Tuesday, May 12, 2020

Web-fu - The Ultimate Web Hacking Chrome Extension

Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites.

 BROWSER INTEGRATION 

This tool has many advantages, as a browser-embedded webhacking tool, is very useful for scanning browser-authenticated applications, if browser can authenticate and access to the web application, the tool also can. Note that some other tools do not support neither certificate authentication nor web vpn accesses.
The integration with chrome, provides a more comfortable and agile way of web-hacking, and you have all the application data loaded on the hacking tool, you don't need to copy the url, cookies, etc. to the tool, just right click and hack.
The browser rendering engine is also used in this tool, to draw the html of the responses.


 FALSES POSITIVES 

When I coded this tool, I was obsessed with false positives, which is the main problem in all detection tools.  I have implemented a gauss algorithm, to reduce the faslse positives automatically which works very very well, and save a lot of time to the pentester.


 VIDEO 

 Here is a video, with some of the web-fu functionalitites:

 VISUAL FEATURES 

This tool has a visual crawler. Normal crawlers doesn't parse the ajvascript, this tool does. The visual crawler loads each link of the web site, rendering the html and executing all the javascript as a normal load, then the links are processed from he DOM and clicked.
A visual form cracker, is also available, althow is experimental and only works on some kind of forms.


 SCANNING FEATURES

The web-fu's portscanner, has a database of a common web ports, like 80,81,8080 and so on.
The cracker module, can bruteforce web directories to find new attack vectors, and can fuzz get and post parameters for discovering vulns, and also crack passwords. There are 9 preloaded wordlists, and you can also load a custom wordlist. Prefilters, falsepositive reductor and render will be helpful. The scanners support SSL, if the website can be loaded in the chrome, can be scanned by web-fu.


ENCODERS & DECODERS

The supported encoders and decoders are: base64, urlescape and urlencode


OTHER FEATURES

A web notepad is available, saving the information on the browser localStorage, there is one notepad per site. A cookie editor is also very useful for pentesting. The inteceptor, is like a web proxy but from the inside of the browser, you can intercept a request There is also a session locker and a exploit web search.


CHROME STORE 
Here is the link to the chrome store, the prize is about one euro, very cheap if you compare with other scanners: Web-Fu on Chrome Store


 With webfu, you will do the best web site pentest and vulnerability assessment.


Continue reading


  1. Libro Hacking Etico
  2. Curso Hacker
  3. Hacking Apps
  4. Wifi Hacking App
  5. Hacking Tools
  6. Curso Ethical Hacking
  7. Programa De Hacking
  8. Que Significa Hat
  9. Como Empezar En El Hacking
  10. Hacking Web
  11. Crack Definicion
  12. Que Estudia Un Hacker
  13. Que Es Growth Hacking
  14. Curso De Hacker Gratis Desde Cero
  15. Hacking Quotes
  16. Hacking For Dummies

Monday, May 11, 2020

macSubstrate - Tool For Interprocess Code Injection On macOS


macSubstrate is a platform tool for interprocess code injection on macOS, with the similar function to Cydia Substrate on iOS. Using macSubstrate, you can inject your plugins (.bundle or .framework) into a mac app (including sandboxed apps) to tweak it in the runtime.
  • All you need is to get or create plugins for your target app.
  • No trouble with modification and codesign for the original target app.
  • No more work after the target app is updated.
  • Super easy to install or uninstall a plugin.
  • Loading plugins automatically whenever the target app is relaunched.
  • Providing a GUI app to make injection much easier.

Prepare
  • Disable SIP
  • Why should disable SIP
    System Integrity Protection is a new security policy that applies to every running process, including privileged code and code that runs out of the sandbox. The policy extends additional protections to components on disk and at run-time, only allowing system binaries to be modified by the system installer and software updates. Code injection and runtime attachments to system binaries are no longer permitted.

Usage
  1. download macSubstrate.app, put into /Applications and launch it.
    StatusBar
  2. grant authorization if needed.
  3. install a plugin by importing or dragging into macSubstrate.
    ToInstall
  4. launch the target app.
    step 3 and step 4 can be switched
    Once a plugin is installed by macSubstrate, it will take effect immediately. But if you want it to work whenever the target app is relaunched or macOS is restarted, you need to keep macSubstrate running and allow it to automatically launch at login.
  5. uninstall a plugin when you do not need it anymore.
    Installed

Plugin
macSubstrate supports plugins of .bundle or .framework, so you just need to create a valid .bundle or .framework file. The most important thing is to add a key macSubstratePlugin into the info.plist, with the dictionary value:
Key Value
TargetAppBundleID the target app's CFBundleIdentifier, this tells macSubstrate which app to inject.
Description brief description of the plugin
AuthorName author name of the plugin
AuthorEmail author email of the plugin
Please check the demo plugins demo.bundle and demo.framework for details.

Xcode Templates
macSubstrate also provides Xcode Templates to help you create plugins conveniently:
  1. ln -fhs ./macSubstratePluginTemplate ~/Library/Developer/Xcode/Templates/macSubstrate\ Plugin
  2. Launch Xcode, and there will be 2 new plugin templates for you.

Security
  1. SIP is a new security policy on macOS, which will help to keep you away from potential security risk. Disable it means you will lose the protection from SIP.
  2. If you install a plugin from a developer, you should be responsible for the security of the plugin. If you do not trust it, please do not install it. macSubstrate will help to verify the code signature of a plugin, and I suggest you to scan it using VirusTotal. Anyway, macSubstrate is just a tool, and it is your choice to decide what plugin to install.


Related links


Sunday, May 10, 2020

How To Create Fake Email Address Within Seconds

How To Create Fake Email Address Within Seconds

How To Create Fake Email Address Within Seconds

Email address is a type of identification by which an email receiver identifies the person who sends mail to him/her. That's why while creating an email address you need to enter your personal details that must be valid. However, what if we tell you that you can create an email address that doesn't require any validation of personal details and that email address gets permanently deleted after your work is done. So here we have a method To Create Fake Email Address. By this, you can create a fake email address that will get auto-deleted after ten minutes. Just follow the below steps to proceed.

Note:  The method we are discussing is just for a known purpose and should not be used for any illegal purposes, as we will be not responsible for any wrongdoing.

How To Create Fake Email Address Within Seconds

The method of creating a fake email address is very simple and easy as these are based on online websites that will provide you a free email address without taking any personal details from you.

#1 10 Minute Mail

10 Minute Mail
10 Minute Mail
10 Minute Mail will provide you a temporary e-mail address. Any e-mails sent to that address will show automatically on the web page. You can read them, click on links, and even reply to them. The email address will expire after 10 minutes.

#2 GuerrillaMail

Guerrillamail
Guerrillamail
It is one of the most user-friendly ones out there, with this, you can get disposable email ID easily. You need to enter the details, and the fake email ID will be generated. Moreover, this also lets you send emails with attachment up to 150MB. You will be provided with a temporary email address which you can use to verify some websites which require the email address.

#3 Mailinator

Mailinator
Mailinator
Mailinator is a free, Public, Email System where you can use any inbox you want. You will be given a Mailinator address which you can use anytime a website asks for an email address. The public emails you will receive will be auto-deleted after few hours of receiving.

#4 MailDrop

MailDrop
MailDrop
Maildrop is a great idea when you want to sign up for a website but you are concerned that they might share your address with advertisers. MailDrop is powered by some of the spam filters created by Heluna, used in order to block almost all spam attempts before they even get to your MailDrop inbox. This works the same way like Mailinator in which you will be given a temporary Email address which you can use to verify sites etc.

#5 AirMail

AirMail
AirMail
AirMail is a free temporary email service, you are given a random email address you can use when registering to new websites or test-driving untrusted services. All emails received by AirMail servers are displayed automatically in your online browser inbox.

Related posts


How To Install Windscribe - The Best Free VPN On GNU/Linux Distros?


Why should you use Windscrive?
   Windscribe is well-known for their free VPN service but they also have a paid version. Only with a free account, you will get 10 countries to connect through and change your real IP address and 10GB of free traffic (if you use an email to sign up Windscribe), and unlimited devices.

