So we all know how great burpsuite is, but don’t we all hate getting nagged by IE and Firefox about the certificate issues? Well here’s a quick way to add burpsuites CA certificate to them.

Background: During install burpsuite generates a new CA certificate and stores the private key on your machine, if you reinstall you’ll have to repeat the steps to trust the newly generated CA again.

Steps for… Continue reading

So the only reason I use windows is due to needing to use IE with some app tests, the rest is done from BackTrack.

At the GlosLUG meeting last night someone mentioned an automated script for installing IE6 under wine so I thought I would give it a go.

IEs 4 Linux uses wine and downloads everything else thats needed from Microsoft so things work great.

The first thing you… Continue reading

When performing an app test I kept getting temporarily redirected to an auth page that was HTTPS and then directed back to the page I came from. This was frustrating as i was using burpsuite and i kept getting the certificate error message.

I only used this VM for app testing so decided to stop Internet Explorer from nagging me about certificate errors.

Open regedit and navigate to the following… Continue reading

So you’ve got some XSS that you want to test but the browser you’ve been using for your app testing is protecting against the use of javascript in the address URL. The following URL:


Would end up getting sent to the server as:

1GET /index.asp?val=%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1

In order to prevent this so we can test XSS flaws within applications we need to turn off the javascript filter in the… Continue reading