How do you perform a security test? Ever wanted to perform a penetration test on a security system (website, application, mobile and etc.) and just didn’t know where to start? These days, companies are very concerned about the security in their applications due to the increase in the number of disclosed vulnerabilities and exploits which can […]
Until recently, it was trivial for developers to disable the “save you password” feature implemented by all major browsers. However, in the last years, browser vendors have begun to actively discourage and prevent applications from disabling this feature. Their case is that the safest practice for users is to use a password manager, instead of having their passwords lying around on digital or physical support, where they can be exposed or stolen. Since it’s a client-side issue, they claim that the option should be given to users (and not to the developers) to disable this feature by configuring the browser itself.
Although this may be partly true, it does not take into account highly sensitive applications, which might be used on a shared computer, and which do not want to rely on the browser being properly configured (with autocomplete disabled). If this is your case, you should keep on reading.
It is now a real challenge to find a workaround that will work across all major browsers. So we came up with the following trick which detects the user’s browser version and acts accordingly:
The Advanced Packet Editor (APE) is an open-source project for a TCP and HTTP-based proxy that allows you to intercept and manipulate communication between clients and servers.
We at AppSec Labs have taken the project, modified and improved it into a useful tool for application penetration testing.
This tool is under the GPL license (for more information: http://www.gnu.org/licenses/gpl-3.0.en.html)