Install and Setup Burp Suite Proxy & Certificate with Java Application

Introduction

Java application sometimes did not go through (use) the global proxy setting. This means that even we setup the proxy and import the burp suite certificate, we are still not able to intercept HTTPs traffic.

This article is going to show you how to setup your Burp Suite proxy and certificate with Java Application for intercepting HTTPs traffic.

Continue reading

CVE-2019-11224 Injection dangerous command into HARMAN AMX

Injection Dangerous Command into HARMAN AMX

Affected Vendor: AMX – https://www.amx.com/
Affected Software: MVP5150 Firmware
Affected Version: Tested on V2.87.13
Issue type: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
Release Date: 07/05/2019
Discovered by: Harold Zang, Hivint
CVE Identifier: CVE-2019-11224
Issue status: Publish

Continue reading

ezXSS NGINX Rewrite Rules

Introduction

ezXSS is a XSS platform that can test (blind) Cross Site Scripting, steal cookies and other attacks. It is a open source XSS platform, you can find the source code in Github. However, the original source did not give NGINX Rewrite rules.

This article will show you ezXSS NGINX rewrite rules.Therefore, you can build your ezXSS with NGINX.

Continue reading