Enjoying HackerOne’s CTF?
If you want to make sure not to inadvertently miss any single flag while skimming through web pages, you can ask ZAP to catch them for you with this regex: ^\^FLAG\^[\w\d]{64}\$FLAG\$$
A “Flag” tag will appear next the requests containing a flag in their response:
This technique is particularly useful when a flag appears in a non-obvious location such as an HTML comment.
Scapy is an incredible tool when it comes to playing with the network. As it is written on its official website, Scapy can replace a majority of network tools such as nmap, hping and tcpdump.
One of the features offered by Scapy is to sniff the network packets passing through a computer’s NIC. Below is a small example:
This little sniffer displays the source and the destination of all packets having an IP layer:
$ sudo python3 sniff_main_thread.py
[*] Start sniffing...
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.30 -> 10.137.2.1
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.1 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 10.137.2.30 -> 216.58.198.68
[!] New Packet: 216.58.198.68 -> 10.137.2.30
[!] New Packet: 10.137.2.30 -> 216.58.198.68
^C[*] Stop sniffing
It will continue to sniff network packets until it receives a keyboard interruption (CTRL+C).
Angular has different mechanisms for sharing data between components. The choice of the sharing method mostly depends on the relationship of the related components. Typically, within the context of a parent-child topology, the most straightforward choice would be to use the @Input and @Output decorators. For sibling components, relying on a data sharing service seems to be the most obvious solution. In any case, once you have settled on the choice of a communication topology, you need to decide which data propagating mechanism to use.
Generally, components use EventEmmiter objects to share data with each other. When you pass data into an Angular component with an @Input decorator, you are actually using an EventEmitter object. Although this solution is appropriate for the majority of situations, this is not always the case. Let’s consider the following example:
Running unit tests for front-end web applications require them to be tested in a web browser. While it’s not an issue on a workstation, it can become tedious when running in a restricted environment such as a Docker container. In fact, these execution environments are generally lightweight and do not contain any graphical environment.
One solution to work around this issue is to use a headless web browser designed for development purposes, like PhantomJS. While it’s an elegant solution for testing an application, it would be even better to test it directly in a web browser which will be used by the end-users in order to match real conditions of use, for examples Firefox or Chromium/Google Chrome. However, as mentioned above, it is needed to find a way to execute a regular web browser in a restricted environment.
I think it is obvious to say that the security of your online payments is critical if you don’t want to have an unpleasant surprise one day when checking your account statement. That’s why most banks have added a two-step authentification security process to their online payment system. That way, you have to confirm your online payment with a one-time password sent via text message or other method by your bank. However, not every website supports this feature, leaving you defenceless if someone steals your credit card information.