pentester.land
Open in
urlscan Pro
2a06:98c1:3120::7
Public Scan
Submitted URL: http://pentester.land/
Effective URL: https://pentester.land/
Submission: On April 12 via manual from IL — Scanned from DE
Effective URL: https://pentester.land/
Submission: On April 12 via manual from IL — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Home AMA Challenges Cheatsheets Conference notes The 5 Hacking NewsLetter The Bug Hunter Podcast Tips & Tricks Tutorials About Contact List of bug bounty writeups Subscribe THE NEWSLETTER IS DEAD, LONG LIVE THE NEWSLETTER! 12 Jul 2020 • newsletter This is a long due post. Since The 5 Hacking Newsletter has stopped on this blog, I’ve been getting many questions about it. So, even though most readers already know by now, here’s a summary of what happened. More … THE 5 HACKING NEWSLETTER 107 27 May 2020 • newsletter Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 15 to 22 of May. OUR FAVORITE 5 HACKING ITEMS 1. TOOL OF THE WEEK > Axiom Project Axiom is a set of utilities for deploying and managing your own dynamic infrastructure on Digital Ocean. It includes different commands that you can use to work with VPS instances from the command line. Examples of actions available are launching a VPS instance, backing it up, connecting to it with SSH, deploying a VPN, etc. An awesome, convenient project for bug hunters, red teamers and pentester! More … THE 5 HACKING NEWSLETTER 106 20 May 2020 • newsletter Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 08 to 15 of May. OUR FAVORITE 5 HACKING ITEMS 1. TOOL OF THE WEEK > Wuzz If you ever want to send HTTP requests for a quick test without firing up Burp/ZAP, this is the tool for you. It is an interactive CLI tool for HTTP inspection. It allows you to send HTTP requests from the terminal, while controlling everything from the headers to the request’s type and data. More … THE 5 HACKING NEWSLETTER 105 12 May 2020 • newsletter Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 01 to 08 of May. OUR FAVORITE 5 HACKING ITEMS 1. ARTICLE OF THE WEEK > Decrypting and analyzing HTTPS traffic without MITM This article revisits a known technique for decrypting TLS traffic of mobile apps. It shows why Man-in-The-Middle is not always the best method, since bypassing certificate pinning or client certificate authentication can be complicated. The idea is to use Frida to steal the session key, sniff traffic with Wireshark and decrypt it in real time by providing Wireshark with the session key, and finally import the requests to Burp using the PDML importer for Burp Suite. More … THE 5 HACKING NEWSLETTER 104 05 May 2020 • newsletter Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 24 of April to 01 of May. OUR FAVORITE 5 HACKING ITEMS 1. TOOLS OF THE WEEK > * postMessage-tracker > * semgrep postMessage-tracker is a Chrome extension presented by @fransrosen in his “Attacking Modern Web Technologies” talk. It monitors postMessage listeners in all subframes of the window and logs everything, helping find postMessage issues such as XSS and data extraction bugs. Semgrep is like grep but for code. Both hackers and developers can use it to detect vulnerabilities by looking for anti-patterns in code. Here are two examples of patterns to look for in Go: 1 & 2. Languages supported are Python, JavaScript, Go, Java, C, and soon PHP and Typescript. More … Older