ Cullinan ํŽ˜์ด์ง€๋ฅผ ํ†ตํ•ด ๊ด€๋ฆฌํ•˜๊ณ  ์žˆ์Šต๋‹ˆ๋‹ค. ๋” ์ž์„ธํ•œ ์ •๋ณด๋ฅผ ์–ป๊ณ  ์‹ถ์œผ์‹œ๋‹ค๋ฉด Cullinan > SSRF ํŽ˜์ด์ง€๋กœ ์ ‘๊ทผ ๋ถ€ํƒ๋“œ๋ ค์š”. ์ฐธ๊ณ ๋กœ Cullinan > SSRF ๊ฐ€ ํ›จ์”ฌ ๋งŽ์€ ๋ฐ์ดํ„ฐ์™€ ์ตœ์‹ ํ™”๋œ ์ •๋ณด๋ฅผ ๋‹ค๋ฃน๋‹ˆ๋‹ค.

Read More

Custom Scheme API Path Manipulation๊ณผ ํŠธ๋ฆญ์„ ์ด์šฉํ•œ API Method ๋ณ€์กฐ

  • 2 min read

์•ฑ์„ ํ…Œ์ŠคํŠธ ํ•˜๋‹ค๋ณด๋ฉด Custom Scheme์—์„œ ๋ฐœ์ƒํ•œ API ์š”์ฒญ ์ค‘ ์ผ๋ถ€์— ๋Œ€ํ•ด ์ฃผ์†Œ ๋ณ€์กฐ๋‚˜ API ๋กœ์ง์„ ๋ฐ”๊ฟ€ ์ˆ˜ ์žˆ๋Š” ๋ถ€๋ถ„์ด ์žˆ์„ ๋•Œ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค๋งŒ ์‹ค์ œ๋กœ ์ค‘์š”ํ•œ ์š”์ฒญ๋“ค์€ RESTful ํ•˜๋‹ค๋ฉด POST/PUT/DELETE ๋“ฑ์œผ๋กœ ๊ตฌํ˜„๋˜๋Š”๋ฐ์š”. ์›น์„ ์ปจํŠธ๋กคํ•  ์ˆ˜ ์žˆ๋Š” ์•ฑ ์Šคํ‚ด๋“ค์€ ๋ณดํ†ต GET ์š”์ฒญ์œผ๋กœ ๊ฐ•์ œ๋˜๊ธฐ ๋•Œ๋ฌธ์— ์šฐ๋ฆฌ๋ฅผ ๋ถˆํŽธํ•˜๊ฒŒ ํ•˜๊ณค ํ•ฉ๋‹ˆ๋‹ค.

Read More

Jenkins RCE Vulnerability via NodeJS(using metasploit module)

  • 3 min read

์ตœ๊ทผ์— ๋”ฐ๋กœ ๋ดค์—ˆ๋˜ ๋‚ด์šฉ์ธ๋ฐ, ํ†ก๋ฐฉ์œผ๋กœ ๊ด€๋ จ ๋‚ด์šฉ ๊ณต์œ (https://pentest.com.tr/exploits/Jenkins-Remote-Command-Execution-via-Node-JS-Metasploit.html )๋ฐ›์•„ ์ด์ฐธ์— ๋ธ”๋กœ๊ทธ ํฌ์ŠคํŒ…์œผ๋กœ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

MIME Types of script tag (for XSS)

  • 1 min read

XSS ํ…Œ์ŠคํŠธ ๋„์ค‘์— ์ด๋Ÿฐ ์ผ€์ด์Šค๊ฐ€ ์žˆ์—ˆ๋Š”๋ฐ, ์‹คํ–‰์ด ์•ˆ๋ฌ์—ˆ์Šต๋‹ˆ๋‹ค..

