malerisch.net

As part of my research and talk titled " Augmented Reality in your web proxy " presented during the HackPra AllStars program / OWASP AppSec EU 2013   security conference in Hamburg, I decided to release a new Burp Pro extension which integrates  Crawljax , Selenium and JUnit . I decided to take this approach to increase application spidering coverage (especially for Ajax web apps), speed up complex test-cases and take advantage of the Burp Extender API . Downloads BurpCSJ extension JAR - download (all dependencies included) BurpCSJ source code - github "Augmented Reality in your web proxy" - presentation (slideshare) Getting started Download BurpCSJ ; Load BurpCSJ extension jar via the Extender tab; Choose the URL item from any Burp tab (e.g. target, proxy history, repeater);  Right click on the URL item; Choose menu item "Send URL to Crawljax"; Crawljax will automatically start crawling the URL that you choose. Tutorials

A couple of weeks ago I have found myself working on a CSRF File Upload Proof-of-Concept (PoC) for a bug I have found in an Oracle product. I remember that Krzysztof Kotowicz did some research on a similar PoC not long time ago. A quick Google search brought me to his article on invisible arbitrary file upload in Flickr. So instead of reinventing the wheel, I have tried to use his PoC code available here . Unfortunately, the code was not working in my case and I was unsure whether that was depending on the browsers I was using (Firefox 8.0.1 and Chrome 15.0.874.121) and/or on the vulnerable application itself. Consequently, I have spent some time to come up with a PoC (or probably a good term would be a collage ) which would work in my case. The technique used is the same illustrated in Kotowicz's research and more information can be found here . In few words, the exploitation process is divided in two steps: 1) Use XHR to get a binary file and store it as a JavaScript object;