Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @joohoi
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @joohoi
-
Prikvačeni tweet
ffuf 1.0 released! phew, this is a big one. Feature highlights in this thread Huge thanks for all the contributors, and special thanks to
@codingo_ for pulling off a feature bounty and@Ice3man543 for fulfilling it in a record time (and contributing said bounty to charity).Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
ffuf -w all.txt -u https://deepthought.hhg2g -X POST -d 'FUZZ' -mr '42'
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Joona proslijedio/la je Tweet
Interesting Facebook company open redirect: http://view.atdmt.com/action/ <put anything here>?href=<any url> e.g. http://view.atdmt.com/action/click_for_free_kittens?href=http://netsec.expert … Already reported but they showed no interest in it, so full disclosure it is.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There's a new repository for payload generators and helper scripts for ffuf. I wrote a HTTP basic authentication payload generator as an example. Contributions are more than welcome, it's show & tell time!https://github.com/ffuf/ffuf-scripts …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This feature had a bug, where using it would make matchers and filters fail. It's now fixed in the master branch though.https://twitter.com/joohoi/status/1222656592157474818 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The refined help text is definitely my favorite improvement in the last release. It's actually readable now :) https://github.com/ffuf/ffuf#usage https://twitter.com/joohoi/status/1222659692796817410 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Joona proslijedio/la je Tweet
We are celebrating Ffuf 1.0 release!
@joohoi got a bubbly and preaching gospel of Ffuf#citysecpic.twitter.com/Wqt72c3OpJ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The help text (and usage examples!) got refined and are no longer a trash fire, enjoy! The -sa (stop on any error) flag now takes 429 responses into account as well.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Smaller stuff: if any matcher is defined (-mc, -ms, -mw, -ml, -mr), the default -mc value is ignored. This caused confusion in users previously. Output JSON file now stores the configuration structure, if you want to figure out all the parameters later on.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Want to catch reflections? The regex matcher & filter now support the keywords too. To match all reflected inputs: ffuf -u https://example.org/?param=FUZZ -w wordlist.txt -mr "FUZZ"
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
We all love Burp suite by
@PortSwigger , right? Want to send over all the ffuf job matches to Burp? Easy with -replay-proxy ffuf -u https://example.org/FUZZ -w wordlist.txt -replay-proxy http://127.0.0.1:8080 If you ffuf on remote box, this totally works through ssh tunnels too!Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you use ffuf in automation, and got frustrated when hitting a s-l-o-w server, making the ffuf job to block the automation - now you can use -maxtime, which will terminate the ffuf job after a certain duration. ffuf -u https://example.org/FUZZ -w wordlist.txt -maxtime 360
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ffuf now supports recursion as well! ffuf -u https://example.org/FUZZ -w wordlist.txt -recursion -recursion-depth 4
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you want to save all matched requests and responses to a file, you can use a new flag -od (output directory). All matches will be written to a file with accompanying request within that directory. ffuf -u https://example.org/FUZZ -w wordlist.txt -od output_files/
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The feature mentioned in the first tweet was support for parsing requests from files to ffuf options. You can now store a request to a file, define the FUZZ keywords as you are used to, and run ffuf: ffuf -request req_file.txt -request-proto https -w wordlist.txt
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Joona proslijedio/la je Tweet
I just published an exposé for
@EFF on@ring's trackers in Android. In short: lots of info to multiple third parties.https://www.eff.org/deeplinks/2020/01/ring-doorbell-app-packed-third-party-trackers …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Joona proslijedio/la je Tweet
Here's a cool trick to break out of AppLocker in Citrix environment: 1. Open a dummy RTF file in wordpad 2. Add ftp.exe as an object 3. Click to open ftp (or other similar apps) 4. ftp>!{commmand/app to run} for example: ftp>!cmd <-- blocked? ftp>!powershell <-- not blocked?:)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Joona proslijedio/la je Tweet
To process JSON results output by ffuf you can use the jq tool. You can use a bash alias similar to below depending on your needs: alias jqffuf="jq -r '.results[] | [.url,.redirectlocation,.status,.length] | \"\(.[0]) -> \(.[1]) \(.[2]) \(.[3])\"'"
#bugbounty#bugbountytiphttps://twitter.com/ngkogkos/status/1218725174561968128 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Joona proslijedio/la je Tweet
If you want to fuzz sequential numbers when looking for
#IDOR, you can easily do this with#ffuf. Here's a real (sanitised) example in bash: $ seq 1000 8000 | ffuf -u https://www.example.com/images/avatars/FUZZ.png … -o ffuf_idor.txt -v -w -#bugbounty#bugbountytipHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Joona proslijedio/la je Tweet
NEW: We examined in detail how 10 popular smartphone apps secretly share extensive personal information with at least 135 companies, systematically breaking EU data protection law. This must end. Two massive reports + legal complaints against 6 companies: https://www.forbrukerradet.no/side/new-study-the-advertising-industry-is-systematically-breaking-the-law/ …pic.twitter.com/TrSAsSoC2p
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.