mod%log

At modzero we do a lot of security testing and, on a regular basis, we write tools to do our work more efficiently. This week Jan Girlich and Tobias Ospelt of modzero took some time to review some of their tools and make three of them available to the public on GitHub.

Jan wrote a Proof of Concept (PoC) Android app that allows exploiting Java object deserialization vulnerabilities in Android and named this project modjoda (modzero Java Object Deserialization on Android). To test the issue, he also wrote a vulnerable demo application to try the exploit on.

mod0schubser was written by Tobias and provides a simple TCP- and TLS-level Man-In-The-Middle (MITM) proxy for people with Python experience. It can be used when all the other proxy tools seem to be too complicated. Additionally, he wrote mod0cookiedealer, a tool to demonstrate the impact of missing HTTP cookie flags (secure and HTTPonly). If you remember Firesheep, mod0cookiedealer is simply a modern implementation of Firesheep as a browser web-extension.