Sunday, November 14, 2010

Updated version coming soon...

Hello all,
I'm working on adding a few more server side resources as well as dropping in some more test cases for WBTS. I currently can't provided a number of them due to them being active vulnerabilities in BlackBerry. One of the server side resources will allow you to save and retrieve requests. This will be useful for tests which you want to make a request to say, victim.com but be able to see the request from attacker.com. This is achieved by creating a new temporary database, and mapping two new resources. /saveRequest?id=&data= and /getRequest?id=&mode. When saving, you can pass in optional data, but the primary purpose is to log the full request so we can save the request line, headers and body data. When retrieving, you can retrieve the data from any WBTS domain provided you know the ID. You can return data in one of three types: XML, JSON or HTML. I hope to have this latest version out by the end of November.

Sunday, November 7, 2010

Speaking at PacSec.jp 2010

Just a quick update,
I'll be speaking on WBTS at PacSec this Thursday which is located at Aoyama Diamond Hall near the Omote-sando stop on Ginza-sen: http://pacsec.jp/travel.html.