Jonathan CooperinGeek CultureFuzzing File Uploads With Burp IntruderApps and websites often need to allow users to upload files for various reasons. Sometimes users need to upload arbitrary files, such as on…4 min read·Jul 21, 2021----
Jonathan CooperHacking HTTP with HTTPfuzzSo you’ve been given a web app to pentest. Maybe it’s a banking app or a document workflow system. Either way, you need to make sure it’s…5 min read·Dec 19, 2020----
Jonathan CooperJudas: back from the deadIf you’ve been reading this blog since the start, you’ll remember Judas, the pluggable open-source phishing proxy. I wrote Judas to prove…4 min read·Oct 5, 2020----
Jonathan CooperPrinting Money With TD Ameritrade’s APILearn how to build trading bots with TD Ameritrade’s API7 min read·Aug 13, 2020--7--7
Jonathan CooperExploring Android apps for fun and profitSmartphones have become an extension of our bodies. We use mobile apps for everything from sending money to shooting movies, but for the…2 min read·Aug 7, 2020----
Jonathan CooperEasy private networks with WireguardHTTPSI’ve been experimenting with Wireguard as a VPN to protect my internet traffic from local snoopers and communicate between all my devices…3 min read·Jul 23, 2020----
Jonathan CooperCloak and Dagger — Malware Techniques DemystifiedThe cloak and dagger attack exploits a combination of drawing over other apps and the large amount of access to other apps given to…3 min read·Apr 10, 2019----
Jonathan CooperDisabling OkHttp’s SSL Pinning on Android AppsYour target has an Android application and you want to walk through their API to check for server-side vulnerabilities. You configure the…2 min read·Aug 13, 2018--4--4
Jonathan CooperAutomated API testing with PostmanPostman is an excellent API testing tool for developers, QA testers and penetration testers. Its UI allows you to easily send HTTP requests…5 min read·Jul 19, 2018--1--1
Jonathan CooperGo phishing: Extending the proxyIn the last post, Judas got SOCKS proxy and SSL support to make the proxy sneakier, but all the proxy can do is dump the requests and…2 min read·Mar 12, 2018----