Thursday 27 November 2014

SESSION HIJACKING

  • What is Session Hijacking ?
Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress.

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.

  • Techniques :
There are mainly three methods used to perpetrate a session hijack. These are:

1. Session Fixation:

The session fixation attack is a class of Session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim's browser, so the attack starts before the user logs in.


For detailed info on How Session Fixation works click here.

2. Session Sidejacking:

where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client.

1. First the attacker uses a network sniffer to capture a valid token session called Session ID.

2. Now he manipulates the token session to gain unauthorized access to the Web Server or hijack the victim's web session.



For detailed info on How Session Sidejacking works click here.

3. Cross-Site Scripting:


The attacker can compromise the session token by using malicious code or programs running at the client-side. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. The example shows how the attacker could use an XSS attack to steal the session token.




  • Protection :
1. Regenerating the session id after a successful login. This prevents session fixation because the attacker does not know the session id of the user after he has logged in.

2. Some services make secondary checks against the identity of the user. For example it will change the value of the cookie with each and every request.

3. Users may also wish to log out of websites whenever they are finished using them.

4. Encryption of the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e-commerce services.




Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

SESSION SIDEJACKING

  • What is Sidejacking ?
Sidejacking is the process of sniffing cookie information, then replaying them against websites in order to clone a victim’s session. We use the term sidejacking to distinguish this technique from man-in-the-middle hijacking. Whereas man-in-the-middle hijacking interferes with the original session, sidejacking does not. The victim continues to use his session blissfully unaware that we are also in his account.

SideJacking works only if the site catches a non-SSL cookie, so any Web site that uses SSL exclusively would be safe from SideJackers. SideJacking was first demonstrated by Robert Graham, CEO of Errata Security at Black Hat in 2007.

  • Techniques :
All you need to do in order to sidejack is sniff cookies off the wire and edit cookies. This can be done with a wide variety of tools.

1. WinPcap is the industry-standard tool for link-layer network access in Windows environments: it allows applications to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

Download and install Winpcap from here.

2. Graham leveraged the tools Ferret, essentially a packet sniffing tool that captures cookies and writes them to a hamster.txt file, and Hamster, basically a local proxy that creates a web front end for exploiting the cookie information captured by Ferret.

Download and install Ferret & Hamster from here.

3. Unzip the tools into a directory such as C:\sidejacking.

4. Open a command prompt and change to that directory as cd c:\sidejacking.

5. Use ferret –W to figure out which interface you want to sniff.

6. Use ferret –i n to start sniffing cookies. Here n is the interface number.

7. Now use hamster in the same directory as hamster.txt to start the proxy.


8. Set up a browser to use the proxy at 127.0.0.1:3128.

9. In that browser, go to http://hamster to go to the proxy console window.


10. Select a victim, then click on a URL to sidejack it.


  • Countermeasures :
1. Always try to stick to secured WiFi networks that you know and trust that would not have any strangers on it running packet sniffers.

2. Never use a Wi-Fi hotspot unless they are using VPN (virtual private networking) or SSL (secure sockets layer) to access sensitive information.

3. Graham said that Google Mail users could switch to https://mail.google.com and secure their session from such snooping.



Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

ARP POISONING

  • What is ARP ?
The Address Resolution Protocol (ARP) is a computer networking protocol for determining a network host's hardware address (MAC) or link layer when only its Internet Layer (IP) or Network Layer address is known. In fact it’s a IP to MAC mapping.

Broadcast ARP Request:

Jessica, the receptionist, tells Word to print the latest company contact list. This is her first print job today. Her computer (IP address 192.168.0.16) wants to send the print job to the office's HP LaserJet printer (IP address 192.168.0.45). So Jessica's computer broadcasts an ARP Request to the entire local network asking, "Who has the IP address, 192.168.0.45?"




Unicast ARP Reply:

All the devices on the network ignore this ARP Request, except for the HP LaserJet printer. The printer recognizes its own IP in the request and sends an ARP Reply: "Hey, my IP address is 192.168.0.45. Here is my MAC address: 00:90:7F:12:DE:7F"




  • ARP Poisoning:
Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether.

The ability to associate any IP address with any MAC address provides hackers with many attack vectors, including Denial of Service (DoS), Man in the Middle, and MAC Flooding.


