Showing Posts About

Oliver simonnet

A bit of a Fixer Upper - Testing FIX-backed applications

This article explores testing and intercepting FIX protocol applications using MitM_Relay and Burp Suite. A custom Python script was developed to maintain message integrity when modifying FIX messages. A Burp extension called "Fixer Upper" was created to simplify FIX message interception and modification.

GWTMap - Reverse Engineering Google Web Toolkit Applications

GWTMap is a novel tool for reverse engineering Google Web Toolkit (GWT) applications. The tool extracts and maps service method endpoints from obfuscated client-side code across different GWT versions. It enables cybersecurity professionals to generate example GWT-RPC request payloads and analyze the attack surface of GWT-based web applications.

Forging SWIFT MT Payment Messages for fun and pr... research!

A proof-of-concept attack demonstrated how a fraudulent SWIFT MT103 payment message could be forged and injected directly into a message queue. By leveraging system trust relationships and compromising a Message Queue administrator's access, a payment message could be introduced upstream in the payment processing system. The attack bypassed traditional security controls by targeting the message queue infrastructure rather than payment operators or application interfaces.

Getting Real with XSS

This article provides a comprehensive guide to practical Cross-Site Scripting (XSS) attacks in modern web applications. It explores technical challenges such as innerHTML limitations, Content Security Policy (CSP) restrictions, and techniques for bypassing browser security controls. The guide demonstrates how to craft meaningful XSS payloads that go beyond simple alert demonstrations.