Jump to content


Global Moderators
  • Content Count

  • Joined

  • Last visited

  • Days Won


About digininja

  • Rank

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
    Sheffield, UK
  • Interests
    Hacking, Coding, Climbing

Recent Profile Visitors

20,748 profile views
  1. The Ducky is for injecting keystrokes, not for collecting them. We don't allow discussion of illegal hacking on these forums, please be careful what you are asking about.
  2. No hacking back, and if you know enough about them to send them details, go talk to the police.
  3. You did. If you meant fill the form in using JavaScript then surely you would have said that. Anyway, as before, you obviously know exactly how things will work so I'm out again. What I suggest is you go off and build this mighty project, show it working in a number of real world environments, and the come back here with a "See, I told so" post. Till then I still say it is way to over complicated to be practical in the real world.
  4. Does Chrome autofill on IP address based sites over HTTP rather than HTTPS? And is a user likely to have their router creds stored in Chrome in their phone? I don't.
  5. Get VMware or VirtualBox installed then, download some Linux ISOs and do some installations. Learn what they do, how the VM process works, how different types of networking affect things, how to communicate effectively between the VMs, and how to troubleshoot all the issues that come up as you go along. That will probably keep you busy for a while and give you a good idea of basic networking and virtualisation.
  6. You are paying for convenience vs effort and quality. If you want to build it all yourself, you'll have to put the time in, you'll probably learn more about building machines in the long term, which is good, but it will be a very slow start if as you are starting with very little knowledge of the area.
  7. If you want to try an environment were you don't have to worry about doing anything on your own machine, try Pentester Academy, you do all their stuff through a browser. They give you access to a test machine which then has access to the vulnerable targets. A very good setup and easy to use but I'm biased as I'm one of their course authors.
  8. TOR is a routing protocol, it doesn't have Captchas. What is the actual problem you are having?
  9. You were talking about webview, not standard browsing.
  10. There are two types of web traffic, HTTP and HTTPS. Assuming the application is using HTTPS and not doing certificate checking, which most should be doing, I'll admit though, not all, you will not be able to proxy or modify any of the web traffic. This will block you injecting things. You would have to hope to get lucky and either see HTTP traffic or find a request from an app that isn't doing cert checking. The link to the article doesn't mention certificates or how to get around them. And on the webview, unless the application has caching enabled, which from that one article (could
  11. You can't control the webview though, only the http response. An extra thought, you'd have to find one that was running over http or didn't do certificate checking to inject your code in.
  12. Did you check about webview caching responses? Looks like it doesn't by default so you would need to find an instance where it is enabled https://stackoverflow.com/questions/34606785/how-to-enable-caching-in-webview-android#:~:text=You can use the WebView cache to enable caching in WebView.
  13. If you can write it as a very stable module that works in over 90% of cases and appealed to the masses then it might get added. But I can't see this getting there, as I said before, this seems like a very niche attack that is going to be quite fiddly to get working practically outside the lab.
  14. If it is Burp, not brup, you want help with, not sure where to ask, have you looked to see if Portswigger has a forum?
  • Create New...