Hello, how are you doing, I’m fine thank you, hope you and your loved ones are doing fine. It’s the end of august and covid is still plowing through every city in India, Most of the people are just sitting sulking. What about Me? Im just…ah, I have a dilema, its just that I don’t have a freaking clue what the future holds, Today I go ‘age += 1’/ or level up and here is this months review.

This month is all over the place from begining to end, but think I’ve learned some things here and there.

Tech stuff

This month I got the chance to work on some nice tools like burp, nessus and zap. Along with the oppurtunity to learn to configuring headers in the server.

THE COMPARISON IS STRICLY BASED ON WEB APPLICATIONS, BURP PRO VS nessus trial VS ZAP.

Burp is pretty awesome, if you have pro, then you’ve chosen the right one.

Advantages of using burp:

  1. Its popular, atleast at the time of writing this, If you have any doubt in anything, you can find it using the n number of resources available online.
  2. Easy to use.
  3. Has community version.
  4. Has ton of awsome extensions.
  5. Easy to write extensions (extension support in python and java.). Even I wrote one, maybe I will post It in the future.
  6. Reports.
  7. Everything just works.

cons:

  1. Pro costs money,
  2. Some minor things can’t be done without writing own extension or a lot of research.for ex: I needed to add a particular header to map the entire site(discover).

ZAP:

Comparing ZAP and BURP is not okey, because they both are used for different purpose.

Advantages of burp.

  1. Easy to do a scan.
  2. implemented with selenium.
  3. reports.
  4. plugins support.

Cons:

  1. Buggy, lags. (maybe its just me, could not work on it for 15 minutes straight, crashes, freezes.)

nessus:

keep in mind (this is based on web application scanning)

Comparing nessus to above is a joke, its way too costly, all the things that can be done via nessus can be done with open source alternatives, the only thing you get using nessus is convenience, if you have a ton of money to throw away or if you want immediate scan results, nessus is the thing to go.

pros:

  1. you dont have to have indepth knowledge in concepts.
  2. Does everything for you in a few clicks.

cons:

  1. cost
  2. their ‘WAS’ package costs 3 lakhs, I mean why… (all the vulnerabilities/reports this thing finds can be found in open source alternatives.)
  3. Initial Installation time is way too long, compilation too slow, Im impatient.
HEADERS:

If the website is taken over by some javascript vulnerability then the first line of defence is just headers

  • by not allowing access of cookies to other sites,
  • by making cookie not accessible to javascript,
  • by transporting cookies only through https,

with response flags

  • secure flag
  • samesite flag
  • http flag

sample cookie from facebook.com


set-cookie:

sb=T8pJXwjf4x51HdF-qqumtNHT; expires=Mon, 29-Aug-2022 03:23:59 GMT; Max-Age=63072000; path=/; domain=.facebook.com;

secure;

httponly;

SameSite=None

Second line of defence would by Content Security Policy

CSP - Tells how javascript and css are included in the browser and executed, (xss). A good way is to check with csp evaluator

a sample from facebook


content-security-policy:

default-src * data: blob: 'self';

script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';

style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;

Reflection

Today is my birthday…i’m getting older, I feel like I don’t know a lot of things around my surroundings yet, I have to asses my future goals. My goal was to contribute to opensource as much as I can, May be I am wrong?, i don’t know yet. As for my career, I made up my mind to excell in a new domain. I will update what is happening in upcoming months and asses my career goals in next august.

peace bye!