  • Man in the Middle Attack (MIMA):
A hacker can exploit ARP Cache Poisoning to intercept network traffic between two devices in your network.

Attack Stage-1:

The hacker wants to see all the traffic between your computer, 192.168.0.12, and your Internet router, 192.168.0.1. The hacker begins by sending a malicious ARP "reply" (for which there was no previous request) to your router, associating his computer's MAC address with 192.168.0.12.




Attack Stage-2:

Now your router thinks the hacker's computer is your computer. Next, the hacker sends a malicious ARP reply to your computer, associating his MAC Address with 192.168.0.1




Attack Stage-3:

Now your machine thinks the hacker's computer is your router. Finally, the hacker turns on an operating system feature called IP forwarding. This feature enables the hacker's machine to forward any network traffic it receives from your computer to the router.





  • ARP Poisoning Tool:
Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many feature for network and host analysis.


Download ETTERCAP from here.

  • Protection:
1. Arpwatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Network administrators monitor ARP activity to detect ARP spoofing.

2. Arping is a computer software tool that is used to discover hosts on a computer network. The arping tool is analogous in function to ping, which probes hosts using the Internet Control Message Protocol at the Internet Layer (OSI Layer 3).

3. Capsa Network Analyzer (Packet Sniffer) is an easy-to-use Ethernet network analyzer (aka. packet sniffer or protocol analyzer) for network monitoring and troubleshooting purposes.






Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

SESSION FIXATION

  • What is Session Fixation ?
Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID.


The attack consists of inducing a user to authenticate himself with a known session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.

  • Attack Scenario :
1. Mallory has determined that http://unsafe/ accepts any session identifier, accepts session identifiers from query strings and has no security validation. http://unsafe/ is thus not secure.

2. Mallory sends Alice an e-mail: "Hey, check this out, there is a cool new account summary feature on our bank, http://unsafe/?SID=I_WILL_KNOW_THE_SID". Mallory is trying to fixate the SID to I_WILL_KNOW_THE_SID.

3. Alice is interested and visits http://unsafe/?SID=I_WILL_KNOW_THE_SID. The usual log-on screen pops up, and Alice logs on.

4. Mallory visits http://unsafe/?SID=I_WILL_KNOW_THE_SID and now has unlimited access to Alice's account.

  • Attack Process :
1. Session Setup:

First, the attacker either sets up a trap session on the target server and obtains that session’s ID, or selects a arbitrary session ID to be used in the attack. In some cases, the established trap session needs to be maintained by repeatedly sending requests referencing it to avoid idle session timeout.


2. Session Fixation:

Next, the attacker needs to introduce her session ID to the user’s browser, thereby fixing his session.

3. Session Entrance:

Finally, the attacker has to wait until the user logs in to the target server using the previously fixed session ID and then enter the user’s session.

  • Attack Example :
1. First, the attacker, who in this case is also a legitimate user of the system, logs in to the server and is issued a session ID 1234.

2. Then he sends a hyperlink http://online.worldbank.dom/login.jsp?sessionid=1234 to the user, trying to lure him into clicking on it.

3. The user clicks on the link, which opens the server’s login page in his browser.



4. Upon receipt of the request for login.jsp?sessionid=1234, the web application has established.

5. Finally, the user provides his credentials to the login script and the server grants him access to his bank account.

6. At this point, knowing the session ID, the attacker can also access the user’s account via account.jsp?sessionid=1234.

  • Countermeasures :
1. Web applications must ignore any session ID provided by the user’s browser at login and must always generate a new session to which the user will log in if successfully authenticated.

2. If possible, a web application on a strict system should only issue session IDs of newly generated sessions to users after they have successfully authenticated.

3. Session identifiers in URL (GET or POST variables) are not recommended as they simplify this attack. The session identifier on most modern systems is stored by default in an HTTP cookie, which has a moderate level of security. Use of the SSL/TLS session identifier is very secure.




Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

Hijacking FACEBOOK

  • How To Hack FACEBOOK ?

  Today I'll illustrate the SESSION HIJACKING technique to hack FB Account.



