Wireless Attacks with Python: Part One - The "Dnspwn Attack"

Introduction

A while back, I published a post on the Raidersec blog demonstrating how to perform a deauthentication attack using Python and Scapy. I enjoyed writing the post, since I got the opportunity to learn in-depth about how different wireless attacks work, beyond just learning how to exclusively use the aircrack suite.

So, with that being said, this post will kick off a short series of posts discussing how to perform common wireless attacks using Python. I hope you enjoy the posts and, as always, never hesitate to let me know if you have any comments or questions below.

Read More

How to Pentest iPhone Apps with Burp

Introduction

When looking at the functionality of mobile apps, it’s clear that they aren’t that different than web applications. They often just serve as a frontend for the data stored on a central backend server or database. As such, if developers aren’t careful to protect these apps, many of the same vulnerabilities we find in standard web applications (such as injection attacks on unvalidated input) can be exploited by attackers.

This post will show how to setup the iPhone to work with the popular Burp Suite so that traffic from apps can be intercepted and tested for vulnerabilities.

Read More