Archive for the ‘tools’ Category
hide your JavaScript
Filed under: Information, javascript, tools | Tags: base62, encode, javascript, obfuscate, packer, tools
Leave a Comment If there is a reason why you don’t want humans to read your JavaScript code, you can use the packer from
http://dean.edwards.name/packer/ to obfuscated it (online).
The packer compress the code to one line, deletes all comments and has the option to encode it with Base62. You can put the generated code in your code, it should work with any browser.
You must correctly terminate all JavaScript statements with semi-colons.
Here an example script and the output from the packer:
Read more »
playing with a backdoor
Filed under: Information, Injection, tools | Tags: backdoor, linux, netcat, ngrep, security, server
Leave a Comment I played last night with a backdoor shell that I found on the net and will show you how this works and how you can find traces if you are the system administrator.
I used 2 vm’s (virtual machines), both based on Debian/Linux one called “victim” it simulates the cracked server where the backdoor runs and the other box called “hacky” where the bad guy is sitting in front :)
The first step of the bad guy is to start a server that listens on some port (12345) on his box, a good program for this is netcat, the command could be something like: netcat -l -p 12345
Spam protection with Akismet
Filed under: PHP, spam, tools | Tags: akismet, antispam, PHP, security, spam
Leave a Comment Akismet, or Automattic Kismet, is a text spam filtering service created by Automattic, the corporation which employs most of the main developers of WordPress.
When a new comment is posted on your site, Akismet webs service catches the comment and tests whether a comment is valued as “spam” or “not spam”. Read more »
Automated testing with Selenium IDE
Filed under: Information, tools | Tags: PHP, selenium, test, testing, web, webdeveloper
Comments (3) Automated testing is an extremely useful bug-killing tool for the modern Web developer and a lot of vulnerability in fact are based on bugs.
With Selenium IDE, a free Firefox extension, you can easily record your clicks and inputs in the browser, set tests and replay the records. If a test failed you get a feedback.
I’ll show you an example, to make the power of Selenium clearer.
Read more »
Stop Spam with reCAPTCHA
Filed under: mail, spam, tools | Tags: captcha, mail, recaptcha, spam, tools
Leave a Comment CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) can protect you and your users from spammers and crackers.
Broadly spoken, user don’t like this ugly looking pictures and I saw a lot of false implemented code or very easy to crack. To see some examples which CAPTCHAs can be broken you should check out http://sam.zoy.org/pwntcha/
An easy to implement, free and I guess secure service can be found on recaptcha.org and you help by digitizing books.
Pixy: XSS and SQLI Scanner for PHP Programs
Filed under: Information, PHP, XSS, sql, tools | Tags: Information, Injection, PHP, scanner, security, sql, sqli, sqlinjection, tools, XSS
Leave a Comment Pixy is a free Java program that performs automatic scans of PHP 4 source code, aimed at the detection of Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.
There is also a easy to use webinterface where you can upload your files or paste the code to analyse it.
