RSS


FOOTPRITING AND INFORMATION GATHERING USED IN HACKING

0
Posted by KP-3မိသားစု |

WHAT IS FOOTPRITING AND INFORMATION GATHERING IN HACKING?

 Footpriting is the technique used for gathering information about computer systems and the entities they belongs too. 
To get this information, a hacker might use various tools and technologies.

Basically it is the first step where hacker gather as much information as possible to find the way for cracking the whole system or target or atleast decide what types of attacks will be more suitable for the target.

 Footpriting can be both passive and active.

 Reviewing a company's website is an example of passive footprinting, 
whereas attempting to gain access to sensititve information through social engineering is an example of active information gathering.

 During this phase hacking, a hacker can collect the following information>- Domain name
-IP Addresses
-Namespaces
-Employee information 
-Phone numbers
-E-mails 
Job information

 Tip-You can use http://www.whois.com/ website to get detailed information about a domain name information including its owner,its registrar, date of registration, expiry, name servers owner's contact information etc.

 Use of  Footprinting & Information Gathering in People Searching-
Now a days its very easy to find anyone with his/her full name in social media sites like Facebook, Instragram,Twitter,Linkdedin to gather information about date of birth,birthplace, real photos, education detail, hobbies, relationship status etc.

 There are several sites like PIPL,PeekYou, Transport Sites such as mptransport,uptransport etc and Job placement Sites such as Shine.com,Naukari.com , Monster.com etc which are very useful for hacker to collect information about anyone.  
Hacker collect the information about you from your Resume which you uploaded on job placement site for seeking a job as well as  hacker collect the information from your vehicle number also from transport sites to know about the owner of vehicle, adderess etc then after they make plan how to attack on victim to earn money after know about him/her from collecting information.


INFORMATION GATHERING-It is the process of collecting the information from different places about any individual company,organization, server, ip address or person.
Most of the hacker spend his time in this process.

Information gathering plays a vital role for both investigating and attacking purposes.This is one of the best way to collect victim data and find the vulnerability and loopholes to get unauthorized modifications,deletion and unauthorized access.



Related links

Read more »


Security And Privacy Of Social Logins (III): Privacy In Single Sign-On Protocols

0
Posted by KP-3မိသားစု |

 This post is the second out of three blog posts summarizing my (Louis Jannett) research on the design, security, and privacy of real-world Single Sign-On (SSO) implementations. It is based on my master's thesis that I wrote between April and October 2020 at the Chair for Network and Data Security.

We structured this blog post series into three parts according to the research questions of my master's thesis: Single Sign-On Protocols in the Wild, PostMessage Security in Single Sign-On, and Privacy in Single Sign-On Protocols.

Overview

Part I: Single Sign-On Protocols in the Wild

Although previous work uncovered various security flaws in SSO, it did not work out uniform protocol descriptions of real-world SSO implementations. We summarize our in-depth analyses of Apple, Google, and Facebook SSO. We also refer to the sections of the thesis that provide more detailed insights into the protocol flows and messages.
It turned out that the postMessage API is commonly used in real-world SSO implementations. We introduce the reasons for this and propose security best practices on how to implement postMessage in SSO. Further, we present vulnerabilities on top-visited websites that caused DOM-based XSS and account takeovers due to insecure use of postMessage in SSO.

Part III: Privacy in Single Sign-On Protocols

Identity Providers (IdPs) use "zero-click" authentication flows to automatically sign in the user on the Service Provider (SP) once it is logged in on the IdP and has consented. We show that these flows can harm user privacy and enable new targeted deanonymization attacks of the user's identity.

Introduction to XS-Leaks in Single Sign-On

Cross-site leak (XS-Leak) refers to a family of browser side-channel techniques that can be used to infer and gather information about users [...]. While the deanonymization capabilities of XS-Leak attacks are only just being realized, some researchers have said the technique will soon be in the OWASP Top 10. 

