Profile

Cover photo
Rafay Baloch
Works at RHA
Attended Bahria Foundation School
Lives in -Pakistan
4,452 followers|42,740,675 views
AboutPostsPhotosYouTube+1's

Stream

tl;dr This exploit is an issue present in Android browser < 4.4 and several other android browsers which allows an attacker to read sqlite cookie database file and hence exposing all cookies. Along with it we also talk about a Cross Scheme Data exposure attack in Android < 4.4.
4
Halil baloch's profile photoJoshua rompilli's profile photoKhushbu P's profile photoD Mahmoud's profile photo
6 comments
 
Hi
Add a comment...
 
New version of Netsparker automatically detects DOM XSS vulnerabilities
https://www.netsparker.com/blog/releases/netsparker-3-5-features-highlight/
The new Netsparker can automatically detect DOM XSS vulnerabilities and has a new crawler allowing you to crawl a wider variety of websites and scan them.
5
Add a comment...

Rafay Baloch

Shared publicly  - 
3
Add a comment...

Rafay Baloch

Shared publicly  - 
 
Are we taking the right approach to solving existing password problems?, https://www.netsparker.com/blog/web-security/passwords-pass-phrases-ideological-divide/
This whitepaper talks about the efficiency of building complex passwords and about other alternatives to complex passwords, such as pass phrases.
1
sheilly azimi's profile photoAdam Salisonn's profile photo
2 comments
 
Sorry for late respond, i actually seldom check my gmail account, anyway i don't understand yuor question Sheilly please?
Add a comment...

Rafay Baloch

Shared publicly  - 
 
RHAInfosec #XSS challenge 2 is up...Based upon real world xss protections and to test your abilities of thinking out of the box. 
http://www.rafayhackingarticles.net/2014/06/rhainfosec-xss-challenge-2.html
If all you can do is ">, then our humble apologies this challenge is not for you. The WAF can be very hard, if you don't know how to properly reverse engineer filter rules. You could refer to my "XSS Filter evasion Cheat sheet" for ideas on cracking this challenge.
1
Add a comment...
In his circles
83 people
Have him in circles
4,452 people
osho aiyemenre's profile photo
Francisco Zanatta's profile photo
Khan Sahab's profile photo
Nikhil Teja's profile photo
Durruti garcia's profile photo
Johan Maritz's profile photo
Ajay Prajapati's profile photo
Shelu Nagori's profile photo
vamshikrishna mvk's profile photo

Rafay Baloch

Shared publicly  - 
 
Releasing: Android Browser Same Origin Policy Bypass #0day - http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html
Introduction. Same Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. The origin is formed by the ...
5
1
sunny singh's profile photoPankaj Narang's profile photomarlies doering's profile photo
3 comments
 
Rafay pls provide your gmail id I have one urgent work for you
Add a comment...

Rafay Baloch

Shared publicly  - 
 
HTML5 Modern Day Attack And Defence Vectors Paper By Rafay Baloch
Quoting the author: IT has been more than six years since the advent of HTML5 (dated back 2008), and as the time has passed by we have seen more and more websites utilizing HTML5 features and have witnessed that technologies like flash and silverlight are d...
Learn How To Hack from The Basics. Become an Ethical Hacker and Protect Yourself from Malicious Hack Attacks. Get cool PC Tricks, Tips, and more.
7
1
Rafael Fontes Souza's profile photo
Add a comment...

Rafay Baloch

Shared publicly  - 
1
Jack Hester's profile photo
 
I'm looking to recover a facebook password
Add a comment...
4
Add a comment...
People
In his circles
83 people
Have him in circles
4,452 people
osho aiyemenre's profile photo
Francisco Zanatta's profile photo
Khan Sahab's profile photo
Nikhil Teja's profile photo
Durruti garcia's profile photo
Johan Maritz's profile photo
Ajay Prajapati's profile photo
Shelu Nagori's profile photo
vamshikrishna mvk's profile photo
Work
Occupation
Ethical Hacker, Penetration Tester
Employment
  • RHA
    Founder/Admin, present
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
-Pakistan
Previously
- - -
Story
Tagline
Hi everyone, I am an independent security researcher, I got interested in hacking at the age of 14 and since then I am learning and exploring new things every day. I don't claim to be the best hacker, however unlike a lot of them i share what i learn.
Introduction

Rafay Baloch

CPTE, CPTC, CSWAE, CVA, CSS, OSCP, CCNA, CCNP ROUTE, OSWP, eWAPT, eCSS
Education
  • Bahria Foundation School
Basic Information
Gender
Male
Relationship
In a relationship
Rafay Baloch's +1's are the things they like, agree with, or want to recommend.
Sucuri WAF XSS Filter Bypass | Learn How To Hack - Ethical Hacking and s...
www.rafayhackingarticles.net

