My new Youtube channel: jmp call pop

and my first video is now published:

Photo by Arget on Unsplash

Update: user RelativeTrifle at the ReverseEngineering subreddit pointed out to me that this is not a new concept, as Johannes Kinder had already written about it in 2010 while calling it “overlapping instructions”. This paper was mentioned at StackExchange in 2013. While I did research terms and expressions in order to figure out if this technique had been mentioned before, it is very hard to guess what it could be called by someone else. Therefore, I apologize to Johannes Kinder for having had the “new” in the title, as it isn’t. However, I will still keep this article as it…

There are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp Repeater, and (cautiously) even Burp Proxy. There’s also Grep-Extract and pitchfork attack type specifically for Intruder. And, you might even develop your Burp Extension to do it. Sqlmap has a –csrf-token and a –csrf-url for the same purpose, or you can just configure Burp as previously stated, and run sqlmap through Burp using –proxy.

Now, here’s another way, using CGIHTTPServer from python.

The lab

The lab is a simple PHP/mysql environment, in which you login to access…

André Lima

Reverse Engineer / exploitdev/ researcher; more info at https://andrelima.info

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store