In this scope I will be using BACKTRACK, a Penetration Testing Distribution integrated with the below tools for Network Scan, MIMA and Packet Analysis.

1. NMAP
2. ARPSPOOF
3. WIRESHARK

And two below scripts which are compatible with Mozilla Firefox will be used for Cookie Injection:

1. GREASEMONKEY
2. COOKIE INJECTOR

  • Techniques:   
1. First Scan your network and find the target using NMAP, a Network Scanner. In this case i got 192.168.1.3 as the Target.

Backtrack


2. Next I need to start the IP Forwarding which enables my machine to forward any network traffic it receives from the target to the router.

Backtrack


3.  Next Man-In-The-Middle-Attack (MIMA) is begun by exploiting ARP Cache Poisoning to intercept network traffic between the target and the router.  

First  a malicious ARP reply is sent to the target, associating my MAC address with the router's IP (192.168.1.1).


Secondly  another malicious ARP reply is sent to the router, associating my MAC address with the target's IP (192.168.1.3).


4. Next I start packet capturing using WIRESHARK at my wlan0 interface and
applied a filter with http.cookie contains datr. The cookie string printable text with GET label is then copied.



5. GREASEMONKEY and COOKIE INJECTOR scripts are then installed in my Firefox browser. After restarting the browser Facebook login page is opened and Alt+C is pressed to inject cookie strings captured in Wireshark.



Reloading the page and I am able to login target's account !


  • Protection:
1. Browse Facebook on a secure connection (https) when possible. Make sure Secure Browsing option in Security Settings tab is enabled.



2. Arpwatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Network administrators monitor ARP activity to detect ARP spoofing.

3. Capsa Network Analyzer (Packet Sniffer) is an easy-to-use Ethernet network analyzer (aka. packet sniffer or protocol analyzer) for network monitoring and troubleshooting purposes.



Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

Sunday 16 November 2014

Now Use Telenor Internet Absouletely Free 2014 free internet


Ab ap sab telenor internet use kren woh bhi bilkul free

Ab ap sab telenor internet use kren woh bhi bilkul free:

Details given below.
sab se pehlay to apne handset ki compitable internet settings mangwain service provider se.
DEAR ALL USER AB TELENOR FACEBOOK FREE DE RAHA HAI AAP KISY BHE BROWSER PE FACEBOOK OPEN KAREN BILKUL FREE BAS URL ADRESS MAIN M.FACEBOOK.COM OPEN KAREN AUR TELENOR INTERNET SE CONECT KAREN WAP SE NAHE AUR HAAN JIN MOBILE MAIN FACEBOOK KI APPS HAI WO BHE FREE.... !


un settings ko active kr k apne cell me opera mini browser open kren agar pehlay se downloaded hy to agar nhi hy to pehlay opera mini ya phr UC Browser download kr len jin k links main neechay share kr deta hun.
browser k address bar me facebook ka laink is tarha open kren m.facebook.com to ap telenor sim free facebook browsing kr saken gay.

- See more at: http://shahginfo.blogspot.com/2013/12/now-use-telenor-internet-absouletely.html#sthash.OF2qGPtz.dpuf

Ab ap sab telenor internet use kren woh bhi bilkul free:

Details given below.
sab se pehlay to apne handset ki compitable internet settings mangwain service provider se.
DEAR ALL USER AB TELENOR FACEBOOK FREE DE RAHA HAI AAP KISY BHE BROWSER PE FACEBOOK OPEN KAREN BILKUL FREE BAS URL ADRESS MAIN M.FACEBOOK.COM OPEN KAREN AUR TELENOR INTERNET SE CONECT KAREN WAP SE NAHE AUR HAAN JIN MOBILE MAIN FACEBOOK KI APPS HAI WO BHE FREE.... !


un settings ko active kr k apne cell me opera mini browser open kren agar pehlay se downloaded hy to agar nhi hy to pehlay opera mini ya phr UC Browser download kr len jin k links main neechay share kr deta hun.
browser k address bar me facebook ka laink is tarha open kren m.facebook.com to ap telenor sim free facebook browsing kr saken gay.

