Feb 17, 2020
Posted in blog, New Products, Reviews, Tools, Windows
In this Part 2 review of Recover Keys, we will look at how
we can scan machines via the network. For most users, I don’t believe this
option will be used too often. The average home user that purchase a license
for personal use could just uninstall and install the tool on each machine they
want to grab license keys off of, or buy a license for multiple machines.
For larger organizations this tool is excellent as it can be installed in one location on a single machine. You also get the ability of being able to extract the license keys via the network, which makes this tool much more efficient and valuable. At the end of the day it is all about saving and making the best use of time.
If you haven’t read Part 1 of using Recover Keys (scanning a local machines) you can check it out here: https://www.stealthbay.com/recover-keys-part-1-scanning-a-local-machine/
Read more Of This Post
Apr 24, 2017
Posted in blog, Featured, Information Security, Tools, Tutorial
BurpSuite & ZAP Bypass Proxy
I wanted to make this tutorial for users that might get stuck in a similar situation.
I was security testing a website using Burpsuite and would end up with SSL Handshake failures. And, it really made no sense at first since Burpsuite uses Java. And, I had the latest version of Java installed on my machine. Burpsuite was giving me SSL Handshake failure alerts and was asking me to install JCE Strong Cipher policies. Turns out the website was using VERY strong ciphers (which is a very good thing). And, they were using no medium or outdated ciphers.
Now, these ciphers are so strong that even the latest Java package does not contain them….yet.
So that meant I had to find another way to use Burpsuite, but still have the ability to make a proper SSL handshake using the strong ciphers. I then turned to another similar product called OWASP ZAP. This is a great product and I have used it back when I didn’t quite have the funds to purchase Burpsuite. What I realized was that I could use Burpsuite and have ZAP filter my traffic for me. For some reason ZAP has all of the strong ciphers and did not fail the SSL handshake, which meant I could transfer traffic as:
Browser -> Burpsuite -> ZAP -> Webserver
(more…)