Application News – Application Security Weekly #50

    In the Application Security News, Many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, Most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads! News Bugs, Breaches, […]
The post Application News – Application Security Weekly #50 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/PQM3QVuh9UM/

Bugs, Breaches, and More! – Application Security Weekly #48

    Concerns about WordPress’ new “White Screen of Death”, Google Chrome changes could ‘destroy’ ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, Websites can steal browser data via extensions APIs, a Fortnite security issue would have granted hackers access to accounts, and more! News Bugs, Breaches, and More! Concerns raised about WordPress’ […]
The post Bugs, Breaches, and More! – Application Security Weekly #48 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/vBqDIFublWI/

Hatch – Tool To Brute Force Most Websites

Hatch is a brute force tool that is used to brute force most websitesInstallation Instructionsgit clone https://github.com/MetaChar/Hatchpython2 main.pyRequirementspip2 install seleniumpip2 install pyvirtualdisplaypip2 install requestssudo apt-get install xserver-xephyrchrome driver and chrome are also required! link to chrome driver: http://chromedriver.chromium.org/downloads copy it to bin!How to use (text)1). Find a website with a login page2). Inspect element to find the Selector of the username form3). Do the same for the password field4). The the login form5). When Asked put in the username to brute force6). Watch it go!How to use (Video)Download Hatch

Link: http://www.kitploit.com/2018/12/hatch-tool-to-brute-force-most-websites.html

SharpWeb – .NET 2.0 CLR Project To Retrieve Saved Browser Credentials From Google Chrome, Mozilla Firefox And Microsoft Internet Explorer/Edge

SharpWeb is a .NET 2.0 CLR compliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers.UsageUsage: .\SharpWeb.exe arg0 [arg1 arg2 …]Arguments: all – Retrieve all Chrome, FireFox and IE/Edge credentials. full – The same as ‘all’ chrome – Fetch saved Chrome logins. firefox – Fetch saved FireFox logins. edge – Fetch saved Internet Explorer/Microsoft Edge logins.Example: Retrieve Edge and Firefox Credentials.\SharpWeb.exe edge firefoxExample: Retrieve All Saved Browser Credentials.\SharpWeb.exe allStanding on the Shoulders of GiantsThis project uses the work of @plainprogrammer and his work on a compliant .NET 2.0 CLR compliant SQLite parser, which can be found here. In addition, @gourk created a wonderful ASN parser and cryptography helpers for decrypting and parsing the FireFox login files. It uses a revised version of his work (found here) to parse these logins out. Without their work this project would not have come together nearly as quickly as it did.Download SharpWeb

Link: http://feedproxy.google.com/~r/PentestTools/~3/rfzjbjrQBAI/sharpweb-net-20-clr-project-to-retrieve.html

How To Add Startup Password in Google Chrome

Are you worried about the stored password in your browser? If you have a habit of storing passwords in the browser, there is a possibility that someone having access to your system can misuse your online accounts by that saved password. Not just your saved password, but other people can check your download history and web history. This […]
The post How To Add Startup Password in Google Chrome appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/vyeqUPqScYk/how-to-add-startup-password-in-google.html

BFuzz – Fuzzing Browsers (Chrome & Firefox)

BFuzz is an input based fuzzer tool which take .html as an input, open’s up your browser with a new instance and pass multiple testcases generated by domato which is present in recurve folder of BFuzz, more over BFuzz is an automation which performs same task repeatedly.Run BFuzzwarmachine@ftw:~/BFuzz$ ./generate.shwarmachine@ftw:~/BFuzz$ python BFuzz.py Enter the browser type: 1: Chrome 2: Firefox>>Running python BFuzz.py will ask for option weather to fuzz Chrome or Firefox, however if selected 2 this will open firefox firefox –new-instance and randomly open any of the testcase from recurve create the logs on the terminal wait for 3 seconds again it will open firefox and the same process continue so on.BFuzz is a small .py script which enable’s to open browser run testcase for 12 seconds then close wait for 3 seconds and again follow the same process.DomatoThe testcase’s in recurve are generated by domato generator.py contains the main script. It uses grammar.py as a library and contains additional helper code for DOM fuzzing.grammar.py contains the generation engine that is mostly application-agnostic and can thus be used in other (i.e. non-DOM) generation-based fuzzers. As it can be used as a library, its usage is described in a separate section below..txt files contain grammar definitions. There are 3 main files, html.txt, css.txt and js.txt which contain HTML, CSS and JavaScript grammars, respectively. These root grammar files may include content from other files.Bug showcaseEpiphany Web 3.28.1: CVE-2018-11396Mozilla Firefox: Stack based buffer overflow bug ID: 1456083 [Went DUPLICATE]View in actionDownload BFuzz

Link: http://feedproxy.google.com/~r/PentestTools/~3/BJ3Z7SCBzDI/bfuzz-fuzzing-browsers-chrome-firefox.html

Bing, Chrome, and Docker API – Hack Naked News #195

A one-liner exploit for X, the danger of searching for Chrome in Bing, exposing your Docker API, you can find sensitive data in the cloud, exploit users by embedded videos in Word documents, dead web apps, hacking BGP routes, a new DHCP vulnerability and hacking your brain! Security News Easy-to-exploit privilege escalation bug bites OpenBSD […]
The post Bing, Chrome, and Docker API – Hack Naked News #195 appeared first on Security Weekly.

Link: http://feedproxy.google.com/~r/securityweekly/Lviv/~3/ai6-5musK64/