In SSO setups, redirects can leak private information about the user. Thus, we focused on XS-Leaks that detect cross-origin redirects, i.e., whether a cross-origin request returns an `HTTP/200` or `HTTP/302` response. In this post, we present an XS-Leak that is based on the Fetch API and detects cross-origin redirects with 100% accuracy. The following method expects a URL, sends a GET request, and finally returns `true` if the response is a redirect or `false` if the response is no redirect:
// let is_redirect = await xs_leak_redirect("<URL>");  async function xs_leak_redirect(url) { 	let res = await fetch(url, { 		mode: "cors", 		credentials: "include", 		redirect: "manual" 	}).then( (response) => { 		if (response.type == "opaqueredirect") { 			return true; 		} 	}).catch( (error) => { 		return false; 	}); 	return res; }

More details are provided in Section 5.1.4.1 of the thesis.

XS-Leaks in Single Sign-On: Account Leakage Attack

With the account leakage attack, the attacker can determine whether the victim has an account on a targeted SP with a certain IdP. Specifically, the attacker checks whether the victim has granted consent to the targeted SP with the IdP. This attack is scalable: The attacker can test multiple (SP, IdP) pairs and check for which pair the victim has an account on the SP. The following prerequisites must hold:
  • The victim visits an attacker-controlled website.
  • The victim is signed-in on the IdP (i.e., in Google Chrome with its Google account).
  • The IdP supports the standardized `prompt=none` parameter.
The attack idea is simple: Let's assume the attacker wants to know whether the victim has an account on SP `sp.com` with the IdP `idp.com`. The attacker first tricks the victim into visiting its malicious website `attacker.com`. We further assume that the victim has an active session on the IdP. Then, the attacker constructs an Authentication Request URL, as shown in the figure below. Note that the SP `sp.com` has the `client_id=superSecretClient` on the IdP, the `redirect_uri` is set to `sp.com/redirect`, and the `prompt=none` parameter is set. 
From the attacker's website, a cross-origin `Fetch` request is sent to that URL as shown before. If the `prompt=none` flow is requested with established consent on the SP, the IdP returns the Authentication Response as an `HTTP/302` redirect to the `redirect_uri`. If the victim has not granted the SP's consent, the IdP returns the consent page with an `HTTP/200` response and asks the user to grant the consent. Thus, based on whether the victim has or has not an account on `sp.com`, the IdP returns an `HTTP/302` redirect or an `HTTP/200` response. Although the Same Origin Policy prevents us from viewing the response from `idp.com`, we can use the XS-Leak to detect whether a redirect was performed or not. If a redirect was performed, the victim has an account on `sp.com` with the IdP. If no redirect was performed, the victim has no account.

We tested this attack with the Apple, Google, and Facebook IdP. It only works for Google and Facebook since Apple requires user interaction in each flow. A working PoC is provided on https://xsleak.sso.louisjannett.de. If the "Start" button is clicked, the website checks if you have an account on adobe.com, ebay.com, imdb.com, medium.com, or vimeo.com using either the Google or Facebook IdP. Make sure that you are signed in at Google and Facebook before testing and enable third-party cookies.

To circumvent this attack, the IdP must return an error as `HTTP/302` redirect if the `prompt=none` flow is requested, but no consent is given. This mitigation is described in the OpenID Connect specification, but as shown, not adopted by real-world IdPs.

More details are provided in Section 5.1 of the thesis.

XS-Leaks in Single Sign-On: Identity Leakage Attack

The identity leakage attack extends the account leakage attack by the `login_hint` parameter. The attacker can determine whether the victim has a certain identity on a targeted IdP. The attacker can use this information to check if a certain person is visiting its website. Therefore, all prerequisites of the account leakage attack must hold and the IdP must support the standardized `login_hint` parameter.

Once a victim visits the malicious website, the attacker must initially guess an (SP, IdP) pair that the victim most likely gave consent to, i.e., that causes the IdP in the `prompt=none` flow to return a redirect to `sp.com/redirect`. The attacker can use the account leakage attack to determine such a pair by testing the most-popular SPs and IdPs. Then, a new Authentication Request is created, and the `login_hint` parameter is set to the email address of the victim, i.e., `alice@example.com`. The attacker sends the Fetch request and determines whether the IdP returns an `HTTP/302` redirect or an `HTTP/200` response. If a redirect was performed, the attacker knows that the Authentication Request was valid, and thus the victim is `alice@example.com`. If no redirect was performed, the victim is not `alice@example.com`. The success of this attack depends on whether the attacker can guess (or eventually knows) an (SP, IdP) pair that the targeted victim gave consent to.

