April 2019 – OffSec Blog

Local File Inclusion (LFI)

April 16, 2019

| LFI/RFI, Web Exploiting

Scripts that takes filenames as parameters without sanitizing the user input is typically good candidates for LFI vulnerabilities. For […]

Read More →

Decrypting SSL/TLS Traffic with SSLSESSIONKEY and Wireshark

April 15, 2019

| Network Mapping, Recon Tools, Web Enum

Decrypting SSL/TLS traffic from browser (Firefox / Chrome) is possible by using a SSL Session Key, that gets written […]

Read More →