Letsencrypt certificates for your python HTTP servers

Back in 2016 I blogged about how to do simple HTTP or HTTPS servers with python. You need to use these if you want to temporarily host files, and to investigate SSRF issues properly. There my skills sat until recently the user-agent that was making the SSRF request was actually verifying the certificate. How rude!… Continue reading Letsencrypt certificates for your python HTTP servers

Using Jython’s PIP to add dependencies to Burp Extenders

Ever wanted to use 3rd party python libraries when making a Burp Extender? I had somehow avoided it until recently. Warning: Be aware before pasting in the commands below that I think they configure your new pip environment and store all dependencies inside a new folder within the current directory. In a nutshell it works… Continue reading Using Jython’s PIP to add dependencies to Burp Extenders

Using Python and Scapy to hunt for VLAN IDs

A customer asked me to check for Cisco┬áDiscovery┬áProtocol (CDP) based VLAN hopping on their LAN. It had been reported the year before and, while they hoped that it had been addressed, they wanted me to confirm that it had. When pentesting it can often be the case that you are basically verifying the solutions to… Continue reading Using Python and Scapy to hunt for VLAN IDs