Right, so this is what has been keeping me busy, along with college of course. This is a comprehensive course on using Android as a penetration testing tool, you will start as a beginner with no previous knowledge about penetration testing. The course will start with you from scratch, from preparing your Android device and computer, […]
So its been a while since I wrote anything , I’ve just been really busy with work and college. After the great success the Arabic version of this course have made , I decided to make an English version of this course. The course is designed to take your network hacking skills from scratch to a […]
In this video , you’ll see how easy it is to create a fake software update and hack windows 8 using Wi-fEye.
Wi-fEye will create a back door (or you can use your own) , then it will start Evilgrade server and DNS-spoof all requests to update the target software to our machine where we have Evilgrade running , Evilgrade will send the back door to the target machine instead of sending an update , once the machine receives the update file it will run it and execute our back door :)
We all know that we can sniff passwords in our networks easily even if its sent over HTTPS (ie: SSL encrypted) , the problem is most of users these days save their passwords in their favourite website (the “keep me logged in feature”) , when you do this the website authenticates the users using their cookies not using their password , this means the password is not sent over the network and therefore we can’t sniff it , instead we can sniff the user’s cookies and inject it into our browser.
In the past I used to use a tool called Hamster , however this tool is outdated now and the download link on its official website is broken , the one in backtrack keeps crashing and doesn’t always work.
Another famous tool to do this is a firefox plugin called firesheep , again its old and there is no official release for linux.
Cookie Cadger is a great program written in java , its very easy to use and best of all , it always works , every time I run a test it works perfectly.
To run Cookie Cadger you will need Wireshark , Java 7 and a new version of Firefox.
PS: you can use sslstrip with this attack to downgrade HTTPS connections to HTTP