Does anyone face with the problem of proxy interception in iOS6.1?
After I upgraded to iOS6.1, the profile which I set with my self-signed certificate has not worked any longer.

Then I visited http://support.apple.com/kb/HT5642, and found the section:
"CVE-2013-0964 : Mark Dowd of Azimuth Security"

Do you have any idea to enable proxy interception in iOS6.1?

Hakin9 is a hacking magazine. It is for you to update your knowledge, brush up your old experience and get more ideas and techniques from the industry.

If you would like to learn from the beginning, find good textbooks or good courses. After you are familiar with the topics, you could go further by subscribing Hakin9.

 

Hello H1t M0nk3y,
from my experience, I used SoapUI to test web services. With the flexibility of input options the web service could use, I have never used an automated tool to test it. I think the result won't be good enough.

You could implement it by CSRF redirector technique.
I have posted here but the source code is unavailable.

http://pornsookk.wordpress.com/2011/07/08/csrf-redirector/

What does it mean? If you meant the problem, my w3af often crashed during the scan.

For me, I am working with
1. BurpSuite for web application crawling and mapping.
2. DirBuster for directory or file name enumeration.
3. HTTrack for saving some web contents in order to extract interesting metadata.
4. nikto for checking web server configuration
5. w3af for quick web application scanning

These activities pave a way to the next step.

In the Asian region, the qualification which is often referred to is C|EH, but it's not mandatory. SANS or OSCP is not well known for HR. In several countries, you need to be their citizens as a prerequisite.   

I agree with you. However, I did some search, I saw some tutorials that show metasploit on iOS.  lavender, did you see one of those?

As an aside note, BillV, that's cool. 

Well, I am not certain whether this can help you.
Basically, SET contains configuration file in set_config. You could point the reference to metasploit path in this file.

A good brief tutorial on XSS protection in PHP.
http://shiflett.org/articles/cross-site-scripting

l think implementing an anti-CSRF mechanism in our application is not difficult. You can turn on/off your mechanism at arbitrary points. Moreover, with java platform, if you use some frameworks like struts, you can use its built-in anti CSRF mechanism.

For CSRF guard, I have never used 

 

Hi Jamie, congratulations!!
Network certification is good for pentesting career.

I agree with cd1zz. Counter Hack Reloaded is great. If I could go back to the time I started in infosec, I would choose this one. Ed Skoudis is a great instructor.

1. Does SET-Social Engineering Toolkits work well on BT5r2? I have problem with its handler listening my meterpreter payload.
2. I noticed that in /pentest/exploits/, there was no framework3 directory.

Above all, I have installed BT5r2. 

In UK,
Portcullis Security
NCC Group