[Video] Session Hijacking using Cookie Cadger

We all know that we can sniff passwords in our networks easily even if its sent over HTTPS (ie: SSL encrypted) , the problem is  most of users these days save their passwords in their favourite website (the “keep me logged in feature”) , when you do this the website authenticates the users using their cookies not using their password , this means the password is not sent over the network and therefore we can’t sniff it , instead we can sniff the user’s cookies and inject it into our browser.

In the past I used to use a tool called Hamster , however this tool is outdated now and the download link on its official website is broken , the one in backtrack keeps crashing and doesn’t always work.

Another famous tool to do this is a firefox plugin called firesheep , again its old and there is no official release for linux.

Cookie Cadger is a great program written in java , its very easy to use and best of all , it always works , every time I run a test it works perfectly.

To run Cookie Cadger you will need Wireshark , Java 7 and a new version of Firefox.

 

PS: you can use sslstrip with this attack to downgrade HTTPS connections to HTTP

Advertisements

[Video] Monitoring wireless connections using airdrop-ng

In this video , you will see how we can control all the connections around us (EX: kick users out of networks , or prevent them from connecting to any network or even prevent people from connecting to a specific network) using airdrop-ng , we don’t need to connect to any of the networks around us , all we need is airdrop-ng.

And as usual the video is for education purposes and i’m not responsible for any misuse of the info provided in this tutorial.

Enjoy :D

[python] Analysing HTML code using BeautifulSoup

Ok , so its been a while since my last post , but i’ve been busy with work and college that I literally had no time to write anything. Anyway , i’ve been looking to buy a new phone and i’ve noticed  that some great phones are going for sale very cheap on some classified websites , the only problem is that they get sold in less than 10 minutes , so I decided to make a python script that will play a warning once a phone that matches what I want comes on sale.

The first thing I had to do is read the html code of the target page that contains the ads,

import urllib2
usock = urllib2.urlopen("http://www.donedeal.ie/find/phones/for-sale/Ireland/") 
source = usock.read()
usock.close()

Now the source code is saved in the variable “source” , next I need to parse the html source code so that I can search for the phones that I want and make sure that they are within budget , to do this BeautifulSoup seems to work perfectly.

First import it

from BeautifulSoup import BeautifulSoup

To make things easier I separated the table in the middle from the rest of the code and then analysed each row separately as each row represents a different ad.

To separate a certain HTML tag from the source we can use the findAll property in BeautifulSoup , first lets parse the whole page with BeautifulSoup

search_table = BeautifulSoup(source)

and then i’m going to look for the div in the middle that has the class “text” ,

rows = search_table.body.findAll('div', attrs={'class':'text'})

Now the variable rows contain the HTML source code of all the ads without the top and bottom of the page , just the ad rows , all I need to do now is read each row on its own and read the title , price and how long its been on sale (cause I’m only interested in the new ads).

To read each row on its own I used a for loop as follows:

for line in rows:

In this loop I used BeautifulSoup again to parse each row and read the title price , date and URL , in my example the developer is using <span>’s for price and date so reading them is straight forward using findAll:

price = line.findAll(name = 'span' , attrs={'class':'price'})
dt = line.findAll(name = 'span' , attrs={'class':'publishDate'})

However the title is a bit tricky as it is inside an <a> tag in the <span> , so here is how I read it:

title = line.findAll(name = 'span' , attrs={'class':'header'}) # to read the span which contains the <a> tag
title = title[0].find('a').text #title '.text' is used to read what's between the <a> and </a> tag
link = title[0].find('a')['href'] #url , .you can replace 'href' with any attribute name inside the selected tag to read the value of that attribute

And thats pretty much it , all I did after that is check the title for types of phones that i’m looking for and check the price , if its within budget and the time is less than 6 minutes then it’ll play a warning and print the ad on screen.

here is the full program (make sure you put an mp3 file called ‘alert.mp3’ to play when a match is found)

[Video] Cracking WPA/WPA2 using reaver

Ok so this method is not new its been around for more than a year now , but since I never updated Wi-fEye for more than a year it doesn’t contain this attack , so while I was making a module to do this attack automatically I thought it might be a good idea to explain how to do it manually first.

Using reaver we don’t need any clients to be connected to the target network , we also don’t need to use a dictionary to brute force the WPA/WPA2 key,  This method depends on brute forcing  the WPS pin for the network , therefore it will only work on networks that use WPS pins. Cracking a WPS pin is much more easier than cracking a WPA or a WPA2 key as WPS pins only contain numbers , therefore using brute force its a matter of time (up to 10 hours) till we guess the correct pin , once we have the pin reaver can retrieve the WPA or WPA2 key from it.

3 ways to fix the fixed channel: -1 issue

fixed-channel:-1
fixed-channel:-1

Yesterday while I was working on the new version of Wi-fEye , I found out that every time I try to use airodump-ng I get the ‘mon0: fixed channel -1’ error message , now this is a very popular one , and there are a few ways to get around it , in the past to get around this I usually set the channel when I enable monitor mode , so instead of running

airmon-ng start [interface]

execute

airmon-ng start [interface] [target-AP-channel]

For example if your network interface is wlan0 and the target AP is running on channel 6 then the command would be

airmon-ng start wlan0 6

This unfortunately didn’t work on ubuntu 12.04 , so I decided to set the channel and enable monitor mode manually without airmon-ng.

iwconfig [interface] channel [target-channel]
 ifconfig [interface] down
 iwconfig [interface] mode monitor
 ifconfig [interface] up

This – sort of – did the trick , when I say sort of i mean the error message is gone , I can run airodump-ng successfully on any AP with no problems , I can assotiate with APs successfully as well , even the injection test (airmon-ng -9 wlan0) tells my that injection is working , but when I actually try to inject packets it doesn’t work :S.

At this stage I was out of ideas and had to ask google , after some googlig I decided to patch my kernel but before that I thought it could be a good idea to search for compat wireless , so I did and it was a good idea indeed.

first check you kernel version:

uname -r

then install the relevant compat wireless package from the software center or using apt-get.

Then I restarted my system and BOOM , injection is working perfectly.


Now all of these ways have worked for me at some stage (depending on the kernel , the linux distro and the wifi card) , so if you are stuck with the same problem try them all and see what works for you.

Hello world [The real one :D]

Ok , so my last blog was 2 years ago , i know i didn’t even blog much before that , the reason is that i never wanted to blog ! The only reason I made this blog is to talk about Wi-fEye and that’s what i did .

Now I actually want to start blogging , that’s why i’m going to consider this as my first blog …. lets just put the past behind :D

So i’m going to talk about everything here , mostly computer related stuff , but i’ll probably talk about other random shit as well. I will be blogging randomly as well , blogging is exhausting , thinking about taking a break already :P.

Oh yeah i’m working on a new version of Wi-fEye with some new cool features …. stay tuned !

Demo: LogKeys a linux keylogger

Last time i needed to use a keylogger on a linux computer, at that time i relised that i’ve never actially used a keylogger on linux and never really thought that i’ll need to use one on linux, so i started searching for one, i tried LKL (linux key logger) but it didn’t work for me, then i tried uberkey ,it was a bit buggy as i lost control over my mouse pointer. Then i came accross logkeys which was briliant !!
logkeys is a linux keylogger (GNU/Linux systems only). It is no more advanced than other available linux keyloggers, but is a bit more up to date, it doesn’t unreliably repeat keys and it should never crash your X. All in all, it just seems to work. It relies on event interface of the Linux input subsystem. Once set, it logs all common character and function keys, while also being fully aware of Shift and AltGr key modifiers. It works with serial as well as USB keyboards.