WebApp Sec mailing list archives
SensePost Aura - aka Solving the Google API Key Problem..
From: Haroon Meer <haroon () sensepost com>
Date: Wed, 18 Apr 2007 20:43:31 +0200
Hiya (Sorry for the cross post - but this question has popped up on all of these lists the past while..) (im guessing moderators on moderated lists can make the call to can/pass this through).. http://www.sensepost.com/research/aura No this is not us getting all spiritual or striving to reach any sort of astral plane... A while back Google encouraged developers to make use of their API. Many people built applications around the API, but alas Google has stopped issuing API keys.. This means that those applications (like wikto / etc) are effectively killed... SensePost AURA (Api Usable / Re-usable Again) will help to get those tools working again. Aura runs as an executable on your windows machine and by default listens only on 127.0.0.1:80. Simply create a host entry (%WINDIR%\system32\drivers\etc\hosts for api.google.com as 127.0.0.1). All tools that reference the api will now talk to Aura which will accept requests and return results exactly like the API used to. (You can give it your API key, but really.. it doesn't care and will play with you just as happily if you don't.) Currently Aura only supports the API method (doGoogleSearch) we were using in SensePost tools (we suspect most tools are just using this one anyway.) So give it a spin, send us feedback (research () sensepost com), etc.. /mh PS: Full readme in the .zip should clear up any questions PPS: This has been tested on the new Wikto release (which is currently in testing, and should hit the Internet Pipes shortly) -- Haroon Meer, SensePost Information Security PGP: http://www.sensepost.com/pgp/haroon.txt Tel: +27 83786 6637 ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHA --------------------------------------------------------------------------
Current thread:
- SensePost Aura - aka Solving the Google API Key Problem.. Haroon Meer (Apr 19)