Suche senden
Hochladen
4.2. Web analyst fiddler
•
0 gefällt mir
•
432 views
defconmoscow
Folgen
Meeting #4.
Weniger lesen
Mehr lesen
Melden
Teilen
Melden
Teilen
1 von 20
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Debugging with Fiddler
Debugging with Fiddler
Ido Flatow
Getting started with fiddler
Getting started with fiddler
Zhi Zhong
High-Performance Magento in the Cloud
High-Performance Magento in the Cloud
AOE
Running and Scaling Magento on AWS
Running and Scaling Magento on AWS
AOE
How to WRAPS like Snoop Dogg
How to WRAPS like Snoop Dogg
Alex Kim
My Database Skills Killed the Server
My Database Skills Killed the Server
ColdFusionConference
Application Deployment with Zend Server 5.5 beta
Application Deployment with Zend Server 5.5 beta
10n Software, LLC
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
Amazon Web Services
Empfohlen
Debugging with Fiddler
Debugging with Fiddler
Ido Flatow
Getting started with fiddler
Getting started with fiddler
Zhi Zhong
High-Performance Magento in the Cloud
High-Performance Magento in the Cloud
AOE
Running and Scaling Magento on AWS
Running and Scaling Magento on AWS
AOE
How to WRAPS like Snoop Dogg
How to WRAPS like Snoop Dogg
Alex Kim
My Database Skills Killed the Server
My Database Skills Killed the Server
ColdFusionConference
Application Deployment with Zend Server 5.5 beta
Application Deployment with Zend Server 5.5 beta
10n Software, LLC
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
(WEB304) Running and Scaling Magento on AWS | AWS re:Invent 2014
Amazon Web Services
Revisiting HTTP/2
Revisiting HTTP/2
Fastly
WebSockets On Fire
WebSockets On Fire
Jef Claes
Scale your Magento app with Elastic Beanstalk
Scale your Magento app with Elastic Beanstalk
Corley S.r.l.
Pycon 2014
Pycon 2014
Tao Zhu
Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016
Ortus Solutions, Corp
How to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
Websockets at tossug
Websockets at tossug
clkao
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
Philip Tellis
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
Philip Tellis
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks Stockholm
Daniel Stenberg
Lares from LOW to PWNED
Lares from LOW to PWNED
Chris Gates
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy Person
Philip Tellis
Using Websockets with Play!
Using Websockets with Play!
Andrew Conner
Designing & Building Secure Web APIs
Designing & Building Secure Web APIs
CodeOps Technologies LLP
Smuggling TCP traffic through HTTP
Smuggling TCP traffic through HTTP
Dávid Halász
HTTP/2 and Java: Current Status
HTTP/2 and Java: Current Status
Simone Bordet
Moving Pictures - Web 2.0 Expo NYC
Moving Pictures - Web 2.0 Expo NYC
Cal Henderson
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
张所勇:前端开发工具推荐
张所勇:前端开发工具推荐
zhangsuoyong
Getting start with Performance Testing
Getting start with Performance Testing
Yogesh Deshmukh
Weitere ähnliche Inhalte
Was ist angesagt?
Revisiting HTTP/2
Revisiting HTTP/2
Fastly
WebSockets On Fire
WebSockets On Fire
Jef Claes
Scale your Magento app with Elastic Beanstalk
Scale your Magento app with Elastic Beanstalk
Corley S.r.l.
Pycon 2014
Pycon 2014
Tao Zhu
Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016
Ortus Solutions, Corp
How to secure your web applications with NGINX
How to secure your web applications with NGINX
Wallarm
Websockets at tossug
Websockets at tossug
clkao
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
Philip Tellis
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
Philip Tellis
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks Stockholm
Daniel Stenberg
Lares from LOW to PWNED
Lares from LOW to PWNED
Chris Gates
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy Person
Philip Tellis
Using Websockets with Play!
Using Websockets with Play!
