amotmot

The Web Application Hacker's Handbook

Web Application Hacker's Handbook Task checklist as a Github-Flavored Markdown file

Contents

• Recon and analysis
• Test handling of access
• Test handling of input
• Test application logic
• Assess application hosting
• Miscellaneous tests

nathwill

#       $OpenBSD: pf.conf,v 1.52 2013/02/13 23:11:14 halex Exp $
#
# See pf.conf(5) for syntax and examples.
#
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

### Macros

# system

cetanu

b.barracudacentral.org
bl.deadbeef.com
bl.emailbasura.org
bl.spamcannibal.org
bl.spamcop.net
blackholes.five-ten-sg.com
blacklist.woody.ch
bogons.cymru.com
cbl.abuseat.org
cdl.anti-spam.org.cn

mattiaslundberg

# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

# Set swedish keymap

keithamus

var app = require('express')(),
    fs = require('fs');
var headers = [];
app.get('/', function (req, res) {
    headers.push(req.headers);
    res.json(req.headers);
});
setInterval(function () {
    fs.writeFileSync('headers.json', JSON.stringify(headers));
}, 10000);

grugq

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

   Undercover communication

   It should be obvious by now, that the only way to communicate 
   stealthily and securely is to avoid raising suspicion to the 
   level at which the authorities might consider it worthwhile 
   to put you under active surveillance (e.g., park a van with 
   TEMPEST equipment by your apartment). 

teffalump

Others have recently developed packages for this same functionality, and done it better than anything I could do. Use the packages instead of this script:

• Gargoyle package by @lantis1008

• OpenWRT package by @dibdot

Description

In its basic usage, this script will modify the router such that blocked addresses are null routed and unreachable. Since the address blocklist is full of advertising, malware, and tracking servers, this setup is generally a good thing. In addition, the router will update the blocklist weekly. However, the blocking is leaky, so do not expect everything to be blocked.

plentz

# to generate your dhparam.pem file, run in the terminal
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048

h4rm0n1c

This is a script for setting up a small, debian based device that applies IP Blocklists to your internet connection.

This device is intended to operate transparently and quietly, entirely on your local network. it is NOT designed to be exposed to the internet. it works best plugged straight into your FIREWALLED, NATTED modem.

Plug eth0 into your router/modem/cablebox/pidgeon, eth1-3 can go to your clients. This device should require little to no config once set up. P2P style blocklists that are gzipped are downloaded, merged with any cached or local blocklists, and then swapped out with the existing lists once a day. I used Debian Wheezy (7.1) for this, it works EXTREMELY WELL.

ericmjonas

From: MIT Free Group <[email protected]>
Date: Wed, Sep 18, 2013 at 9:07 PM
Subject: The NSA is coming to MIT!
To: MIT Free Group <[email protected]>


Do you think the NSA is doing a good job of spying on Americans? Come
make your voice heard! Come to 66-144 tomorrow (Thursday, 9/19) 5:30
and participate by asking pointed questions like: