Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


     

    I had a need for a tool the other day and when I searched for:   "php parameter brute force tool" -- I came up with Parameth.  The description states:  "This tool can be used to brute discover GET and POST parameters.  Often when you are busting a directory for common files, you can identify scripts (for example test.php) that look like they need to be passed an unknown parameter. This hopefully can help find them."

    I've only played with this a bit and it doesn't seem to work on everything but it did work when I needed it. 

    This is their example that I modified because, honestly, it didn't make sense and it makes more sense this way:


    Basically, we have a GET parameter and a POST parameter.  Let's say in our fuzzing process, we find simpletest.php but we don't know what's under the hood:


    We point Parameth at it and it does its thing:


    It uncovers both the GET and POST which allows us to do the following for the GET:


    And for the POST, I moved this over to Burp:


    I've already used this a couple of times in the last week and it was able to uncover the parameters.  Pretty cool...


    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.