1 / 13

Rendezvous Toolset

Rendezvous Toolset. Web application security http://zeleet.com/security.htm. What is Rendezvous. Web security tools that are on the web Goals Save time Build a clean interface (Based on JQuery) Accessible anywhere Help other pen-testers Limitations

dagan
Télécharger la présentation

Rendezvous Toolset

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Rendezvous Toolset Web application security http://zeleet.com/security.htm

  2. What is Rendezvous • Web security tools that are on the web • Goals • Save time • Build a clean interface (Based on JQuery) • Accessible anywhere • Help other pen-testers • Limitations • Optimized for IE for now (personal project)

  3. Quick walkthrough

  4. Tools

  5. Postforwarder • CSRF POC Helper • What does it do? • Automates x-domain post via link • Linked page auto-submits form to make x-domain post. • Why? • Demonstrates CSRF in POST just as dangerous as GET.

  6. Text Converter • Web Text Converter • What does it do? • Generates Encoded Payloads • Why? • Save time! • Accessible! • Encoders supports: • Various base entity encoding • Url encoding • Various base script encoding • Base 64 encoding • Obfuscated Ascii encoding • Regular UTF-7 • Comprehensive UTF-7

  7. Heap Spray Wizard • Heap Spray Wizard • What does it do? • Sprays your heap with default payload to run calc.exe or provide your own shellcode. • Why? • Meant to be used with AX tools • Configure how much heap memory you want to spray. • Makes it one click process to spray with working payload

  8. Html Test Tool • Html Test Tool • What does it do? • Render various content in the browser using arbitrary content-type. • Why? • Different browsers treat different mime-types differently. • Browsers sniff based on content-type. • Flirting with mime-type paper by Blake Frantz. Great paper. • Sanity check mime-type behavior.

  9. Web Bug Tool • Web Bug Tool • What does it do? • Creates temporary web bug. • Record hits to a page. • Why? • Save time reusing web bug.

  10. Online Strings • Online Strings • What does it do? • Extract out unicode and ascii strings from binary files. • Why? • Quick and accessible. • Thought it was cool :-P

  11. Extract EXIF Makes it one click operation to map Again it’s available anywhere with web access. Nothing surprising but fun tool  Lesson: Don’t share photos taken with phone! j/k

  12. View State Decoder • View State Decoder • What does it do? • Allows you to peek inside what’s inside ViewState data. • Why? • Demystifies content of viewstate • Allows you to see a tree view of all the property values in viewstate • Any server side sensitive info inside? • Any questionable property being stored?

  13. Conclusion • Feel free to use it for authorized pen-testing. • http://zeleet.com/security.htm • Over 20+ tools (including bookmarklets) • If you have tools you’d like to see online please shoot me a mail. • hidejo@gmail.com • Thanks!

More Related