top of page

Clients

Here you’ll find some of my clients for whom I've worked earlier to secure the assets from different vulnerabilities.

zerodha.png
oyo.png
upstox.png
bigbank.png
nciipc goi.png
zynga.jpg
ynab.png
Groww.png
blend.jpg
booztFashion.png
liferay.png
olx.png
UN women.png
naspers.png
ibotta.png
convertkit.png
files.png
dell.png
hotdoc.png
takeaway_edited.jpg

Code Vault

Here you’ll find some of my projects which I have created in my professional career.

Exploit XSS to Steal Cookies

Link: https://github.com/rohit-sonii/Exploit-XSS-to-Steal-Cookies

A small tool built to exploit vulnerability of Cross-Site Scripting and steal user's session cookie using JavaScript. It sends the user's stolen cookies to an attacker controlled server.

proj1.png

Escalating Self-XSS to Account Takeover

Link: https://github.com/rohit-sonii/Escalating-Self-XSS-to-Account-Takeover

This project demonstrates the possibility of escalating a vulnerability of Self XSS in to an Account Takeover. It assumes the presence of SSO along with the regular flow of authentication and exploits the business logic flaw of the test application.

Blog: https://medium.com/@Ch3ckM4te/self-xss-to-account-takeover-72c89775cf8f

proj2.png

getMore - JS Variables Extractor

Link: https://github.com/rohit-sonii/getMore

It is a small wrapper script to make use of multiple avenues to fetch all the available JS variables. These variables can later be tested for different types of vulnerabilities.

proj3.png

SGB Price Checker

Link: https://github.com/rohit-sonii/SGB-Price-Checker

This project is a simple android application that checks the best price of Sovereign Gold Bonds (SGB) to purchase from the secondary market. The app fetches data from WintWealth and continuously monitors the available rates. When a good deal is found, it sends a notification to alert the user.

proj4.jpg
bottom of page