Biped Bob Walks and Dances

If you have a few servo motors, an Arduino, and a Bluetooth module, you could make Biped Bob as a weekend project. [B. Aswinth Raj] used a 3D printer, but he also points out that you could have the parts printed by a service or just cut them out of cardboard. They aren’t that complex.

Each of Bob’s legs has two servo motors: one for the hip and one for the ankle. Of course, the real work is in the software, and the post breaks it down piece-by-piece. In addition to the Arduino code, there’s an Android app written using Processing. You can build it yourself, or download the APK. The robot connects to the phone via BlueTooth and provides a simple user interface to do a few different walking gaits and dances. You can see a few videos of Biped Bob in action, below.

This wouldn’t be a bad starter project for a young person or anyone getting started with robotics, especially if you have a 3D printer. However, it is fairly limited since there are no sensors. Then again, that could be version two, if you were feeling adventurous.

We have mixed feelings about the BlueTooth control. BlueTooth modules are cheap and readily available, but so are ESP8266s. It probably would not be very difficult to put Bob on WiFi and let him serve his own control page to any web browser.

If Bob meets Jimmy, he may find himself envious. However, Jimmy would be a little more challenging to build. We’ve actually seen quite a few walking ‘bots over the years.

Filed under: 3d Printer hacks, Android Hacks, robots hacks http://ift.tt/2rZG1Xv http://ift.tt/2aM8QhC

Anúncios

Biped Bob Walks and Dances

If you have a few servo motors, an Arduino, and a Bluetooth module, you could make Biped Bob as a weekend project. [B. Aswinth Raj] used a 3D printer, but he also points out that you could have the parts printed by a service or just cut them out of cardboard. They aren’t that complex.

Each of Bob’s legs has two servo motors: one for the hip and one for the ankle. Of course, the real work is in the software, and the post breaks it down piece-by-piece. In addition to the Arduino code, there’s an Android app written using Processing. You can build it yourself, or download the APK. The robot connects to the phone via BlueTooth and provides a simple user interface to do a few different walking gaits and dances. You can see a few videos of Biped Bob in action, below.

This wouldn’t be a bad starter project for a young person or anyone getting started with robotics, especially if you have a 3D printer. However, it is fairly limited since there are no sensors. Then again, that could be version two, if you were feeling adventurous.

We have mixed feelings about the BlueTooth control. BlueTooth modules are cheap and readily available, but so are ESP8266s. It probably would not be very difficult to put Bob on WiFi and let him serve his own control page to any web browser.

If Bob meets Jimmy, he may find himself envious. However, Jimmy would be a little more challenging to build. We’ve actually seen quite a few walking ‘bots over the years.

Filed under: 3d Printer hacks, Android Hacks, robots hacks http://ift.tt/2rZG1Xv http://ift.tt/2aM8QhC

XssSniper google chrome extensions: Automatically Detect DOM-XSS Vulnerabilities – Penetration Testing

Introduction to XssSniper extensions

The implicitly exported DomXSS vulnerability has been difficult to discover by traditional scanning tools, and XssSniper relies on the expansion of the Chrome browser to quickly and accurately discover the DomXSS vulnerability through dynamic resolution.

In addition, this extension not only finds implicit output of XSS, but also displays display output for DomXSS, Reflective XSS, automatically finds JSONP’s XSS, and detects SOME vulnerabilities (homologous method execution).

Principle

XSS detection principle

This extension uses two methods to detect DOMXSS.

The first method: FUZZ

This detection method is very low false alarm rate, as long as they are detected are all loopholes. But the cost is false rate is relatively high. Specifically, in the current page to create a stealth iframe, in this iframe using different combinations of characters truncated payload to fuzz the current page of each url parameters, and location.hash parameters. If the payload is executed, the vulnerability must exist.

The second method: monitoring js wrong changes

If the xss exists in a way that is relatively subtle, or requires a very complex combination of characters to cut off, payload is not normal execution, but nevertheless, payload may cause some js syntax exception, the expansion only need to detect these exceptions can be. And then prompt the user to the wrong location, the wrong content, the wrong number of rows, so that users manually to this way to detect XSS, less reported, but the price is false positives higher.

Two kinds of detection methods combined with each other, learn from each other.

Download

Usage

Open the control panel

Add your target website on “Target List” box and click “Save Target”

Option: you can add more xss payload on “Payload List” box and click “Save payload”

Click “Switch to Open” button

Go to target website. When you browse these sites, XSS detection start automatically. So, open the fuzz, you only need to browse these sites can be normal.

Demo

Source: 0kee

The post XssSniper google chrome extensions: Automatically Detect DOM-XSS Vulnerabilities appeared first on Penetration Testing. http://ift.tt/2rg585x http://ift.tt/2aM8QhC

XSS-Radar: detects parameters and fuzzes for finding XSS vulnerability – Penetration Testing

XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.
It’s also the first tool developed by the Bug Bounty Forum community!

How do I install it?

At present, we’re only supporting the widely used Google Chrome. We hope to support Firefox in the future.

