I hate to use the word Ajax because there’s no XML involved just nice JSON but Hackvertor now has Ajax applications! At the moment it’s very rough around the edges but it will improve when I get more spare time to work on them. What does it mean? Well you can now share actual HTML/JS [...]
I wanted a sexy object enumerator. There wasn’t any. So I developed the terminator of enumerators “astalanumerator”. I have since integrated it into Hackvertor because that where I seem to put everything nowadays. Anyway you can use it by visiting:-
1. http://hackvertor.co.uk/public
2. Type window into the output
3. Click Inspect.
Yeah damn sexy eh? It creates a tree [...]
My one man mission to create a social coding network is going well, if you read this blog previously you’ll remember my attempts at a JavaScript sandbox until I finally settled on JSReg as a method. I’ve refined the process of creating tags after trying to build them myself using the editor.
How to create a [...]
Over the weekend Stefano Di Paola broke my JSReg sandbox with some awesome vectors in particular the Opera one. He took my challenge after I laid down the gauntlet on the web app sec list. If you have some sandbox you want breaking, some Flash you need testing or general pen test work you should [...]
I’m not a developer any more so I find it difficult to update the experiments I’ve been working on but I managed today to upload the work I’ve done with JSReg and update Hackvertor. They are both integrated closely together because Hackvertor allows untrusted Javascript using JSReg.
The recent upgrade to JSReg allowed me to upload [...]
JSReg has grown up a bit since I released the first version. You can now use it to monitor malicious javascript. I have a very basic example of this in Hackvertor, at the moment Hackvertor doesn’t support callbacks so it’s a bit of a hack but you will get the idea.
I use __defineSetter__ to [...]
I thought I’d post a quick tutorial on how Hackvertor can be used to decode obfuscated javascript. This is based on a real request on sla.ckers. I’ll walk you through the code and tidy it up and show you how to use the advanced tags to easily decode the encoded string.
Warning disclaimer
Do not try and [...]
Whilst reading everyone’s tweets, I found Yosuke Hasegawa had posted a binary string. I decoded it out of curiosity, first it was binary, then character codes, then UTF-7 and finally Japanese. So yeah you can tell what’s coming, I wanted Hackvertor to decode it all for me. Here’s the string:-
00101011 01001101 01000111 00111000 01110111 01010111 [...]
I posted a vector to the web app sec list because they were discussing expression XSS. Ivan Ristic naturally used Hackvertor to try and decode the vector automatically. But he exposed a bug in the auto decoder. Well it’s now fixed yay! Thanks Ivan. I found a couple of errors in my reg exp syntax [...]
I’ve finally created a Hackvertor video demo, I’ve encoded it in swf and compressed it quite a lot. The quality is good and at a high resolution but the colours are a bit out other than that it should be quite clear how it works. The demo is available here:-
Hackvertor video demo