Burp Extension Development

Thanks to Al for helping me to compile this. General For debugging (and modularity in general), be sure to separate out your logic from the file with the BurpExtender class, which is what Burp needs for the thing to work. This file should be stripped down to the bare essentials.…

Splunk Notes

URI Path for web application If you want to look at the information for a web application with a specific uri path and accommodate any number of parameters sitetolookat.com sourcetype=<some source type you have> url="/uri/path/file.php*" Get traffic for an ip…

Metasploit Cheatsheet

Setup the Database service postgresql start kali msfdb init Test it: msfconsole db_status You'll know it worked if you see [*] postgresql connected to msf. Resource: https://docs.kali.org/general-use/starting-metasploit-framework-in-kali Troubleshooting database connectivity issues Start by restarting the postgres service: service postgresql restart If that doesn't work, try…

HashiCorp Vault Research

Nice introduction: https://mycodesmells.com/post/introduction-to-vault Fun write-up: https://www.davidbegin.com/cubbyhole-backend-and-response-wrapping/ Token info: https://www.vaultproject.io/docs/concepts/tokens.html Cool dev implementation series with OSX and lastpass: https://blog.alanthatcher.io/fun-and-profit-with-vault-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-3/ Single-use implementation: https:…

Bash Cheatsheet

I've gotten tired of googling the same things over and over again. While loops Note to self: If you find yourself doing this, you should probably stop and reevaluate why you're not using python. Also, this is obviously an infinite loop, and is probably not going to be especially helpful.…