Comments on: AttackAPI http://www.gnucitizen.org/blog/attackapi/ Information Security Think Tank Thu, 11 Mar 2010 22:49:16 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: 行骏-IT Player » Blog Archive » 50个实用的JavaScript工具 http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-128069 行骏-IT Player » Blog Archive » 50个实用的JavaScript工具 Fri, 25 Dec 2009 16:08:55 +0000 http://www.gnucitizen.org/blog/attackapi#comment-128069 [...] AttackAPI AttackAPI是一个基于Web的攻击构造库,它可以结合PHP、JavaScript及其他客户端和服务器端技术进行使用。 [...] [...] AttackAPI AttackAPI是一个基于Web的攻击构造库,它可以结合PHP、JavaScript及其他客户端和服务器端技术进行使用。 [...]

]]> By: pdp http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127984 pdp Mon, 09 Nov 2009 22:17:49 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127984 meandmine, we use google code because it is simple and it does the job. meandmine, we use google code because it is simple and it does the job.

]]> By: meandmine http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127875 meandmine Tue, 29 Sep 2009 10:28:55 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127875 I was wondering, since I can't download the code to help improve the code to in turn help others, why have the code up on google code? It's a simple thing to bookmark the page and plagiarize your work, no? I was wondering, since I can’t download the code to help improve the code to in turn help others, why have the code up on google code?

It’s a simple thing to bookmark the page and plagiarize your work, no?

]]> By: web security tools collection for pentesters | KNYKSL.COM v3 http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127863 web security tools collection for pentesters | KNYKSL.COM v3 Sun, 20 Sep 2009 22:23:15 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127863 [...] XSS-Proxy – http://xss-proxy.sourceforge.net AttackAPI – http://www.gnucitizen.org/projects/attackapi/ FFsniFF – http://azurit.elbiahosting.sk/ffsniff/ HoneyBlog’s web-based junkyard – [...] [...] XSS-Proxy – http://xss-proxy.sourceforge.net AttackAPI – http://www.gnucitizen.org/projects/attackapi/ FFsniFF – http://azurit.elbiahosting.sk/ffsniff/ HoneyBlog’s web-based junkyard – [...]

]]> By: My Own VA Tool Set « Old New Dream http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127654 My Own VA Tool Set « Old New Dream Mon, 27 Jul 2009 16:54:09 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127654 [...] XSS-Proxy – http://xss-proxy.sourceforge.net AttackAPI – http://www.gnucitizen.org/projects/attackapi/ FFsniFF – http://azurit.elbiahosting.sk/ffsniff/ HoneyBlog’s web-based junkyard – [...] [...] XSS-Proxy – http://xss-proxy.sourceforge.net AttackAPI – http://www.gnucitizen.org/projects/attackapi/ FFsniFF – http://azurit.elbiahosting.sk/ffsniff/ HoneyBlog’s web-based junkyard – [...]

]]> By: XSS – Understanding Cross Site Scripting « Miscellaneous Security http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127609 XSS – Understanding Cross Site Scripting « Miscellaneous Security Wed, 08 Jul 2009 16:44:26 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127609 [...] Additional Resources: Cross-Site Scripting (XSS) FAQ OWASP Guide to XSS XSS tutorial XSS Video Tutorial (via youtube) XSS Attack API [...] [...] Additional Resources: Cross-Site Scripting (XSS) FAQ OWASP Guide to XSS XSS tutorial XSS Video Tutorial (via youtube) XSS Attack API [...]

]]> By: An XSS Primer – Understanding Cross Site Scripting « Miscellaneous Security http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127606 An XSS Primer – Understanding Cross Site Scripting « Miscellaneous Security Tue, 07 Jul 2009 23:40:08 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127606 [...] Additional Resources: Cross-Site Scripting (XSS) FAQ OWASP Guide to XSS XSS tutorial XSS Video Tutorial (via youtube) XSS Attack API [...] [...] Additional Resources: Cross-Site Scripting (XSS) FAQ OWASP Guide to XSS XSS tutorial XSS Video Tutorial (via youtube) XSS Attack API [...]

]]> By: An XSS Primer – Understanding Cross Site Scripting « Miscellaneous Security http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127605 An XSS Primer – Understanding Cross Site Scripting « Miscellaneous Security Tue, 07 Jul 2009 19:49:56 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127605 [...] Additional Resources:Cross-Site Scripting (XSS) FAQOWASP Guide to XSSXSS tutorialXSS Video Tutorial (via youtube)XSS Attack API [...] [...] Additional Resources:Cross-Site Scripting (XSS) FAQOWASP Guide to XSSXSS tutorialXSS Video Tutorial (via youtube)XSS Attack API [...]

