rendezvous toolset l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Rendezvous Toolset PowerPoint Presentation
Download Presentation
Rendezvous Toolset

Loading in 2 Seconds...

play fullscreen
1 / 13

Rendezvous Toolset - PowerPoint PPT Presentation


  • 220 Views
  • Uploaded on

Rendezvous Toolset. Web application security http://zeleet.com/security.htm. What is Rendezvous. Web security tools that are on the web Goals Save time Build a clean interface (Based on JQuery) Accessible anywhere Help other pen-testers Limitations

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Rendezvous Toolset' - dagan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
rendezvous toolset

Rendezvous Toolset

Web application security

http://zeleet.com/security.htm

what is rendezvous
What is Rendezvous
  • Web security tools that are on the web
  • Goals
    • Save time
    • Build a clean interface (Based on JQuery)
    • Accessible anywhere
    • Help other pen-testers
  • Limitations
    • Optimized for IE for now (personal project)
postforwarder
Postforwarder
  • CSRF POC Helper
  • What does it do?
    • Automates x-domain post via link
    • Linked page auto-submits form to make x-domain post.
  • Why?
    • Demonstrates CSRF in POST just as dangerous as GET.
text converter
Text Converter
  • Web Text Converter
  • What does it do?
    • Generates Encoded Payloads
  • Why?
    • Save time!
    • Accessible!
    • Encoders supports:
      • Various base entity encoding
      • Url encoding
      • Various base script encoding
      • Base 64 encoding
      • Obfuscated Ascii encoding
      • Regular UTF-7
      • Comprehensive UTF-7
heap spray wizard
Heap Spray Wizard
  • Heap Spray Wizard
  • What does it do?
    • Sprays your heap with default payload to run calc.exe or provide your own shellcode.
  • Why?
    • Meant to be used with AX tools
    • Configure how much heap memory you want to spray.
    • Makes it one click process to spray with working payload
html test tool
Html Test Tool
  • Html Test Tool
  • What does it do?
    • Render various content in the browser using arbitrary content-type.
  • Why?
    • Different browsers treat different mime-types differently.
    • Browsers sniff based on content-type.
    • Flirting with mime-type paper by Blake Frantz. Great paper.
    • Sanity check mime-type behavior.
web bug tool
Web Bug Tool
  • Web Bug Tool
  • What does it do?
    • Creates temporary web bug.
    • Record hits to a page.
  • Why?
    • Save time reusing web bug.
online strings
Online Strings
  • Online Strings
  • What does it do?
    • Extract out unicode and ascii strings from binary files.
  • Why?
    • Quick and accessible.
    • Thought it was cool :-P
extract exif
Extract EXIF

Makes it one click operation to map

Again it’s available anywhere with web access.

Nothing surprising but fun tool 

Lesson: Don’t share photos taken with phone! j/k

view state decoder
View State Decoder
  • View State Decoder
  • What does it do?
    • Allows you to peek inside what’s inside ViewState data.
  • Why?
    • Demystifies content of viewstate
    • Allows you to see a tree view of all the property values in viewstate
    • Any server side sensitive info inside?
    • Any questionable property being stored?
conclusion
Conclusion
  • Feel free to use it for authorized pen-testing.
    • http://zeleet.com/security.htm
  • Over 20+ tools (including bookmarklets)
  • If you have tools you’d like to see online please shoot me a mail.
    • hidejo@gmail.com
  • Thanks!