First, git clone http://ift.tt/2rgbmlP
Visit chrome://extensions/
Enable Developer Mode via the checkbox
Select “Load Unpacked Extension”
Finally, locate and select the extension folder

How do I use it?

Visit a target page, open the extension and select Fuzz!

Demo

Source: Github

The post XSS-Radar: detects parameters and fuzzes for finding XSS vulnerability appeared first on Penetration Testing. http://ift.tt/2sz82WY http://ift.tt/2aM8QhC

XSS-Radar: detects parameters and fuzzes for finding XSS vulnerability – Penetration Testing

XSS Radar is a tool that detects parameters and fuzzes them for cross-site scripting vulnerabilities.
It’s also the first tool developed by the Bug Bounty Forum community!

How do I install it?

At present, we’re only supporting the widely used Google Chrome. We hope to support Firefox in the future.

First, git clone http://ift.tt/2rgbmlP
Visit chrome://extensions/
Enable Developer Mode via the checkbox
Select “Load Unpacked Extension”
Finally, locate and select the extension folder

How do I use it?

Visit a target page, open the extension and select Fuzz!

Demo

Source: Github

The post XSS-Radar: detects parameters and fuzzes for finding XSS vulnerability appeared first on Penetration Testing. http://ift.tt/2sz82WY http://ift.tt/2aM8QhC

XssSniper google chrome extensions: Automatically Detect DOM-XSS Vulnerabilities – Penetration Testing

Introduction to XssSniper extensions

The implicitly exported DomXSS vulnerability has been difficult to discover by traditional scanning tools, and XssSniper relies on the expansion of the Chrome browser to quickly and accurately discover the DomXSS vulnerability through dynamic resolution.

In addition, this extension not only finds implicit output of XSS, but also displays display output for DomXSS, Reflective XSS, automatically finds JSONP’s XSS, and detects SOME vulnerabilities (homologous method execution).

Principle

XSS detection principle

This extension uses two methods to detect DOMXSS.

The first method: FUZZ

This detection method is very low false alarm rate, as long as they are detected are all loopholes. But the cost is false rate is relatively high. Specifically, in the current page to create a stealth iframe, in this iframe using different combinations of characters truncated payload to fuzz the current page of each url parameters, and location.hash parameters. If the payload is executed, the vulnerability must exist.

The second method: monitoring js wrong changes

If the xss exists in a way that is relatively subtle, or requires a very complex combination of characters to cut off, payload is not normal execution, but nevertheless, payload may cause some js syntax exception, the expansion only need to detect these exceptions can be. And then prompt the user to the wrong location, the wrong content, the wrong number of rows, so that users manually to this way to detect XSS, less reported, but the price is false positives higher.

Two kinds of detection methods combined with each other, learn from each other.

Download

Usage

Open the control panel

Add your target website on “Target List” box and click “Save Target”

Option: you can add more xss payload on “Payload List” box and click “Save payload”

Click “Switch to Open” button

Go to target website. When you browse these sites, XSS detection start automatically. So, open the fuzz, you only need to browse these sites can be normal.

Demo

Source: 0kee

The post XssSniper google chrome extensions: Automatically Detect DOM-XSS Vulnerabilities appeared first on Penetration Testing. http://ift.tt/2rg585x http://ift.tt/2aM8QhC

XssSniper google chrome extensions: Automatically Detect DOM-XSS Vulnerabilities – Penetration Testing

Introduction to XssSniper extensions

The implicitly exported DomXSS vulnerability has been difficult to discover by traditional scanning tools, and XssSniper relies on the expansion of the Chrome browser to quickly and accurately discover the DomXSS vulnerability through dynamic resolution.

In addition, this extension not only finds implicit output of XSS, but also displays display output for DomXSS, Reflective XSS, automatically finds JSONP’s XSS, and detects SOME vulnerabilities (homologous method execution).

Principle

XSS detection principle

This extension uses two methods to detect DOMXSS.

The first method: FUZZ

This detection method is very low false alarm rate, as long as they are detected are all loopholes. But the cost is false rate is relatively high. Specifically, in the current page to create a stealth iframe, in this iframe using different combinations of characters truncated payload to fuzz the current page of each url parameters, and location.hash parameters. If the payload is executed, the vulnerability must exist.

The second method: monitoring js wrong changes

If the xss exists in a way that is relatively subtle, or requires a very complex combination of characters to cut off, payload is not normal execution, but nevertheless, payload may cause some js syntax exception, the expansion only need to detect these exceptions can be. And then prompt the user to the wrong location, the wrong content, the wrong number of rows, so that users manually to this way to detect XSS, less reported, but the price is false positives higher.

Two kinds of detection methods combined with each other, learn from each other.

Download

Usage

Open the control panel

Add your target website on “Target List” box and click “Save Target”

Option: you can add more xss payload on “Payload List” box and click “Save payload”

Click “Switch to Open” button

Go to target website. When you browse these sites, XSS detection start automatically. So, open the fuzz, you only need to browse these sites can be normal.

Demo

Source: 0kee

The post XssSniper google chrome extensions: Automatically Detect DOM-XSS Vulnerabilities appeared first on Penetration Testing. http://ift.tt/2rg585x http://ift.tt/2aM8QhC