Diary of a reverse-engineer. Shazzer - Shared Fuzzer. SSLsplit - transparent and scalable SSL/TLS interception (SSLsplit) Copyright 2009–2016 Daniel Roethlisberger and contributors. All rights reserved. Licensed under a two-clause BSD license. Latest release: sslsplit-0.5.0.tar.bz2 (.asc) Documentation: sslsplit(1) — README.md — NEWS.md Development: droe/sslsplit — follow @droethlisberger for news Overview SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6.
Usage % sslsplit -h Usage: sslsplit [options...] See the manual page sslsplit(1) for details on using SSLsplit and setting up the various NAT engines. Requirements SSLsplit depends on the OpenSSL and libevent 2.x libraries. SSLsplit currently supports the following operating systems and NAT engines: FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr OpenBSD: pf rdr-to and divert-to Linux: netfilter REDIRECT and TPROXY Mac OS X: ipfw fwd and pf rdr Installation To install from source: make make test make install Development. Python arsenal for RE. Ettercap Home Page.
Easy-creds. Dsniff. Aircrack-ng. Ping Tunnel - Send TCP traffic over ICMP. Using ptunnel Client: . /ptunnel -p <proxy address> -lp <listen port> -da <destination address> -dp <destination port> [-c <network device>] [-v <verbosity>] [-f <logfile>] [-u] [-x password]Proxy: . /ptunnel [-c <network device>] [-v <verbosity>] [-f <logfile>] [-u] [-x password] The -p switch sets the address of the host on which the proxy is running.
A quick test to see if the proxy will work is simply to try pinging this host - if you get replies, you should be able to make the tunnel work. The -lp, -da and -dp switches set the local listening port, destination address and destination port. For instance, to tunnel ssh connections from the client machine via a proxy running on proxy.pingtunnel.com to the computer login.domain.com, the following command line would be used: sudo . An ssh connection to login.domain.com can now be established as follows: ssh -p 8000 localhost If ssh complains about potential man-in-the-middle attacks, simply remove the offending key from the known_hosts file.
Privoxy - Home Page. Ngrep - network grep. Alobbs/macchanger. GNU httptunnel. Httptunnel creates a bidirectional virtual data connection tunnelled in HTTP requests. The HTTP requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through a HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall. httptunnel is written and maintained by Lars Brinkhoff. Does your company need help adding HTTP tunneling to your applications? See also: frequently asked questions about httptunnel. httptunnel is free software (speech, not beer) licenced under the GNU General Public License. I hereby disclaim all responsibility for this hack. Netwinder DM: StrongARM 110 Linux 2.4.0-test9 GNU libc 2.0.94 gcc 2.95.2 binutils 2.10.1 Vanilla PC: Pentium MMX Linux 2.2.17 GNU libc 2.1.3 gcc 2.95.2 binutils 2.9.5 HTTP proxies: Squid 1.1.21 Squid 2.1.PATCH1 Squid 2.1.PATCH2 Stable FTP: httptunnel-3.0.5.tar.gz HTTP: httptunnel-3.0.5.tar.gz Development Binaries.
Hping - Active Network Security Tool. Software >> sslsniff. Some History This tool was originally written to demonstrate and exploit IE's vulnerabilityto a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN, and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide. The New Scoop Version 0.6 has been significantly updated to additionally support the null-prefix attacks that I demonstrated at BlackHat 09 and Defcon 17. Sslsniff has also been updated to support the OCSP attacks that I published at Blackhat 09 and Defcon 17, thus making the revocation of null-prefix certificates very difficult.
Sslsniff is useful for deploying other vulnerabilities as well. Installing sslsniff Running sslsniff. Software >> sslstrip. This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below. Requirements Python >= 2.5 (apt-get install python) The python "twisted-web" module (apt-get install python-twisted-web) Setup tar zxvf sslstrip-0.9.tar.gz cd sslstrip-0.9 (optional) sudo python . Running sslstrip That should do it.
How does this work? First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. At this point, sslstrip receives the traffic and does its magic. Development The current development branch can be found on github. Home. Reaver-wps - Brute force attack against Wifi Protected Setup. Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. Intimidated by the command-line? Running Windows, OS X, or just don't want to run Linux, download, and compile the open source Reaver? Reaver Pro is now ONLY $69.99!!! Reaver Pro is a compact embedded device customized for Reaver attacks.
