Write-up
How to Intercept Traffic from Proxy Unaware Application Using DNSChef
In this blog, we will dive into an interesting method for intercepting traffic from applications implementing SSL Pinning and applications that do not respect system proxies. Xamarin, for instance, relies on the ...
Execution of Arbitrary JavaScript in Android Application
In this blog, we will learn about the possible ways to find cross-site scripting by abusing JavaScript in Android applications. Cross-site scripting (XSS) in an Android application occurs when an attacker successfully ...
How contact forms can be exploited to conduct large scale phishing activity?
A contact form for customer inquiries is one of the most common features present on the websites of most companies. It provides an easy way for prospective customers to get in touch ...
PDF Generator’s Eternal Bond with SSRF
As part of the Application Security Assessment, we have come across the vulnerability Server Side Request Forgery (SSRF) using HTML Injection, via PDF and image generator. As the vulnerability name suggests, an ...
Solving the November 13th Detective Nevil Mystery Challenge
Overview Each week on Friday, we post a social media challenge known as “Detective Nevil Mystery Challenge”. On November 13th of 2020, we released a challenge that contained a payload and it ...
Solving the November 13th Detective Nevil Mystery Challenge
Overview Each week on Friday, we post a social media challenge known as “Detective Nevil Mystery Challenge”. On November 13th of 2020, we released a challenge that contained a payload and it ...
