|

»

»

Penetration Testing

Surf Jack - HTTPS will not save you

View: New views

4 Messages — Rating Filter: Alert me

	Surf Jack - HTTPS will not save you by publists :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Say hello to a new security tool called Surf Jack which demonstrates a security flaw found in various public sites. The proof of concept tool allows testers to steal session cookies on HTTP and HTTPS sites that do not set the Cookie secure flag. Tool: http://surfjack.googlecode.com/ Short paper: http://resources.enablesecurity.com/resources/Surf%20Jacking.pdf Screencast: http://www.vimeo.com/1507697 This research was done independently from Mike Perry's[1], but it appears to be effectively the same thing. [1] https://www.defcon.org/html/defcon-16/dc-16-speakers.html#Perry -- Sandro Gauci EnableSecurity Web: http://enablesecurity.com/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
	EIGRP route insertion tool by JB-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Does anyone know of a tool that could be used to insert EIGRP routes into a network? Yes I know I can buy a cheap 1700 series router to do this, but I like to travel light, and would prefer a sofware solution. JB ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
	RE: EIGRP route insertion tool by Leif Sawyer :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message JB wrote: > Does anyone know of a tool that could be used to insert EIGRP > routes into a network? Yes I know I can buy a cheap 1700 > series router to do this, but I like to travel light, and > would prefer a sofware solution. There's a software emulator out there called Dynamips that supports 2691/3725/3745/36xx/7200(NPE 100-400) series routers. that would seem to fit the bill, as it can interface with physical ethernet interfaces. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
	Re: EIGRP route insertion tool by Kurt Buff :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, Aug 14, 2008 at 4:19 AM, JB <pentest@...> wrote: > Does anyone know of a tool that could be used to insert EIGRP routes into > a network? Yes I know I can buy a cheap 1700 series router to do this, but > I like to travel light, and would prefer a sofware solution. > > JB Haven't tried it, but perhaps Vyatta, or something like it, in a VM might do the trick... Kurt ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------

LightInTheBox - Buy quality products at wholesale price!