I’ve created a separate tool for HTML/JS fuzzing, I decided to do this because Hackvertor does all the hard work of conversion and I can simply extend the functionality without writing much code. The tool is already very powerful and lets you traverse unicode characters and perform whatever conversions you require and in any position […]

In my second part of Javascript for hackers I shall be showing how pointless it is to ban the use of document, location etc within form variables. You can create some truly amazing strings which are unreadable to the human eye, many more vectors are available on the sla.ckers thread I created but I’ll show […]

Thom Shannon has released an interesting bit of Flash/JS code which enables a site to track users across browsers. It only works on Windows at the moment and uses Flash local storage to retain the information. I think this could be great for tracking malicious TOR users or attackers behind proxies. The example along with […]

New update I’ve updated Hackvertor again, which allows HMAC hashing, SHA2 hashing support, new line removal and javascript evaluation within tags. A good example of the new features would be the following input:- str=’hello’;for(i=0;i

I’ve continued my experiments with loops in CSS and tried to find a method to allow counter-increment through a loop. The technique uses a random seed to create a unique url each time (obviously the seed can be improved), it then uses meta refreshes to create the required history to increment the value. This technique […]

Developers place too much trust in everything, they assume that certain data cannot be faked and therefore these pieces of data can be used as a Trojan horse. Lets take the REMOTE IP of a user, it seems a trusted source because of the TCP/IP connection between the user and the server but take the […]