]]> By: Web App Security: Comparing and contrasting Black Box, White Box, Fault Injection, and SCA — QuietMove http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-127591 Web App Security: Comparing and contrasting Black Box, White Box, Fault Injection, and SCA — QuietMove Thu, 02 Jul 2009 23:57:49 +0000 http://www.gnucitizen.org/blog/attackapi#comment-127591 [...] At the same time, the population of attackers has vastly increased. The maxim goes that a security system is only as strong as its weakest link, so that’s what attackers look for. Attacks have moved both up and down the stack. By this I mean, up to the application and even client level, and down to the system internals and driver level. Blue Pill, a virtual machine malware platform, is one such example that takes advantage of hardware features at the bottom level, while at the top level you have the world of web application attacks, where web applications are used as proxies to attack the integrity of the application as well as its architectural dependencies, and Javascript attacks, which are used to attack the softest target of all – the end user. At the Javascript / client attack level, state of the art is represented by PDP’s AttackAPI. [...] [...] At the same time, the population of attackers has vastly increased. The maxim goes that a security system is only as strong as its weakest link, so that’s what attackers look for. Attacks have moved both up and down the stack. By this I mean, up to the application and even client level, and down to the system internals and driver level. Blue Pill, a virtual machine malware platform, is one such example that takes advantage of hardware features at the bottom level, while at the top level you have the world of web application attacks, where web applications are used as proxies to attack the integrity of the application as well as its architectural dependencies, and Javascript attacks, which are used to attack the softest target of all – the end user. At the Javascript / client attack level, state of the art is represented by PDP’s AttackAPI. [...]

]]> By: iS34.Net Gncel Haberler » Fikir retme, Etki ve Tepki http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-126346 iS34.Net Gncel Haberler » Fikir retme, Etki ve Tepki Sat, 21 Mar 2009 19:02:20 +0000 http://www.gnucitizen.org/blog/attackapi#comment-126346 [...] istem d??? ayn? ?eyleri retecektir. Mesela ben XSS Shell‘ i yay?nlad???m hafta Attack API ve BeeF te yay?nland?. 2005′ te bu konunun ilk rne?i geli?tirilmesine ra?men tam iki [...]

]]> By: IT Technology And Something » 50 Useful JavaScript Tools http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-126321 IT Technology And Something » 50 Useful JavaScript Tools Tue, 17 Mar 2009 01:32:01 +0000 http://www.gnucitizen.org/blog/attackapi#comment-126321 [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...] [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...]

]]> By: 50 Useful JavaScript Tools | Ramblings http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-126053 50 Useful JavaScript Tools | Ramblings Sat, 21 Feb 2009 21:01:56 +0000 http://www.gnucitizen.org/blog/attackapi#comment-126053 [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...] [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...]

]]> By: The Words from a Bajan » Blog Archive » 50 Useful JavaScript Tools http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125930 The Words from a Bajan » Blog Archive » 50 Useful JavaScript Tools Thu, 12 Feb 2009 15:17:06 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125930 [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...] [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...]

]]> By: 50 Useful JavaScript Tools | How2Pc http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125894 50 Useful JavaScript Tools | How2Pc Mon, 09 Feb 2009 16:05:07 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125894 [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...] [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...]

]]> By: Web Technology » Blog Archive » 50 Useful JavaScript Tools http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125890 Web Technology » Blog Archive » 50 Useful JavaScript Tools Mon, 09 Feb 2009 07:31:19 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125890 [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...] [...] AttackAPI AttackAPI is a framework for writing test cases of potential JavaScript exploits and vulnerabilities. [...]

]]> By: Google Search Results Poisoning | GNUCITIZEN http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125878 Google Search Results Poisoning | GNUCITIZEN Sun, 08 Feb 2009 18:58:45 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125878 [...] to query Google by searching for GNUCITIZEN. I was expecting to see the GNUCITIZEN front page, AttackAPI, the backdooring articles and some Full-Disclosure and Bugtraq posts. To my surprise, the search [...] [...] to query Google by searching for GNUCITIZEN. I was expecting to see the GNUCITIZEN front page, AttackAPI, the backdooring articles and some Full-Disclosure and Bugtraq posts. To my surprise, the search [...]

]]> By: ZombieMap | GNUCITIZEN http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125301 ZombieMap | GNUCITIZEN Wed, 14 Jan 2009 18:38:44 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125301 [...] such type of channel and it is added by default. If you want to spawn your own attack channel, use AttackAPI’s channel.php infrastructure [...] [...] such type of channel and it is added by default. If you want to spawn your own attack channel, use AttackAPI’s channel.php infrastructure [...]

]]> By: Thoughts on JSPing | GNUCITIZEN http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125024 Thoughts on JSPing | GNUCITIZEN Fri, 02 Jan 2009 09:50:42 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125024 [...] them. This project inspired me to do an extension of his tool and include the implementation into AttackAPI 0.8 release which will be out very [...] [...] them. This project inspired me to do an extension of his tool and include the implementation into AttackAPI 0.8 release which will be out very [...]

]]> By: Google Search API Worms 3 | GNUCITIZEN http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125012 Google Search API Worms 3 | GNUCITIZEN Fri, 02 Jan 2009 03:14:06 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125012 [...] All that reminded me of my discussion about Google AJAX Search API worms. So, I decided to try and see how far an attacker can go with Michael’s findings and my AttackAPI. [...] [...] All that reminded me of my discussion about Google AJAX Search API worms. So, I decided to try and see how far an attacker can go with Michael’s findings and my AttackAPI. [...]

]]> By: Google Search API Worms 2 | GNUCITIZEN http://www.gnucitizen.org/blog/attackapi/comment-page-1/#comment-125010 Google Search API Worms 2 | GNUCITIZEN Fri, 02 Jan 2009 03:08:30 +0000 http://www.gnucitizen.org/blog/attackapi#comment-125010 [...] am planning to implement some of the SearchMash features into AttackAPI GoogleSearch module in the 0.9 release. I really like what the Google guys are doing but at the [...] [...] am planning to implement some of the SearchMash features into AttackAPI GoogleSearch module in the 0.9 release. I really like what the Google guys are doing but at the [...]

]]>