Checking connections to suspicious sites while we are browsing
Every day we visit a lot of sites on the Internet. Each of these sites have a lot of resources and do a lot of connections to external servers, but… how can we check for connections for suspicious sites? And how can we script some actions?
Validating JWT Tokens in shell scripts
JWT Tokens are very popular as SSO authentication mechanism, for authorization and widely used in the Microservices paradigm. But have we really pay attention if JWT tokens are valid?
Chaining BurpSuite and OWASP ZAP
BurpSuite is a nice tool but not Open Source, so not all their features are free. OWASP ZAP is an Open Source alternative but, sadly, it’s not so powerful as BurpSuite in some cases. But… why not to use both at the same time?
Sending traffic to BurpSuite
In the previous post post we talked about how to store navigation traffic in a session file. Now we’ll use this file to send it to a proxy, like BurpSuite or OWASP ZAP Proxy