We tested this attack with the Apple, Google, and Facebook IdP. It only works for Google since Apple does not support the `prompt=none` flow, and Facebook does not support the `login_hint` parameter. We discovered that the `login_hint` parameter must contain a valid email address registered at Google. Otherwise, this parameter is ignored.


To mitigate this leakage, the IdP must return an error as `HTTP/302` redirect if a `login_hint` parameter is queried that the user does not own. We did not find any information about the `login_hint` parameter in the OpenID Connect specification that proposes guidelines for this scenario.

More details are provided in Sections 5.1 of the thesis.

Automatic Sign-In and Session Management Practices in the Wild

Following the observations of the account leakage and identity leakage attacks, we analyzed "zero-click" SSO flows in terms of automatic sign-in features provided by the IdPs with their SDKs. We found that under certain assumptions, the SDKs can be configured to automatically sign in the user on the SP even though the user did not click on the sign-in button and may not notice the sign-in process.

Google and Facebook support automatic sign-in with their SSO SDKs: Google Sign-In, Google One Tap, and Facebook Login. They follow a similar approach: The user visits the SP website that integrates and initializes the SDK with automatic sign-in enabled. Suppose the user has an active session on the IdP, valid consent for the SP, and third-party cookies enabled. In that case, the SDK first retrieves a logout state from browser storage to determine whether the user signed out previously using the SDK's sign-out method. If the logout state is set to false or does not exist, the SDK returns the Authentication Response to the SP website, i.e., to a registered callback. If it is set to true, the SDK does not proceed with the automatic sign-in and instead requires the user to click on the sign-in button. Thus, the execution of the automatic sign-in flow depends on the stored logout state. If the browser storage is cleared (i.e., cookies are deleted or a private window is opened), the logout state does not exist, and thus the automatic sign-in is enabled.

Note that the logout state is only a feature provided by the SDKs to stop unwanted sign-in operations on the SP. They do not prevent the SP from secretly receiving tokens from the IdP. If the SP does not use the SDK's sign-out method, the logout state will never be set to true. Alternatively, the SP may manually request the tokens from the IdP in the background without paying attention to any logout state. Note that this automatic sign-in flow is different than the standardized `prompt=none` flow because it returns the tokens in the background (i.e., via Fetch requests), whereas the `prompt=none` flow requires a redirect that is in some form visible to the user.

Google and Facebook use different approaches to receive the Authentication Response in the background. Google sends a `getTokenResponse` RPC from the SP website to its proxy iframe and receives the tokens with postMessage. Facebook issues a simple CORS request and receives the tokens in the CORS response.

For instance, SPs can send the following CORS request with the Fetch API to Facebook:
GET /x/oauth/status?client_id=<CLIENT_ID> HTTP/1.1 Host: www.facebook.com Origin: https://sp.com Cookie: c_user=REDACTED; xs=REDACTED;

If the user has an active session at Facebook (i.e., cookies are set) and valid consent, Facebook responds with a CORS response and explicitly allows the SP to read the `fb-ar` header that contains the tokens:
HTTP/1.1 200 OK Access-Control-Allow-Origin: https://sp.com Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: fb-ar,fb-s fb-s: connected fb-ar: {"user_id": "REDACTED", "access_token": "REDACTED", "signed_request": "REDACTED"}

We tested the automatic sign-in on top-visited SPs and found that some of them implement it as expected. For instance, `change.org` supports automatic sign-in with Facebook: First, we open `change.org` without being logged in on Facebook. Thus, we are not signed-in automatically. Then, we log in on Facebook and reload `change.org`. As shown, `change.org` uses the CORS request to receive the tokens from Facebook and finally logs us in. The user interface does not indicate that we were just signed in. Only the small profile picture in the top right corner is added to the UI.


