Sir Collins

342 posts

Sir Collins banner
Sir Collins

Sir Collins

@lane7550

Web Application Security

Earth Katılım Ekim 2023
130 Takip Edilen44 Takipçiler
Sir Collins
Sir Collins@lane7550·
So part 2 was cut into two halves due to my thread containing the SQL injection literal (I've removed it from my thread but can still be seen in the screenshot demonstrating the SQLi attack). X security filters flagged the string twice before i noticed it was the problem.
Sir Collins@lane7550

connection to the server. Suddenly, that opaque ciphertext turned into raw HTTP POST /login request. Testing the Perimeter (Syntax vs. Logic) With the traffic in cleartext, I sent the request to Burp Repeater to stress-test the backend:

English
0
0
0
16
Sir Collins
Sir Collins@lane7550·
The Takeaway: WAFs, ORMs, and TLS are incredible tools, but they cannot protect you from your own flawed business logic. Security is layered, and securing the application layer requires human analysis.
English
0
0
0
5
Sir Collins
Sir Collins@lane7550·
An attacker doesn't even need to read the server's response; they can simply measure the milliseconds to know if an account exists.
English
1
0
0
3
Sir Collins
Sir Collins@lane7550·
1. The SQL Injection Attempt: I injected a classic SQLi payload into the email field. Result? A swift 403 Forbidden. The Cloudflare WAF sitting in front of my Render instance caught the signature and dropped the packet before it even touched Python.
Sir Collins tweet media
Sir Collins@lane7550

connection to the server. Suddenly, that opaque ciphertext turned into raw HTTP POST /login request. Testing the Perimeter (Syntax vs. Logic) With the traffic in cleartext, I sent the request to Burp Repeater to stress-test the backend:

English
1
0
0
35
Sir Collins
Sir Collins@lane7550·
connection to the server. Suddenly, that opaque ciphertext turned into raw HTTP POST /login request. Testing the Perimeter (Syntax vs. Logic) With the traffic in cleartext, I sent the request to Burp Repeater to stress-test the backend:
Sir Collins tweet media
English
0
0
0
73
Sir Collins
Sir Collins@lane7550·
Stripping the TLS Layer By routing my browser through Burp Suite and installing its custom root certificate, I performed a controlled MITM attack on myself. Burp negotiates the TLS handshake with the browser, decrypts the traffic, and then establishes a second secure
English
1
0
0
15
Sir Collins
Sir Collins@lane7550·
Braking My Own HTTPS Tunnel to Find a Critical Logic Flaw In Part 1, we looked under the hood of a TLS 1.3 handshake using Wireshark to see how secure communications are mathematically established. But as an AppSec analyst, that secure tunnel is exactly what I need to bypass.
Sir Collins@lane7550

You use HTTPS daily. But do you actually know what happens under the hood? As a developer or defensive analyst, best practices dictate that you always use HTTPS. But do u understand the mathematical heavy lifting that happens before your first encrypted GET request is even sent?

English
1
0
0
16
Sir Collins
Sir Collins@lane7550·
Stripping the TLS Layer By routing my browser through Burp Suite and installing its custom root certificate, I performed a controlled MITM attack on myself. Burp negotiates the TLS handshake with the browser, decrypts the traffic, and then establishes a second secure
English
0
0
0
13
Sir Collins
Sir Collins@lane7550·
Traditional packet sniffers only see opaque "Application Data" once TLS is active. To audit a web application, you have to break the encryption. Here is how I used a Man-in-the-Middle (MITM) proxy to intercept my own Flask blog's traffic and discovered a logic vulnerability.
English
1
0
0
15
Sir Collins
Sir Collins@lane7550·
Stay tuned for Part 2, where I'll show you how I used Burp Suite to MITM my own connection and discovered a critical Account Enumeration vulnerability hidden behind the cryptography.
English
0
0
0
27
Sir Collins
Sir Collins@lane7550·
But what happens when a security researcher deliberately breaks this encrypted tunnel to audit the application logic inside?
English
1
0
0
16
Sir Collins
Sir Collins@lane7550·
You use HTTPS daily. But do you actually know what happens under the hood? As a developer or defensive analyst, best practices dictate that you always use HTTPS. But do u understand the mathematical heavy lifting that happens before your first encrypted GET request is even sent?
English
1
0
0
48

Keşfet

@elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA @nikifrancismediavine @katyperry