Well, if you guys asked me if why i havent been updating my blog? I can only say that there is so much to be done in work and of course reading a lot on Rsnake's XSS exploit and defence. Been doing a lot of project management and technical work for my new company. I love my current company because of the flexible timing, nice colleagues and of course a very nice boss who is willing to listen to suggestions.
Well back to the main topic, i had been assigned to hack an application with 2 factor authentication. Damn, all i can say is it is very secure it terms of randomness in session id, hidden fields and encryption. There is no way i can break the application's login page and the only thing i found is only a jar file with lotsa class files inside. Well, i know i can use a java decompiler like jad to get the source code but i did not because i am concentrating more on finding vulnerabilities. Hmz....I will continue with part 2 tomorrow. Firefox is a very cool tool to do web hacking. Install the following extentions guys
1. DOM Inspector
2. LiveHTTP Headers
3. Tamper Data
4. Modify Header
6. Greasemonkey with XSS Assistant and Post Intercepter
The Hacka Man