More details and examples of automatic sign-in flows are provided in Section 5.3 of the thesis.

Acknowledgments

My thesis was supervised by Christian MainkaVladislav Mladenov, and Jörg Schwenk. Huge "thank you" for your continuous support, advice, and dozens of helpful tips. 
Also, special thanks to Lauritz for his feedback on this post and valuable discussions during the research. Check out his blog post series on Real-life OIDC Security as well.

Authors of this Post

Louis Jannett
Related links

  1. Hackrf Tools
  2. Hack Tools Online
  3. Hack Tools For Windows
  4. Hacker Search Tools
  5. Black Hat Hacker Tools
  6. Hacking Tools Usb
  7. Hacker Tools For Windows
  8. Pentest Tools Open Source
  9. Pentest Tools Alternative
  10. Hacking Tools Kit
  11. Hacking Tools 2019
  12. Pentest Tools Linux
  13. Android Hack Tools Github
  14. Pentest Box Tools Download
  15. Hacker Tools Linux
  16. Hacker Tools For Mac
  17. Hacking Tools For Games
  18. Hack Tool Apk
  19. Hacker Techniques Tools And Incident Handling
  20. Tools Used For Hacking
  21. Pentest Tools For Windows
  22. Hacking App
  23. How To Install Pentest Tools In Ubuntu
  24. Hacking Tools Github
  25. Hack Tools For Pc
  26. Hacker Tools 2020
  27. Hacker Tools Linux
  28. Hacker Tools Linux
  29. Hack Rom Tools
  30. Pentest Tools For Mac
  31. Hacking Tools Github
  32. Pentest Tools Online
  33. Hacking Tools Usb
  34. Pentest Tools
  35. Pentest Tools Tcp Port Scanner
  36. Hacking Tools Pc
  37. Hacker Tools 2019
  38. Pentest Tools Github
  39. Blackhat Hacker Tools
  40. Growth Hacker Tools
  41. Pentest Tools Review
  42. Hack Tools For Ubuntu
  43. New Hacker Tools
  44. Best Hacking Tools 2019
  45. Hack App
  46. Hacking Tools For Kali Linux
  47. Hacker Security Tools
  48. Free Pentest Tools For Windows
  49. Black Hat Hacker Tools
  50. Pentest Tools Apk
  51. Hacker Search Tools
  52. Hack Tools Download
  53. Hacker Techniques Tools And Incident Handling
  54. Hak5 Tools
  55. Hacker Tools Windows
  56. Hacker Tools Hardware
  57. Hacking Tools For Windows
  58. Hacking Tools For Windows 7
  59. Hacker Tool Kit
  60. Hacking Tools Online
  61. Hacker Tools 2019
  62. Tools Used For Hacking
  63. Hacker Hardware Tools
  64. Hacking Tools Windows
  65. Pentest Tools Port Scanner
  66. Hack Tools For Windows
  67. Hack Tools For Games
  68. Hacker Tools Hardware
  69. Hacking Tools Windows 10
  70. Pentest Tools Alternative

Read more »


Funnel Builder Software: Definition, Types, Features, Pricing, Benefits

0
Posted by KP-3မိသားစု |

Funnel builder software is a powerful tool that enables businesses to create, visualize, and manage sales funnels without extensive coding knowledge. It streamlines the process of building effective funnels that guide customers through the buying journey, leading to increased conversions and revenue.

Here's a comprehensive guide to funnel builder software, covering everything from the basics to advanced features and best practices.

Types of Funnel Builder Software

  • All-in-one platforms: These platforms offer a wide range of features beyond funnel building, often including marketing automation, email marketing, CRM, landing page builders, and more. Popular examples include ClickFunnels, Kartra, and Kajabi.
  • Standalone funnel builders: These tools focus specifically on funnel creation and optimization, providing a more streamlined experience. Examples include Leadpages, Unbounce, and Instapage.
  • WordPress plugins: These plugins add funnel building capabilities to existing WordPress websites, such as Thrive Architect and OptimizePress.

