Recent News
Handy Collaborator – Because Burp Suite Collaborator is useful also during manual testing!
Hi! Today I will show you a new Burp Suite plugin, Handy Collaborator, that the…
Tracing arbitrary Methods and Function calls on Android and iOS
I have published two new Frida instrumentation scripts to facilitate reverse engineering of mobile apps.…
Detection payload for the new Struts REST vulnerability (CVE-2017-9805)
Hi! I built a new payload useful for the detection of the presence of the…
Brida: Advanced Mobile Application Penetration Testing with Frida
Introduction Brida is a Burp Suite Extension that, working as a bridge between Burp Suite…
Universal Android SSL Pinning bypass with Frida
Android SSL Re-Pinning Two kinds of SSL Pinning implementations can be found in Android apps:…
Reliable discovery and exploitation of Java deserialization vulnerabilities
Introduction Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris…
Fiddler: NTLM authentication when Burp Suite fails
Recently, we tested a Web application with NTLM authentication. The authentication works correctly with any browser,…