Tuesday, July 17, 2012

haxor_android: streamlining monotonous mobile preparation prior to a security engagement



Periodic element class for security engagements on Android devices...requires the Anroid SDK. This package also requires a rooted device.
Create your own rendition of this class based on the README at: https://github.com/ninp0/kore_kit/tree/master/lib/kore_kit/telecom/mobile/android
Please note: You'll need to download and unzip extraxt dex2jar separately. Once extracted, create a symlink/shortcut to dex2jar.sh/dex2jar.bat (depending on your OS) CALLED "dex2jar" (NO EXTENSION) and place it in your PATH.

Cheers!
Posted by at No comments:

Tuesday, July 3, 2012

Introducing watirfall - An Automated Human Approach for Very Surgical Web Engagements


Decided to start working on a "smart" web-based class capable of behaving as if it were human.  This class can be used when a "surgical approach" is preferable during web security engagements.  This class currently works with the Firefox and Chrome browsers under both Linux and MacOSX.  It will allow you to drive a browser automatically, taking advantage of the built-in JavaScript engines found in the most popular browsers.  The following is an example of how to use it.

#!/usr/bin/env ruby
require './watirfall_config'
require './watirfall'

watirfall_config = WatirfallConfig.new
watirfall_config.as_firefox
wf = Watirfall.new(watirfall_config)
browser = wf.startup
browser.goto("http://www.ksl.com")
browser.text_field(:id => 'search_keyword').click
wf.type_as_human("watirfall") {|char| browser.text_field(:id => 'search_keyword').send_keys char}
browser.text_field(:id => 'search_keyword').send_keys :enter

If you feel you'd like to give this code a go, you can find it at https://github.com/ninp0/kore_kit/tree/master/lib/kore_kit/web/watirfall

For more information around driving this browser, the real sauce is found within watir-webdriver.

Cheers!
Posted by at No comments:
Subscribe to: Posts (Atom)