 | Browser extensions can do all sorts of things like editing files on your computer which of course can be used for evil things but at lest you get warning about stuff like. Chrome being a good browser goes out of its way to give you warnings for every little thing but they left a few big ones out, which is what the focus of this post is about. What Google forgot to tell us.
Chrome extens ... [more]
|
 | So the other day i was reading a paper on using RTLO Unicode to obfuscate file name extensions in windows and hypertext links and it got me thinking of what else i could use this for. I did some limited tests on Ubuntu then quickly moved to the web.
Due to my recent work with file sharing sites i made that type of application my first stop, and it was worth it. Virtually every input fie ... [more]
|
 | I found a worthless little bug in android browser the other night while playing around. I only blog about it because there could be a xss hiding out in there and i just cant find it, there are a lot of better XSS hackers out there maybe one of them will play with this a little more and make some magic. So anyway back to the bug(s).
The android browser does this thing that while you typ ... [more]
|
 |
Yesterday i quitly released our latest chrome extensionson as a update for the few that already installed one of our other chrome extensions. This new one uses all of our API so you have access to the port scanner, http request forager, sql injection tool, the email spoofer and more! Other then the tools a new thing with these and anyother future tools that uses the API is you must now provide a ... [more]
|
 | Ok so i am making chrome extensions that work with my API but i needed a way to use recaptcha for some of the tools. Now when i just put the captcha js on a page it works fine but i was having the captcha load in a div via document.getElementById('div').innerHTML = CAPTCHA_js but this was breaking the captcha. So heres the code i used:
var xhr = new XMLHttpRequest();
xhr.open("GET" ... [more]
|
 | I am pleased today to be releasing our SQL injection chrome extension, a first for HH. Now while your surfing the net you can test any page for sql injections with a click of a button! Just download, unzip, right click on the crx file and open with chrome, that will install the extension and your done! This is only the first in many chrome extensions to come so check back soon for more on this and ... [more]
|
 | I am pleased today to be releasing ENCOSH FF search plugin, a first for HH. Now you can simpaly put the string you want hashed or encoded in the search bar of your FireFox browser, hit enter and get the results right away, regarless of what page or site you are at.
CLICK HERE TO GET THE PLUGIN!!!
This is only the first in many browse ... [more]
|
 | For the past week or so i been diving head first into as3 and making my own flash files for exploiting :D and been having some fun along the way. Befor i get to what i was doing lets take a look at this:
http://www.theregister.co.uk/2009/12/22/mass_flash_file_vulnerability/
That articale also talks about XSS in flash files but focuses on preexisting content. Lets take a look ... [more]
|
