gettin dirty with Burp's extender API/GUIs. not very fun so far, but getting somewhere!
working on an extension that hides tabs I never use (sequencer, decoder...), and "groups" tabs/extensions i use the most.
useful to my lil ADD brain when i have a ton of extensions loaded!
#appsec
a story in 3 acts. thank u mr ai. u can skip jail and go back to ur occupations.
Can you spot the vulnerability? #codeadvent2022 #csharp #appsec
Something was forgotten in this API handler, but what?
https://www.sonarsource.com/knowledge/code-challenges/advent-calendar-2022/?day=3
@SonarResearch The hostname part of the URL does not end with a slash. The appended user input from the `path` parameter can change the domain of the API request which could leak the Authorization environment variable.
The domain github.computer is available and could be reached by the API handler if the `path` parameter is set to "puter".
Them: "Mastodon is hard to use."
Me: _gets started easily_
#coops
Them: "The #fediverse is fragmented - hard to find anyone."
Me: _easily finds many folks here I know or enjoy_
👋
Them: "It's just white male tech nerds"
Me: _discovers fairly robust presence of non-white, non-male folks_
✊
Them: "It's set up so it's antiviral"
Me: _sees more interest in my thoughts here than ever on the birdsite_
🙃
Them: "Local servers are like isolated islands."
Me: _finds a canoe to explore archipelago_
🛶
Sonar Research
becojo
christina b
Richard Littler
Félix