What you should know about WAFs
Background Web application firewalls are commonly used to defend web applications (or mobile applications, APIs, etc) against known attacks.
At a basic level, they work by having a large set of rules which defines what bad or malicious requests to the site look like. You would set it up against a …
...Read Article
PCI DSS 4.0 Compliance
Over the last few weeks we have been having a number of conversations with clients about PCI DSS 4.0.1; specifically, where and how we could help them with being more compliant.
Firstly, let’s take a look at what PCI DSS 4.0 is.
The PCI Security Standards Council’s guideline document (Link in the …
...Read Article
Getting into Cybersecurity
We’re regularly getting people reaching out and asking for either jobs or career advice.
So what does it take to get into cybersecurity, and penetration testing in particular?
Caveats: These are the views of Pākiki, other pentesting companies may have different policies or things they value. If you …
...Read Article
3 Tips to Improve your Security Posture
It was our honour to present at TechFest, run by Canterbury Tech, on the 24th of May 2024. This talk was designed as an introduction to improving your business’s cybersecurity posture. It’s aimed at small to medium businesses who are either unsure of where to start, or are rolling out new systems. …
...Read Article
Windows Proxy Update
There hasn’t been a release last month, as we’ve got our heads down on the Windows build of the proxy. There’s still a lot to do (including in the UI space) but it’s progressing along well. We’re hoping to have something ready to test, with at least the Community Edition features within a couple of …
...Read Article
What Is an Intercepting Proxy?
That’s a great question.
An intercepting proxy is commonly used by security professionals in order to understand how an application communicates with a server, and to attempt to find security vulnerabilities by manipulating that traffic. An intercepting proxy is a tool we frequently use in …
...Read Article
February 2024 Proxy Release
Just a small release this month, with a new comments and metadata script for scanning already visited pages, along with a handful of bugfixes for MacOS:
Fix the progress bar from spinning if a script throws an error. Fix the right-click menu for manual requests, so that the “send to” options work. …
...Read Article
November 2023 Proxy Release
Changes: A relatively small release this month:
Fix performance of running scripts on MacOS. Upgrade the Flatpak Platform Fixed a bug where the licence wouldn’t be saved in some circumstances on Linux builds Known Issues In some cases, large files don’t render the first time in the hex view. …
...Read Article
October 2023 Proxy Release
Changes: A lot of user feedback has been incorporated this month with the following being added:
When filtering by scope, also filter the sitemap (Paid only) Allow searching within text request fields (MacOS only, GTK already had this) Fixed a bug where the CyberChef options didn’t always appear in …
...Read Article
September 2023 Proxy Release
Changes: The changes this month included:
Fix saving of restored projects if the application crashes Show the close button on search bars on GTK Change the GTK display of script groups to be more similar that of MacOS (Paid only) Refactor scripts so that their output is less confusing (Paid only) …
...Read Article
August 2023 Proxy Release
Changes: The changes this month included:
Add opt-in crash reporting Show the request for intercepted responses Apply match/replace rules to requests from all parts of the proxy (Paid only) Alert if an inject/script is likely to make requests which are out of scope (Paid only) Allow showing, hiding …
...Read Article
July 2023 Proxy Release
Changes: The changes this month have been adding documentation, and making UI tweaks:
Place requests and responses side-by-side rather than vertically Improve syntax highlighting to better handle headers on Linux Embed Cyberchef rather than using the online version Remove requests from the list if …
...Read Article
June 2023 Proxy Release
Massive release this month, with the completion of the match/replace functionality, a rebrand, UI enhancements, and dependency upgrades. Most features have had changes either visibly or under the hood.
Changes: We’ve changed the name from Proximity to Pākiki as people were trying to find Proximity …
...Read Article
Hack the Box Soccer Walkthrough
Recon I started by adding soccer.htb to my /etc/hosts file, by appending the line: 10.10.11.194 soccer.htb. This means that http://soccer.htb will work in our browser, as it will know where to look.
I kicked off basic reconnaissance within Pākiki Proxy while I took a look at the website - which …
...Read Article
Hack the Box Precious Walkthrough
Recon As always, I started with recon against the target. I initially started a portscan with nmap -A -p 0- -sS precious.ctb (which will scan all ports with a syn scan). Port 80 (HTTP) came back quickly, and so I started to look at that while the rest of the scan was underway. Nothing else came …
...Read Article
May 2023 Proxy Release
The initial foundation for the match/replace has been implemented. At this stage, replacement of request headers using regexes has been implemented as a proof of concept. Some major changes have occurred under the hood to facilitate this, and while testing hasn’t identify any bugs in other pieces of …
...Read Article
April 2023 Proxy Release
We’re pleased to announce the April 2023 release. Over the past month, we’ve added scope support to the Linux version. Otherwise we’ve been hard at work tweaking and polishing the MacOS version. We’re still looking for beta testers. Get in touch with us at support@pakikiproxy.com if you’re …
...Read Article
March 2023 Proxy Release
As you may have noticed, there hasn’t been a release in March - as we’ve been focusing on putting the finishing touches on the MacOS version. We’re really excited with how it’s looking.
Before we do a wider release, we’d like to open it up to beta testers. Get in touch with us at …
...Read Article
February 2023 Proxy Release
We’ve incorporated a bunch of feedback over the last month to the Linux version. One of the biggest changes was to move from Flatpak to .deb as the primary packaging mechanism. The user experience for installation was poor on Kali. Flatpak will still be supported for non-Debian based distributions. …
...Read Article