Read More

ClusterFuzz - scalable fuzzing infrastructure(On Google)

  • 2 min read

ํŠธ์œ— ๋ณด๋‹ค๊ฐ€ kitploit์— ๋ˆˆ๊ธธ๊ฐ€๋Š” ํˆดํ•˜๋‚˜ ์˜ฌ๋ผ์™€์„œ ๊ฐ„๋žตํ•˜๊ฒŒ ์ •๋ฆฌํ•ด๋ด…๋‹ˆ๋‹ค. ClusterFuzz๋ผ๋Š” ๋„๊ตฌ๋กœ Google์—์„œ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ๋Š” ํผ์ง• ์ธํ”„๋ผ(?) ๋ผ๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

CSP(Content-Security-Policy) Bypass technique

  • 6 min read

โš ๏ธ CSP Bypassing์— ๋Œ€ํ•œ ๊ธฐ์ˆ ์€ Cullinan > XSS > Bypass CSP์— ํ•œ๋ฒˆ์— ์ •๋ฆฌํ•˜๊ณ  ๊ด€๋ฆฌํ•ฉ๋‹ˆ๋‹ค. ํ•ด๋‹น ๊ธ€์ด ํ›จ์”ฌ ์ตœ์‹ ์ด๋‹ˆ ์ฐธ๊ณ  ๋ถ€ํƒ๋“œ๋ ค์š”!

Read More

APT package manager RCE(Bypass file signatures via CRLF Injection / CVE-2019-3462)

  • 3 min read

์ตœ๊ทผ์— apt ํŒจํ‚ค์ง€ ๋งค๋‹ˆ์ € ๊ด€๋ จํ•ด์„œ RCE ์ทจ์•ฝ์ ์ด ๋‚˜์™”์—ˆ์Šต๋‹ˆ๋‹ค. ๋ฌผ๋ก  ์‰ฝ๊ฒŒ ๊ณต๊ฒฉ ๊ฐ€๋Šฅํ•œ ์กฐ๊ฑด์€ ์•„๋‹ˆ๋ผ ์•„์ฃผ์•„์ฃผ์•„์ฃผ์•„์ฃผ ํฌ๋ฆฌํ‹ฐ์ปฌํ•˜์ง„ ์•Š์ง€๋งŒ, ๊ทธ๋ž˜๋„ ๋ฐ๋น„์•ˆ ๊ณ„์—ด ๋ฐฐํฌํŒ์—์„  ๋ฌด์กฐ๊ฑด์ ์œผ๋กœ ์“ฐ์ด๋Š” ํŒจํ‚ค์ง€ ๊ด€๋ฆฌ ํˆด์ด๊ธฐ ๋–„๋ฌธ์— ์—ฌํŒŒ๊ฐ€ ์ข€ ์žˆ์—ˆ๋˜ ๊ฒƒ ๊ฐ™์Šต๋‹ˆ๋‹ค.

Read More

PHP Hidden webshell with carriage return(\r, hack trick)

  • 1 min read

์˜ค๋Š˜ ์•„์นจ์— ์ทจ์•ฝ์  ๋ช‡๊ฐœ ๋ถ„์„ํ•˜๊ณ  ๋ณด๋‹ค๊ฐ€ ํŠธ์œ„ํ„ฐ์—์„œ ์žฌ๋ฏธ์žˆ๋Š”๊ฑธ ๋ฐœ๊ฒฌํ–ˆ์Šต๋‹ˆ๋‹ค. PHP Hidden webshell ์ด๋ž€ ๋‚ด์šฉ์œผ๋กœ ์˜ฌ๋ผ์˜จ ๊ธ€์ธ๋ฐ, ๊ฐ„๋‹จํ•œ ํŠธ๋ฆญ์ด์ง€๋งŒ ์ €๋ ‡๊ฒŒ ๋ ๊ฑฐ๋ž€ ์ƒ๊ฐ ์กฐ์ฐจ ์•ˆํ•˜๊ณ  ์žˆ์—ˆ๋„ค์š”.. (๋‚ด๊ฐ€ ํ•œ์‹ฌ..) (์—ญ์‹œ ๋ธŒ๋ฃจํŠธ๋กœ์ง https://twitter.com/brutelogic/status/1087723868532469763 )

