Posts categorized under: blog

Detecting SSLStrip using CSS


Detecting SSLStrip using CSS

SSLStrip is a simple proxying tool that will change HTTPS links to vanilla HTTP. It's one of the reasons why pentest reports will recommend against promoting a user's session from unencrypted to encrypted channels when they access a sensitive section of a site. If ...

My Nessus Viewer


My Nessus Viewer

I say my Nessus viewer because Nessus parsing scripts are one of the rites of passage for any pentester.

If you've been using Nessus for long enough then you'll remember the NBE format. NBE was a lovely little pipe delimited format that I never had ...