Posts by András Veres-Szentkirályi

• Our new scanner for Text4Shell
• Our new tool for enumerating hidden Log4Shell-affected hosts
• Decrypting and analyzing HTTPS traffic without MITM
• Unix-style approach to web application testing
• Wide open banking: PSD2 and us
• Patching Android apps: what could possibly go wrong
• Evading Cisco AnyConnect blocking LAN connections
• Decrypting Eazfuscator.NET encrypted symbol names
• Our take on social engineering
• The curious case of encrypted URL parameters
• Snow cannon vs. unique snowflakes — testing registration forms
• Not so unique snowflakes
• Beyond detection: exploiting blind SQL injections with Burp Collaborator
• Accessing local variables in ProGuarded Android apps
• Detecting ImageTragick with Burp Suite Pro
• iOS HTTP cache analysis for abusing APIs and forensics
• You’re not looking at the big picture
• Testing stateful web application workflows
• Proxying nonstandard HTTPS traffic
• Quick and dirty Android binary XML edits
• Sanitizing input with regex considered harmful
• Testing websites using ASP.NET Forms Authentication with Burp Suite