Hi! I just released version 0.6 of Java Deserialization Scanner! The first improvement is the addition of URLDNS gadget, that is an active check that detects Java deserialization on the…
After quite a lot of hours of work, Brida 0.4 is finally out! Brida 0.4 should have been presented at Hack In Paris 2020 but, due to the postponement of…
Hi! Here you can download the slides of my talk presented at HackInBo 2017 Winter Edition named "Advanced mobile penetration testing with Brida". Federico Dotta - Advanced mobile penetration testing…
Hi! Today I will show you a new Burp Suite plugin, Handy Collaborator, that the colleague of mine Gianluca and I wrote in order to make it possible to use…
Introduction Brida is a Burp Suite Extension that, working as a bridge between Burp Suite and Frida, lets you use and manipulate applications’ own methods while tampering the traffic exchanged…
Introduction Java deserialization vulnerabilities were discovered and disclosed in January 2015 by Gabriel Lawrence and Chris Frohoff. These serious vulnerabilities arise from the way in which Java deserializes serialized objects (see…
Recently, we tested a Web application with NTLM authentication. The authentication works correctly with any browser, but failed when inserting Burp Suite in the middle (with NTLM suitably configured). Sniffing with…