Reaver Pro Features: End-to-end - End-To-End. End-To-End is a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP. This is the source code for the alpha release of the End-To-End Chrome extension. It's built upon a newly developed, JavaScript-based crypto library. End-To-End implements the OpenPGP standard, IETF RFC 4880, enabling key generation, encryption, decryption, digital signature, and signature verification. We’re releasing this code to enable community review; it is not yet ready for general use. For more background, please see our blog post. Since this is source, I could just build this and submit it to the Chrome Web Store Please don’t do this. The End-To-End team takes its responsibility to provide solid crypto very seriously, and we don’t want at-risk groups that may not be technically sophisticated — journalists, human-rights workers, et al — to rely on End-To-End until we feel it’s ready.
No. Only the body of the message. Not at the moment. OpenPGP.js | OpenPGP JavaScript Implementation. Stanford Javascript Crypto Library. The Stanford Javascript Crypto Library (hosted here on GitHub) is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is easy to use: simply run sjcl.encrypt("password", "data") to encrypt data, or sjcl.decrypt("password", "encrypted-data") to decrypt it. For users with more complex security requirements, there is a much more powerful API, described in the documentation and illustrated in this demo page. SJCL is small but powerful. The minified version of the library is under 6.4KB compressed, and yet it posts impressive speed results. (TODO: put up a benchmarks page.) SJCL is secure. SJCL is cross-browser. SJCL is open. SJCL also supports elliptic curve cryptography (ECDH public key encryption and ECDSA signatures).
SJCL was written by Emily Stark, Mike Hamburg and Dan Boneh at Stanford University. Wappalyzer. SecWiki. w3af - Open Source Web Application Security Scanner. Code Typer. ASCII art API. I, Hacker - Hungry hungry macros. Joybubbles. Whistler[edit] As a five-year old, Engressia discovered he could dial phone numbers by clicking the hang-up switch (“tapping”), and at the age of 7 he accidentally discovered that whistling at certain frequencies could activate phone switches.[4] A student at the University of South Florida in the late 1960s, he was given the nickname “Whistler” due to his ability to place free long distance phone calls by whistling, with his mouth, the proper tones.
After a Canadian operator reported him for selling such calls for $1 at the university, he was suspended and fined $25 but soon reinstated;[4] he later graduated in philosophy and moved to Tennessee. According to FBI records, the phone company SBT&T first noticed his phreaking activities in summer 1968, and an employee of the Florida Bell Telephone Company illegally monitored Engressia’s telephone conversations and divulged them to the FBI.[4] Joybubbles[edit] Presence on screen, page and air[edit] Phone services[edit] References[edit]
Secrets of the Little Blue Box. Why this is the authoritative edition As published in the October 1971 issue of Esquire Magazine. by Ron Rosenbaum A story so incredible it may even make you feel sorry for the phone company The Blue Box Is Introduced:Its Qualities Are Remarked I am in the expensively furnished living room of Al Gilbertson*, the creator of the "blue box. " Gilbertson is holding one of his shiny black-and-silver "blue boxes" comfortably in the palm of his hand, pointing out the thirteen little red push buttons sticking up from the console. "That's what it does. "And they can't trace the calls? "Not if you do it the right way. "I think it's something to do with how small my models are. He sighs. The Blue Box Is Tested:Certain Connections Are Made About eleven o'clock two nights later Fraser Lucey has a blue box in the palm of his left hand and a phone in the palm of his right.
Fraser likes to show off his blue box for people. Fraser is cautious now about where he shows off his blue box. "That's Key Pulse. "Oh. Home — chinesewall.ccc.de. Oqlt. The Original Hacker's Dictionary. [This file, jargon.txt, was maintained on MIT-AI for many years, before being published by Guy Steele and others as the Hacker's Dictionary. Many years after the original book went out of print, Eric Raymond picked it up, updated it and republished it as the New Hacker's Dictionary. Unfortunately, in the process, he essentially destroyed what held it together, in various ways: first, by changing its emphasis from Lisp-based to UNIX-based (blithely ignoring the distinctly anti-UNIX aspects of the LISP culture celebrated in the original); second, by watering down what was otherwise the fairly undiluted record of a single cultural group through this kind of mixing; and third, by adding in all sorts of terms which are "jargon" only in the sense that they're technical.
This page, however, is pretty much the original, snarfed from MIT-AI around 1988. -- jpd.] Verb doubling: a standard construction is to double a verb and use i as a comment on what the implied subject does. ARG n. BANG n. J. Hacking for Artists.