Andrew Conner
Designing & Building Secure Web APIs
Designing & Building Secure Web APIs
CodeOps Technologies LLP
Smuggling TCP traffic through HTTP
Smuggling TCP traffic through HTTP
Dávid Halász
HTTP/2 and Java: Current Status
HTTP/2 and Java: Current Status
Simone Bordet
Moving Pictures - Web 2.0 Expo NYC
Moving Pictures - Web 2.0 Expo NYC
Cal Henderson
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Rob Fuller
Was ist angesagt?
(20)
Revisiting HTTP/2
Revisiting HTTP/2
WebSockets On Fire
WebSockets On Fire
Scale your Magento app with Elastic Beanstalk
Scale your Magento app with Elastic Beanstalk
Pycon 2014
Pycon 2014
Testing Automaton - CFSummit 2016
Testing Automaton - CFSummit 2016
How to secure your web applications with NGINX
How to secure your web applications with NGINX
Websockets at tossug
Websockets at tossug
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
HTTP/2 - for TCP/IP Geeks Stockholm
HTTP/2 - for TCP/IP Geeks Stockholm
Lares from LOW to PWNED
Lares from LOW to PWNED
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy Person
Using Websockets with Play!
Using Websockets with Play!
Designing & Building Secure Web APIs
Designing & Building Secure Web APIs
Smuggling TCP traffic through HTTP
Smuggling TCP traffic through HTTP
HTTP/2 and Java: Current Status
HTTP/2 and Java: Current Status
Moving Pictures - Web 2.0 Expo NYC
Moving Pictures - Web 2.0 Expo NYC
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
Andere mochten auch
张所勇:前端开发工具推荐
张所勇:前端开发工具推荐
zhangsuoyong
Getting start with Performance Testing
Getting start with Performance Testing
Yogesh Deshmukh
Introduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Nascenia IT
Piu vicini ai cittadini - I temi delle Europee 2014
Piu vicini ai cittadini - I temi delle Europee 2014
Partito democratico
GRID-TIE Inverter
GRID-TIE Inverter
Mark Robinson
Повышаем качество коммерческого сайта. От слов к цифрам и действиям.
Повышаем качество коммерческого сайта. От слов к цифрам и действиям.
Сергей Мочалов
8800654747 Chintels paradiso 1850 SQFT
8800654747 Chintels paradiso 1850 SQFT
Ashwani Sehrawat
اخلاق نقد
اخلاق نقد
Safahan
Are Green Employees Better
Are Green Employees Better
egpytel
Climatic Changes and Yellow Rust Outbreak in Syria
Climatic Changes and Yellow Rust Outbreak in Syria
ICARDA
Drop a dress size without dieting with perfect posture
Drop a dress size without dieting with perfect posture
Sheena Agarwal
Social media in an accessible learning perspective
Social media in an accessible learning perspective
Karel Van Isacker
Sateliet
Sateliet
Jojoke
Dog
Dog
Cathy Apostolopoulou
Lagna calculator ( mystic scripts )
Lagna calculator ( mystic scripts )
LilitPradhan-Somakant Sawant-Bhonsle
Lezione 7 (12 marzo 2012)
Lezione 7 (12 marzo 2012)
STELITANO
Organizing with online elections
Organizing with online elections
Ashley Knuckles
Presentation
Presentation
aprudyk
6th math -c2--l12--sept17
6th math -c2--l12--sept17
jdurst65
22 11 2011_ss
22 11 2011_ss
Comunidad Fusion
Andere mochten auch
(20)
张所勇:前端开发工具推荐
张所勇:前端开发工具推荐
Getting start with Performance Testing
Getting start with Performance Testing
Introduction to Secure Sockets Layer
Introduction to Secure Sockets Layer
Piu vicini ai cittadini - I temi delle Europee 2014
Piu vicini ai cittadini - I temi delle Europee 2014
GRID-TIE Inverter
GRID-TIE Inverter
Повышаем качество коммерческого сайта. От слов к цифрам и действиям.
Повышаем качество коммерческого сайта. От слов к цифрам и действиям.