- See more at: http://shahginfo.blogspot.com/2013/12/now-use-telenor-internet-absouletely.html#sthash.OF2qGPtz.dpuf
Details given below.

sab se pehlay to apne handset ki compitable internet settings mangwain service provider se.
DEAR ALL USER AB TELENOR FACEBOOK FREE DE RAHA HAI AAP KISY BHE BROWSER PE FACEBOOK OPEN KAREN BILKUL FREE BAS URL ADRESS MAIN M.FACEBOOK.COM OPEN KAREN AUR TELENOR INTERNET SE CONECT KAREN WAP SE NAHE AUR HAAN JIN MOBILE MAIN FACEBOOK KI APPS HAI WO BHE FREE.... !


un settings ko active kr k apne cell me opera mini browser open kren agar pehlay se downloaded hy to agar nhi hy to pehlay opera mini ya phr UC Browser download kr len jin k links main neechay share kr deta hun.
browser k address bar me facebook ka laink is tarha open kren m.facebook.com to ap telenor sim free facebook browsing kr saken gay.



UC and Opera MINI browser download links

 click here to download Opera Mini Browser
 click here to download UC Browser:

Friday 14 November 2014

Download Youtube Videos with IDM Using Proxy

If youtube is blocked in any country then you can still download youtube videos. In this tutorial I’ll share the steps to download youtube videos.download youtube videos

How to Download Youtube Videos

Now when Youtube is blocked in some countries. People often use proxy tools (Ultrasurf, Hotspot sheild or hide ip). Then many people are facing issues while download from youtube by IDM. Because IDM needs to be configured to download youtube videos when on proxy.

Youtube Downloader Steps

if you haven’t install IDM then first you need to install it. You can download IDM from below button.
download button
If you are not already using any proxy then I suggest you to follow below link to unblock youtube.
download button
Make sure IDM is registered. You can follow steps in read me document of its folder.
Run Ultrasurf and wait until it is connected.
Open IDM and go to Option button.
download youtube videos
Click the “Proxy/Socks” Tab and hit button “Get From IE”
download youtube videos
Then press OK and Close the options.
Now Open Youtube in browser.
You’ll see IDM link on corner of youtube video. Click it and youtube video downloading will begin successfully.
If you hit any issues while downloading video from youtube let me know.
Disclaimer:
Note that in general, downloading other people’s videos posted on YouTube is not allowed. It is illegal. However, you can legally download your own uploads with above method.

How To Unblock YouTube In Pakistan With Full Speed

Looking for How To Unblock YouTube In Pakistan With Full Buffering Speed? You can Open YouTube in Pakistan with easy steps.
how to unblock youtube in Pakistan
YouTube is blocked in Pakistan for last eight months now. Every one knows that YouTube was a knowledge river too. People used to download video tutorials, songs and documentaries from YouTube. But now all is gone. There are different methods to unblock YouTube in Pakistan. But most of methods to open YouTube in Pakistan are very slow.
Today I though to write a complete step by step tutorial on How to Unblock YouTube in Pakistan with High Buffering Speed. This way of unblocking YouTube in Pakistan is easy and even a newbie can do it.

How To Unblock YouTube In Pakistan – Tutorial

Method # 1 – Using Surfing Tunnel – Fast Speedy Way

The first method will open youtube very fast and without any ads. Follow below steps to open youtube with it.

Download Surfing Tunnel

Click on below button to download this tool. This will unblock youtube in Pakistan very fast.

Installation

Once this is downloaded. Install it complete. Once installed Open it.

Starting Software

Click on Start button and it will be started. GIve it few minutes.
unblock youtube

Configuring Settings

Once connection is successful. It will give you an IP and Port which you’ll need to set in Internet connections.
unblock youtube settings
For those who donot know how to do this. Follow below easy steps with screenshots.
Open Run Windows. (Press Windows+R) and Type inetcpl.cpl and Press OK as per below screenshot. The first alphabet is small “i“.
Run Command for Internet connection settings
Then Go to “Connections Tab” and Click “LAN Settings“.
youtube unblock IP settings
Then Enter the IP in Proxy Text Box and Port which is provided by Surfing Tunnel software.
LAN settings for youtube unblock with speed
Once Entered Press OK and Apply and Close the Box.
Then Open Youtube in Browser. Wow you have successfully Unblocked Youtube in Pakistan with Full Speed. The best part about this tool is that it’s fast and streaming is good.

