-
Recent Posts
- Question : Will a GUID lose it’s uniqueness when you remove the dashes (-)?
- Standardizing TeamMentor branching names
- How to design an application using AngularJS if you are familiar with jQuery?
- Some jQuery selectors works on Firefox console, even though jQuery hasn’t been referenced
- Using WebDriver Actions class to interact with TeamMentor contextual menu
Archives
Categories
Meta
Author Archives: arvinddoraiswamy
Dom XSS Pocs
TeamMentor uses plenty of Javascript. Hence there might be more places than what was found in the past, which are vulnerable to DOM XSS. Have been trying to understand what Dom XSS means and created a few simple POCs for … Continue reading
TeamMentor architecture – Questions
So as I’ve gone on looking at how things are inside TM, I’ve been having more questions. Here they are: a) I can see a lot of events in Events.js. I’m not sure though, when any of them will be … Continue reading
Posted in Architecture
1 Comment
Studying TM architecture
So I’ve been spending a little time studying how TM is built internally as I’m quite poor at JS, JQuery and the other client side languages. Not that I rock server side..but I digress . So I was using Firebug … Continue reading
Posted in Architecture
2 Comments
Testing TeamMentor..environment..
So I started testing TM again; I wanted to start testing it for XSS vulnerabilities. Now TM is a Windows application; I pulled down the latest code from here, copied it to my guest VM (VirtualBox) and then clicked on … Continue reading
Posted in Uncategorized
Leave a comment
Experimenting a little with Git..
So I’m back working with Dinis for a little bit..and true to form I ended up needing to learn some stuff to proceed. Which is fine, I don’t complain .. so this time I needed to learn a little bit … Continue reading
Auth testing scripts – Now with Python modules :)
I thought yesterday’s post describing my progress was nice. However when I showed it to Dinis, he said ‘Yeah nice’ but you need to make it into modules. And there’s too much code duplication everywhere. (Ouch)* After the usual initial … Continue reading
Posted in WebServices
1 Comment
Authorization testing scripts…revisited and improved
Since my fuzzing adventures had sort of reached a logical stage; I pinged Dinis and he said something about how auth testing would give us the correct order in which tests are to be executed; after which fuzzing becomes easier. … Continue reading
Posted in WebServices
Leave a comment
Improved fuzzing code…
In my previous post I talked a little bit about fuzzing and how I’d proceed. I’ve now made really good improvements (IMO anyway ) on the code. So now..a brief feature list(HaHa) of my fuzzing script for a Webservice method … Continue reading
Posted in WebServices
1 Comment
Fuzzed 3 methods – better code
Yesterday I wrote a post explaining my approach. I’ve made further progress today and have fuzzed 3 methods and pushed all the code to Git. This code is more structured and scales better. It reads a config file which contains … Continue reading
Posted in WebServices
Leave a comment
First Web Service method – Fuzzed!
Yes! Finally I’ve managed to start fuzzing and have some code over here if you want to quickly jump there without reading my fun stories . There’s a sample XML file too if you want to take a look at … Continue reading
Posted in Uncategorized
Leave a comment