8800654747 Chintels paradiso 1850 SQFT
8800654747 Chintels paradiso 1850 SQFT
اخلاق نقد
اخلاق نقد
Are Green Employees Better
Are Green Employees Better
Climatic Changes and Yellow Rust Outbreak in Syria
Climatic Changes and Yellow Rust Outbreak in Syria
Drop a dress size without dieting with perfect posture
Drop a dress size without dieting with perfect posture
Social media in an accessible learning perspective
Social media in an accessible learning perspective
Sateliet
Sateliet
Dog
Dog
Lagna calculator ( mystic scripts )
Lagna calculator ( mystic scripts )
Lezione 7 (12 marzo 2012)
Lezione 7 (12 marzo 2012)
Organizing with online elections
Organizing with online elections
Presentation
Presentation
6th math -c2--l12--sept17
6th math -c2--l12--sept17
22 11 2011_ss
22 11 2011_ss
Mehr von defconmoscow
7.5. Pwnie express IRL
7.5. Pwnie express IRL
defconmoscow
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]
defconmoscow
7.3. iCloud keychain-2
7.3. iCloud keychain-2
defconmoscow
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking
defconmoscow
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment
defconmoscow
6.4. PHD IV CTF final
6.4. PHD IV CTF final
defconmoscow
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail
defconmoscow
6.2. Hacking most popular websites
6.2. Hacking most popular websites
defconmoscow
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection
defconmoscow
6. [Bonus] DCM MI6
6. [Bonus] DCM MI6
defconmoscow
5.3. Undercover communications
5.3. Undercover communications
defconmoscow
5.2. Digital forensics
5.2. Digital forensics
defconmoscow
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]
defconmoscow
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt
defconmoscow
4.5. Contests [extras]
4.5. Contests [extras]
defconmoscow
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware
defconmoscow
4.3. Rat races conditions
4.3. Rat races conditions
defconmoscow
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation
defconmoscow
3.3. Database honeypot
3.3. Database honeypot
defconmoscow
3.2. White hat
3.2. White hat
defconmoscow
Mehr von defconmoscow
(20)
7.5. Pwnie express IRL
7.5. Pwnie express IRL
7.4. Show impact [bug bounties]
7.4. Show impact [bug bounties]
7.3. iCloud keychain-2
7.3. iCloud keychain-2
7.2. Alternative sharepoint hacking
7.2. Alternative sharepoint hacking
7.1. SDLC try me to implenment
7.1. SDLC try me to implenment
6.4. PHD IV CTF final
6.4. PHD IV CTF final
6.3. How to get out of an inprivacy jail
6.3. How to get out of an inprivacy jail
6.2. Hacking most popular websites
6.2. Hacking most popular websites
6.1. iCloud keychain and iOS 7 data protection
6.1. iCloud keychain and iOS 7 data protection
6. [Bonus] DCM MI6
6. [Bonus] DCM MI6
5.3. Undercover communications
5.3. Undercover communications
5.2. Digital forensics
5.2. Digital forensics
5.1. Flashback [hacking AD]
5.1. Flashback [hacking AD]
5. [Daily hack] Truecrypt
5. [Daily hack] Truecrypt
4.5. Contests [extras]
4.5. Contests [extras]
4.4. Hashcracking server on generic hardware
4.4. Hashcracking server on generic hardware
4.3. Rat races conditions
4.3. Rat races conditions
4.1. Path traversal post_exploitation
4.1. Path traversal post_exploitation
3.3. Database honeypot
3.3. Database honeypot
3.2. White hat
3.2. White hat
4.2. Web analyst fiddler
1.
Debugging proxy tuning
for fun and profit By Peter Volkov
2.
Still using wireshark
for HTTP debugging/analysis?
3.
Use appropriate tools!
4.
JScript based scripting
engine
5.
Fiddler script basics
6.
My favorite use
case: Where did this @$%^ came from? Easy case:
7.
But what if
plaintext search doesn’t help? Inspect all these 60+ js from 10+ hosts manually?
8.
Breakpoints!
9.
Breakpoints!
10.
Fiddler script basics
11.
Fiddler script basics
12.
13.
14.
Go get some
exploit kits regexps on http://www.malwaresigs.com/
15.
Dyndns, .in, .cn,
etc http://mirror1.malwaredomains.com/files/dynamic_dns.txt
16.
17.
18.
Setting referrer Disabling HTTP
cookies
19.
Download ‘em all!
20.
The end.
Jetzt herunterladen