Burp Suite doesn’t intercept non HTTP/WebSocket communication, however some apps use, for example, plain TCP connection. I wrote a simple python server and client that exchanged messages via the mentioned…Continue readingIntercept non-HTTP communication via BurpSuite
Sometimes the app’s communication is written in a way that cannot be intercepted by Burp Suite, OWASP ZAP, etc. but it’s still HTTPS communication. For example, I wrote an app…Continue readingFooling app with MockServer (HTTPS)
Modifying data transferred and received is one of the simplest ways to hack an app. For example, I created one that communicates with a server via sockets and they can…Continue readingHack any (not encrypted) communication
SQL Injection is one of commonly known SQL vulnerabilities. It’s out of ordinary to see an unsecured implementation, it’s still possible to find it though. For me, one of the…Continue readingFrom SQL to shell access