Introduction. Sucuri Cloud Proxy is a very well known WAF capable of preventing DOS, SQL Injection, XSS and malware detection and prevention

Multiple PDF Vulnerabilities - Text and Pictures on Steroids
insert-script.blogspot.com

I had the pleasure to talk at the HackPra in Bochum on 22.10 this year. My topic was about Adobe Reader and the vulnerabilites I found in ve

Android Browser Cross Scheme Data Exposure Attack | Learn How To Hack - ...
www.rafayhackingarticles.net

tl;dr This exploit is an issue present in Android browser &lt; 4.4 and several other android browsers which allows an attacker to read sqlite c

Bad Meets evil - PHP meets Regular Expressions | Learn How To Hack - Eth...
www.rafayhackingarticles.net

This article would briefly discuss the reason why Regular Expressions might not be suitable for filtersand how things could turn miserably b

Google Patches Second "Same Origin Policy" Bypass Flaw in Android Browse...
www.securityweek.com

A Same Origin Policy (SOP) bypass vulnerability has been identified in the Android browser installed by default on versions of the operating

A Tale Of Another SOP Bypass In Android Browser &lt; 4.4 | Learn How To ...
www.rafayhackingarticles.net

Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a b

Android Browser Same Origin Policy Bypass | Learn How To Hack - Ethical ...
www.rafayhackingarticles.net

Introduction. Same Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic idea

A Simple Design Flaw In WhatsApp Leading To DOS | Learn How To Hack - Et...
www.rafayhackingarticles.net

WhatsApp is the choice of millions of people across the world for sending free messages, pictures, audios etc. As a reason of which it has b

Puffin Web Browser Pop Up Recursion Vulnerability - DOS | Learn How To H...
www.rafayhackingarticles.net

During my recent security research on "Puffin Web Browser" I found several security bugs with "Puffin Web Browser" ranging from low to high

Ethical Hacking and Penetration Testing Guide - Rafay Baloch - Google Books
books.google.com.pk

books.google.com.pk - This book introduces the steps required to complete a penetration test, or ethical hack. Requiring no prior hacking ex

Puffin Web Browser Address Bar Spoofing Vulnerability | Learn How To Hac...
www.rafayhackingarticles.net

During my recent research on Mobile browsers i have managed to find couple of interesting vulnerabilities such as SOP bypass, Denial of serv

Rhainfosec XSS Challenge 2 - Writeup | Learn How To Hack - Ethical Hacki...
www.rafayhackingarticles.net

We blacklisted alert, prompt, confirm, document.write functions which are most commonly used to execute javascript. We blacklisted open &amp; cl

A Simple Design Flaw In Qmobile's Messaging System | Learn How To Hack -...
www.rafayhackingarticles.net

Introduction. This post describes a simple design flaw inside of Qmobile handsets and describes why you shouldn't rely upon built in passwor

RHAinfoSec XSS Challenge - 2 | Learn How To Hack - Ethical Hacking and s...
www.rafayhackingarticles.net

If all you can do is &quot;&gt;, then our humble apologies this challenge is not for you. The WAF can be very hard, if you don&#39;t know how to properl

Hardening Wordpress Security By Monitoring Malicious User Activities | L...
www.rafayhackingarticles.net

WordPress has become the most popular content management system; it drives more than 20% of the websites on the internet. Such popularity ha

Indispensible Need of National CERT in Pakistan | Learn How To Hack - Et...
www.rafayhackingarticles.net

In this advanced era where science and technology have become quite advanced, it leave not be incorrect to state that technology has become

DDOS: The Modern Website's Kryptonite | Learn How To Hack - Ethical Hack...
www.rafayhackingarticles.net

Denial of Service and the Distributed Denial of Service Attacks have recently emerged as one of the most newsworthy, if not the greatest, we

elearnsecurity Advanced Reverse Engineering Of Software - Review | Learn...
www.rafayhackingarticles.net

There is a saying "To understand how something works, you must take it apart and unravel its secrets" that's exactly what reverse engineerin

What is the .htaccess file and what do I use it for? | Learn How To Hack...
www.rafayhackingarticles.net

.htaccess - The Point of Discussion HT(Hyper Text) access file is actually a directory level configuration file which supports handsome numb

DOM XSS Explained - Part 1 | Learn How To Hack - Ethical Hacking and sec...
www.rafayhackingarticles.net

Cross Site scripting (XSS) has been a problem for well over a decade now, XSS just like other well known security issues such as SQL, XPATH,