Comments for OWASP O2 Platform Blog

Comment on Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform by Dinis Cruz

Dinis Cruz — Wed, 20 Mar 2013 23:29:31 +0000

The idea behind using that HTML injection was to automate that process and not require the use of a proxy like fiddler

Btw, have you checked the web proxy tool that is in the O2 Scripts folder?

Comment on Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform by Dinis Cruz

Dinis Cruz — Wed, 20 Mar 2013 23:27:02 +0000

It should be possible, that is just an extension method that uses the IE object capability to add HTML to an element

Another option is to use a JavaScript framework to do it (like jquery)

Comment on Dealing with “The server committed a protocol violation. Section=ResponseStatusLine” by The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF « Nurkartiko

Thu, 31 Jan 2013 02:46:37 +0000

[...] Enable/disable useUnsafeHeaderParsing. // See http://o2platform.wordpress.com/2010/10/20/dealing-with-the-server-committed-a-protocol-violation-se… public static bool ToggleAllowUnsafeHeaderParsing(bool enable) { //Get the assembly that contains [...]

Comment on FxCop Security rules : A nice to have feature on top of O2 platform by Dinis Cruz

Dinis Cruz — Fri, 20 Jul 2012 05:35:44 +0000

Here is a reddit to about this article: http://www.reddit.com/r/CatNet/comments/wtxjy/fxcop_security_rules_a_nice_to_have_feature_on/

Comment on Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform by Michael Hidalgo

Michael Hidalgo — Wed, 06 Jun 2012 14:41:46 +0000

Thanks for your comment.
There are several ways to inject HTTP Post for fields using the frameworks you mentioned. For Selenium Webdriver, you can inject HTTP form fields by injecting JavaScript. There are some approaches on top of Selenium to achieve this : http://seleniumhq.org/docs/05_selenium_rc.html.
Keep in mind that when working with HTTP POST, rather than sending URL parameters you are sending the content as a part of the body of the request. For better usage you can capture the local traffic by using Fiddler2 .

Hope this helps.

Comment on Installing O2′s Visual Studio Add-in, Script environment in Visual Studio IDE by Installing O2′s Visual Studio Add-in, Script environment in Visual Studio IDE | Code to Preload

Sun, 27 May 2012 12:00:57 +0000

[...] Article Source: Installing O2′s Visual Studio Add-in, Script environment in Visual Studio IDE. [...]

Comment on Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform by msiles

msiles — Fri, 25 May 2012 17:19:32 +0000

Sweet, sounds very interesting….. I just have a couple of questions about the automation script, do you guys know if we can do the same fields injection using other automation tools like watir, webdriver etc

I think the magic is on line 72

Action injectField =
(fieldName, value)=>{
ie.field(“FirstName”)
.injectHtml_afterEnd(”
{0}:”.format(fieldName, value));
};

Comment on Automating the Download of a GitHub ZipFile (using IE’s WatiN) by Dinis Cruz

Dinis Cruz — Fri, 25 May 2012 10:17:38 +0000

I think you meant it had an extra tag (which I just removed)

Thanks

Comment on Exploiting Microsoft MVC vulnerabilities using OWASP O2 Platform by Michael Hidalgo

Michael Hidalgo — Sun, 20 May 2012 04:05:05 +0000

Reblogged this on Software Engineering in Costa Rica and commented:

I just wrote an interesting article about exploiting MVC vulnerabilities using OWASP O2 Platform. Dinis Cruz wrote the great O2 script.

Comment on Automating the Download of a GitHub ZipFile (using IE’s WatiN) by fabriciobraz

fabriciobraz — Fri, 18 May 2012 12:01:31 +0000

In the line 10 from the first code, you missed a tag