Read More

Metasploit-framework 5.0 Review

  • 2 min read

์ง€๋‚œ ๋ชฉ์š”์ผ Rapid7 ๋ธ”๋กœ๊ทธ์— ๊ธ€์ด ํ•˜๋‚˜ ์˜ฌ๋ผ์™”์Šต๋‹ˆ๋‹ค. ๋ฐ”๋กœ msf 5.0 ์ฆ‰ major ๋ฒ„์ „ ์—…๋ฐ์ดํŠธ์— ๋Œ€ํ•œ ์ด์•ผ๊ธฐ์ž…๋‹ˆ๋‹ค. ํฐ ์—…๋ฐ์ดํŠธ์ธ๋งŒํผ ์–ด๋–ค์ ๋“ค์ด ๋ฐ”๋€Œ๋Š”์ง€ ์‚ดํŽด๋ณด๋„๋ก ํ•˜์ฃ .

Read More

Hashicorp Consul - RCE via Rexec (Metasploit modules)

  • 1 min read

์•„์นจ์— ์ถœ๊ทผ๊ธธ์— edb ๋ณด๋˜ ์ค‘ hashicorp์—์„œ ์ œ๊ณตํ•˜๋Š” consul์— ๋Œ€ํ•œ metasploit rce ์ฝ”๋“œ๊ฐ€ ์˜ฌ๋ผ์™€์„œ ํ•ด๋‹น ๋‚ด์šฉ์œผ๋กœ ๊ธ€ ์ž‘์„ฑํ•ด ๋ด…๋‹ˆ๋‹ค. ๋…ํŠนํ•œ ์ด์Šˆ๋‚˜ ์ž„ํŒฉํŠธ ์žˆ๋Š” ๊ฑด์€ ์•„๋‹ˆ์ง€๋งŒ, ๊ทธ๋ƒฅ ๊ด€์‹ฌ์žˆ๋Š” ํˆด์— ๋‚˜์˜จ ๋ถ€๋ถ„์ด๋ผ ๊ทธ๋ƒฅ..๊ทธ๋ƒฅ๊ทธ๋ƒฅ ์ •๋ฆฌํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

PocSuite - PoC ์ฝ”๋“œ ํ…Œ์ŠคํŒ…์„ ์ฒด๊ณ„์ ์œผ๋กœ ์‰ฝ๊ฒŒ ํ•˜์ž!

  • 6 min read

knownsec์—์„œ ๋งŒ๋“  Pocsuite๋ผ๋Š” ์žฌ๋ฏธ์žˆ๋Š” ํˆด(+๋ผ์ด๋ธŒ๋Ÿฌ๋ฆฌ)์ด ์žˆ์Šต๋‹ˆ๋‹ค. ํ™œ์šฉํ•˜๊ธฐ์— ๋”ฐ๋ผ ํ…Œ์ŠคํŒ…์„ ๋งŽ์ด ํŽธ๋ฆฌํ•˜๊ฒŒ ํ•ด์ค„ ์ˆ˜ ์žˆ๋Š”๋ฐ์š”, ๊ฐ„๋žตํ•˜๊ฒŒ ์†Œ๊ฐœํ•ด๋“œ๋ฆด๊นŒ ํ•ฉ๋‹ˆ๋‹ค.

Read More

Web Cache Poisoning Attack, ๋‹ค์‹œ ์žฌ์กฐ๋ช… ๋ฐ›๋‹ค(with Header base XSS)

  • 3 min read

Cache Posoning Attack์€ ๊พ€๋‚˜ ์ „ํ†ต์ ์ธ? ๊ณต๊ฒฉ ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. Cache์— ๊ณต๊ฒฉ์ž๊ฐ€ ์˜๋„ํ•œ ๋ฐ์ดํ„ฐ๋ฅผ ๋‚จ๊ฒจ ๋‹ค๋ฅธ ์‚ฌ์šฉ์ž๋กœ ํ•˜์—ฌ๊ธˆ ๋น„์ •์ƒ์ ์ธ ์š”์ฒญ์„ ์ˆ˜ํ–‰ํ•˜๊ฒŒ ํ•˜์ฃ . (๋Œ€ํ‘œ์ ์œผ๋กœ DNS Cache Poisoning)

