|
|
Modules for Manual Penetration Testing of a Web Application
Heriban, Radoslav ; Martinásek, Zdeněk (oponent) ; Šeda, Pavel (vedoucí práce)
The main goal of this master's thesis was development of Burp Suite extension capable of interacting with various other automated tools, accompanied with development of a web application. Chapter two contains analysis of tools commonly used in penetration testing that could benefit from the ability to share Burp Suites data or functionality. The programming languages used were Java and JavaScript. The extension acts as a gateway to inner functionality of Burp Suite. It enables exfiltration of in memory objects such as sitemap, proxy history or found issues in JSON format to other tools, and also listens for incoming data that can be inserted into it's existing modules such as Repeater, Scanner, Spider or Comparer. Frontend application was written using JavaScript library React. The web application offers a graphical visualization of issue data.
|
|
|
Network traffic and cyber attacks generator on the FPGA platform
Heriban, Radoslav ; Smékal, David (oponent) ; Lieskovan, Tomáš (vedoucí práce)
This thesis is focused on the most common and every day more popular threat of DoS attacks. All networks are vulnerable to this kind of attack, and with growing popularity and intensity it shouldn't be underestimated. The goal of this thesis was creating hardware accelerated generator of DoS traffic intented for testing our own networks and identifying the risks. FPGA technology is used for this task, since it has proven to be more effective way of prototyping hardware design then developing ASIC. The language used to describe desired design behavior is VHDL. Designed ICMP and UDP flood attacks are simulated in Xilinx ISE development environment. Description of problems faced before any result was reached is also included for future researchers interested in similar projects.
|
|
|
Modules for Manual Penetration Testing of a Web Application
Heriban, Radoslav ; Martinásek, Zdeněk (oponent) ; Šeda, Pavel (vedoucí práce)
The main goal of this master's thesis was development of Burp Suite extension capable of interacting with various other automated tools, accompanied with development of a web application. Chapter two contains analysis of tools commonly used in penetration testing that could benefit from the ability to share Burp Suites data or functionality. The programming languages used were Java and JavaScript. The extension acts as a gateway to inner functionality of Burp Suite. It enables exfiltration of in memory objects such as sitemap, proxy history or found issues in JSON format to other tools, and also listens for incoming data that can be inserted into it's existing modules such as Repeater, Scanner, Spider or Comparer. Frontend application was written using JavaScript library React. The web application offers a graphical visualization of issue data.
|
|
|
Network traffic and cyber attacks generator on the FPGA platform
Heriban, Radoslav ; Smékal, David (oponent) ; Lieskovan, Tomáš (vedoucí práce)
This thesis is focused on the most common and every day more popular threat of DoS attacks. All networks are vulnerable to this kind of attack, and with growing popularity and intensity it shouldn't be underestimated. The goal of this thesis was creating hardware accelerated generator of DoS traffic intented for testing our own networks and identifying the risks. FPGA technology is used for this task, since it has proven to be more effective way of prototyping hardware design then developing ASIC. The language used to describe desired design behavior is VHDL. Designed ICMP and UDP flood attacks are simulated in Xilinx ISE development environment. Description of problems faced before any result was reached is also included for future researchers interested in similar projects.
|
host ::
RSS.