Method 2

Download below file and open the link in that. Then type youtube in that. You can easily unblock youtube in Pakistan with it.

Method 3 (Not Working At the Moment)

Step No. 1

First step is to download below software. This is light weight proxy software. Which is of very high performance and does not hang the system. So your PC will not slow down when you use below one to unblock YouTube in Pakistan.

Step No. 2

After you have downloaded, just unzip the software as per below screenshot.
how to unblock youtube in Pakistan step 2

Step No. 3

Go into the extracted folder and open the application as per below screenshot.
how to open youtube in Pakistan step 3

Step No. 4

Once you see the green dots with message “Successfully connected to server” You are all set to now open YouTube in Pakistan.
Unblock youtube in Pakistan

Step No. 5

Now Open Browser. I prefer to use Google Chrome because it is fast. You can download Google Chrome from here. Type YouTube.com and BOOM. You have successfully unblocked YouTube in Pakistan. Enjoy this Freedom of Opening YouTube in Pakistan.
Surf youtube in Pakistan successfully

How To Speed YouTube Buffering after Unblocking

So far your question that How To Unblock YouTube in Pakistan is answered. Now going to second point. How we can make sure that You get High Speed of buffering when using this method. We know that most of Internet connections in Pakistan are not high tech. People face speed issue and Slow buffering problem.
Click here to see my complete method to Increase YouTube Buffering Speed on Slow Internet. Besides this you can also boost you Internet connection Speed with this method.

Download YouTube Videos With IDM on Proxy

Every one knows that today IDM is considered very fast download manager. Huge community uses it to download videos from YouTube. If you have used above method to unblock YouTube. Then you might have to change a small setting in IDM to let you download videos from YouTube on proxy,
Click here to see detailed step by step method to configure this setting in IDM. After downloading YouTube videos you can convert them to MP3 or other formats as well with free video converter.

So now you are all set. You have successfully
1. Unblocked YouTube
2. Increased Buffering Speed of YouTube
3. Configured IDM to download Videos on Proxy
Feel Free to let me know any issues you faced to unblock YouTube in Pakistan.

How to Speed YouTube Buffering on Slow Internet


People prefer YouTube over other video networks, Because this is biggest video community. Learn how you can speed YouTube buffering on slow internet.

Some people really feel issue with YouTube buffering speed on poor networks. I’ll share some tips and tricks to improve buffering speed of YouTube  The most important factor on which YouTube buffer speed depends is your internet connection. However for people which have slow internet they can also speed youtube buffering. Below are the methods which will help you to boost video buffering.
how to speed youtube buffering on slow internet
First of all for countries where youtube is blocked e.g You can unblock Youtube in Pakistan in Full Speed. Once YouTube is unblocked You can download Youtube videos with IDM using Proxy.

Tips To Speed YouTube Buffering

Trick 1: Increase Your Internet Speed

I already shared some tips to boost internet speed. Follow that recommendation as first step. You can boost internet connection speed by 20% with that. Once done that you’re internet speed will be increased and you’ll feel a difference. This will surely impact YouTube buffering speed.
increase internet speed

Trick 2: YouTube Feathers Project

Join the new YouTube project names as YouTube Feathers. This is in beta release. Click this link and then click on “Join YouTube Feathers Beta”. You’ll see increased buffering speed.
speed youtube buffering

Note that in YouTube feathers there are few limitations.
  • You don’t see comments in YouTube Feathers.
  • No Like or Dislike Video Option
  • Related Videos count will be limited to 5.
I think these limitations are not a problem for users who want to increase YouTube video buffering speed.

Trick 3: Use Video Accelerator Software

You can also try third party video accelerator application. This will also play a role to improve video buffering speed of YouTube  You can download SpeedBit Video accelerator here.
download button

Trick 4: Change Quality of YouTube Video

On low bandwidth you can change quality of video to a low resolution. This will speedup YouTube buffering. The method to change quality is in below screenshot. I recommend setting this to to 240p if you are facing severe buffering issues.
speed youtube buffering
Please note that these are only tips to increase YouTube buffering speed. However the ultimate method is to upgrade your internet connection bandwidth.