Read More

ZAP Add-on before/from-version ๋ณ€๊ฒฝํ•˜์—ฌ ์„ค์น˜ํ•˜๊ธฐ(์ตœ์†Œ ์ง€์›๋ฒ„์ „์œผ๋กœ ์„ค์น˜ ๋ถˆ๊ฐ€ํ•œ ๊ฒฝ์šฐ)

  • ~1 min read

ZAP AddOn ์„ค์น˜ ์‹œ ZAP์˜ ์ตœ์†Œ ์ง€์› ๋ฒ„์ „์œผ๋กœ ์ธํ•ด ์„ค์น˜ ๋ชปํ•˜๋Š” ๊ฒฝ์šฐ๊ฐ€ ์žˆ์Šต๋‹ˆ๋‹ค. ์˜ˆ๋ฅผ ๋“ค๋ฉด alpha ๋ฒ„์ „์šฉ์ธ๋ฐ, release์—” ํฌํ•จ์•ˆ๋˜๊ณ , market์—๋„ ๋“ฑ๋ก ์•ˆ๋œ ๊ฒฝ์šฐ ๊ฐ„๋‹จํ•˜๊ฒŒ Add-on์˜ ์„ค์ • ํŒŒ์ผ์„ ๋ฐ”๊ฟ”์ค˜์„œ ๊ฐ•์ œ๋กœ ๋กœ๋“œํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Read More

ZAP Java ๋ฒ„์ „ ๋ฐ”๊ฟ”์น˜๊ธฐ(Change Java version for fixed ssl error on ZAP)

  • 1 min read

ZAP HUD ํ…Œ์ŠคํŠธํ•œ๋‹ค๊ณ  alpha ๋ฒ„์ „ ์˜ฌ๋ ธ์—ˆ๋Š”๋ฐ, macOS ์—์„  ์ธ์•ฑ ๋ธŒ๋ผ์šฐ์ €๋กœ ํŠน์ • ์‚ฌ์ดํŠธ ์ ‘๊ทผ ์‹œ SSL ๊ด€๋ จ ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ•ด์„œ ์‚ฝ์งˆํ–ˆ๋˜๊ฑฐ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค. Linux๋Š” ๋ณ„ ๋ฌธ์ œ ์—†๋˜ ๊ฑธ๋กœ ๋ณด์•„.. macOS์™€ ์—ฐ๊ด€๋œ ๋ฌธ์ œ์ธ๊ฐ€๋ณด๋„ค์š”.

Read More

OWASP ZAP์˜ New interface! ZAP HUD ๐Ÿฅฝ

  • 1 min read

์˜ˆ์ „์— ZAP์ชฝ ํŠธ์œ—๋ณด๊ณ  ํŠธ์œ„ํ„ฐ๋กœ ๊ณต์œ ํ•ด๋‘์—ˆ๋˜๊ฒŒ ์žˆ์—ˆ๋Š”๋ฐ, ์ตœ๊ทผ @Dakkar Key์˜ ๋ฉ˜์…˜์œผ๋กœ ๊ธ‰ ์ƒ๊ฐ๋‚˜์„œ ๊ธ€๋กœ ์ •๋ฆฌํ•ด๋‘ก๋‹ˆ๋‹ค. ๊ทธ๋• ์ •๋ง ๋งŽ์ด ๋Œ€์ถฉ ๋ด์„œ ํ™•ํ•˜๊ฒŒ ๋ญ”์ง€ ๋ชฐ๋ž์—ˆ๋Š”๋ฐ, ์ฐพ์•„๋ณด๋‹ˆ ์ƒ๊ฐ๋ณด๋‹ค ์ข‹์€ ๋„๊ตฌ์ธ ๊ฒƒ ๊ฐ™๋„ค์š”.

Read More