Tools

BurpParamFlagger: Identifying Possible SSRF/LFI Insertion Points

I’ve been very busy these past few months, leaving little time to hack. I’m very glad to be back at it. I decided to write my first Burp extension—since it seems to be working quite nicely for me, I thought I’d share it! The extension, BurpParamFlagger, adds a passive scan Read more…

By Allyson O'Malley, 4 years4 years ago

Tools

Discover Blind Vulnerabilities with DNSObserver: an Out-of-Band DNS Monitor

I’ve been working on a few small projects while learning Go, and this one turned out to be useful enough that I thought I’d go ahead and publish it. For the first time, this post is not about iOS! DNSObserver is a handy DNS service written in Go to aid Read more…

By Allyson O'Malley, 5 years5 years ago