   The Free version is awesome, but the Pro one is even better! With Pro version you will get Unlimited DataUnblock over 60 Countries and 110 CitiesConfig Generator (OpenVPN, IKEv2, SOCKS5), and full protection from R.O.B.E.R.T.

   For your information, Windscribe is one of the best VPN services in the category Free AuditValue Audit and Overall Audit in BestVPN.com Awards 2019 (Read the White Paper here). You totally can believe in Windscribe (100% no logs).

   And about R.O.B.E.R.T, it's an advanced DNS level blocker that protects you from MalwareAds and TrackersSocial trackingPornGamblingFake NewsClickbait and Cryptominers. Read more about R.O.B.E.R.T.




Anyway, Windscribe helps you:
  • Stop tracking and browse privately: Governments block content based on your location. Corporations track and sell your personal data. Get Windscribe and take back control of your privacy.
  • Unblock geo-restricted content: Windscribe masks your IP address. This gives you unrestricted and private access to entertainment, news sites, and blocked content in over 45 different countries.
  • Take your browsing history to your grave: Protect your browsing history from your network administrator, ISP, or your mom. Windscribe doesn't keep any logs, so your private data stays with you.
  • Stop leaking personal information: Prevent hackers from stealing your data while you use public WIFI and block annoying advertisers from stalking you online.
  • Go beyond basic VPN protection: For comprehensive privacy protection, use our desktop and browser combo (they're both free).

   Windscribe also supports Chrome browser, Firefox browser, Opera browser, Smart TV, Routers, Android, iOS, BlackBerry, Windows OS, Mac OS X and GNU/Linux OS, you name it.

   You can install Windscribe on Ubuntu, Debian, Fedora, CentOS, Arch Linux and their based distros too.

   But to install and safely use Internet through Windscribe, you must sign up an account first. If you already have an account then let's get started.

How to install Windscribe on Arch and Arch-based distros?
   First, open your Terminal.

   For Arch Linux and Arch-based distro users, you can install Windscribe from AUR. Run these commands without root to download and install Windscribe on your Arch:


   For other distro users, go to VPN for Linux - Windscribe choose the binary file that compatible with your distro (.DEB for Debian and Ubuntu based, .RPM for Fedora and CentOS based) and then install it.
dpkg -i [Windscribe .DEB package]
rpm -ivh [Windscribe .RPM package]



   Or you can scroll down to Pick Your Distro, click to the distro version you use, or click to the distro version that your distro is based on and follow the instructions.

   Now enter these commands to auto-start a and log in to Windscribe.

   Enter your username and password and then you can enjoy Windscribe's free VPN service.

How to use Windscribe on Linux?
   This is Windscribe list of commands (windscribe --help):
   If you want Windscribe to chooses the best location for you, use windscribe connect best.

   But if you want to choose location yourself, here is the list of Windscribe's locations:
   *Pro only
   Example, i want to connect to "Los Angeles - Dogg", i use windscribe connect Dogg.

   If you want to stop connecting through Windscribe use windscribe disconnect.

   For some reasons, you want to log out Windscribe from your device, use windscribe logout.

I hope this article is helpful for you 😃


Read more

ADVANTAGE OF ETHICAL HACKING

Advantage of Ethical Hacking

Hacking is quite useful in the following purpose-

1-To recover lost information, especially in case you lost your password.

2-To perform penetration testing to strengthen computer and network security.

3-To put adequate preventative measure in place to prevent security breaches.

4-To have a computer system that prevents malicious hackers from gaining access.

5-Fighting against terrorism and national security breaches.


Continue reading
  1. Growth Hacking Examples
  2. Hacking Etico
  3. Como Empezar A Hackear
  4. Hacking Tor Funciona
  5. Ethical Hacking
  6. Linux Hacking Distro
  7. Que Significa Hat
  8. Hacking Movies
  9. Aprender Seguridad Informatica
  10. Windows Hacking
  11. Como Hacer Hacker
  12. Hacking Pdf
  13. Hacking Google Home Mini
  14. Hacking Net

Classic Lishi Tools page:1