Key Features to Consider

  • Drag-and-drop interface: This user-friendly interface allows you to build pages and funnels visually, without coding.
  • Page templates: Pre-designed templates save time and provide inspiration for various funnel types, such as lead capture pages, sales pages, webinar registration pages, and more.
  • Integrations: Connect your funnel builder with other essential tools, such as email marketing services, payment gateways, and CRM systems.
  • Analytics: Track funnel performance to measure results and make data-driven decisions.
  • A/B testing: Experiment with different versions of your funnels to optimize conversion rates.

Pricing and Plans

  • Pricing models vary: Some software offers monthly subscriptions, while others have one-time fees or tiered pricing structures.
  • Free plans: Some providers offer limited free plans to try out the software before committing.

Ease of Use and Customer Support

  • Consider your team's technical expertise: Choose software with an intuitive interface and comprehensive support resources if needed.

Benefits of Using Funnel Builder Software

  • Streamlined funnel creation
  • Improved conversion rates
  • Increased revenue
  • Time savings
  • Better insights

Conclusion

Funnel builder software is an invaluable tool for businesses of all sizes that want to optimize their sales and marketing efforts. By choosing the right software and following best practices, you can create high-converting funnels that drive growth and success.

Resources:

 

--
You received this message because you are subscribed to the Google Groups "Broadcaster" group.
To unsubscribe from this group and stop receiving emails from it, send an email to broadcaster-news+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/broadcaster-news/0641851f-4889-4b21-bcdc-acf52aabe4f5n%40googlegroups.com.

Read more »


TLS V1.2 Sigalgs Remote Crash (CVE-2015-0291)

0
Posted by KP-3မိသားစု |


OpenSSL 1.0.2a fix several security issues, one of them let crash TLSv1.2 based services remotelly from internet.


Regarding to the TLSv1.2 RFC,  this version of TLS provides a "signature_algorithms" extension for the client_hello. 

Data Structures
If a bad signature is sent after the renegotiation, the structure will be corrupted, becouse structure pointer:
s->c->shared_sigalgs will be NULL, and the number of algorithms:
s->c->shared_sigalgslen will not be zeroed.
Which will be interpreted as one algorithm to process, but the pointer points to 0x00 address. 


Then tls1_process_sigalgs() will try to process one signature algorithm (becouse of shared_sigalgslen=1) then sigptr will be pointer to c->shared_sigalgs (NULL) and then will try to derreference sigptr->rhash. 


This mean a Segmentation Fault in  tls1_process_sigalgs() function, and called by tls1_set_server_sigalgs() with is called from ssl3_client_hello() as the stack trace shows.




StackTrace

The following code, points sigptr to null and try to read sigptr->rsign, which is assembled as movzbl eax,  byte ptr [0x0+R12] note in register window that R12 is 0x00

Debugger in the crash point.


radare2 static decompiled


The patch fix the vulnerability zeroing the sigalgslen.
Get  David A. Ramos' proof of concept exploit here





Related news


  1. Hacking Tools Name
  2. Hack Tools For Pc
  3. Pentest Tools Apk
  4. Hacker Tools Windows
  5. Blackhat Hacker Tools
  6. New Hacker Tools
  7. Pentest Tools Download
  8. Hack Tools For Pc
  9. How To Hack
  10. Hacking Tools Download
  11. Pentest Tools Open Source
  12. Hacking Tools Kit
  13. Physical Pentest Tools
  14. Pentest Tools Online
  15. Hack Tools Download
  16. Hack Tool Apk No Root
  17. Hack Tools
  18. Kik Hack Tools
  19. Hacking Tools 2019
  20. Hacking Tools Download
  21. How To Hack
  22. Install Pentest Tools Ubuntu
  23. Best Hacking Tools 2020
  24. Pentest Tools Open Source
  25. Hack Tools Mac
  26. Hack Tools Pc
  27. Hacker Tools
  28. Pentest Automation Tools
  29. Pentest Tools For Mac
  30. Pentest Tools Tcp Port Scanner
  31. Pentest Recon Tools
  32. Hacking Tools For Kali Linux
  33. Hacking Tools For Windows Free Download
  34. Hacker Tools Free Download
  35. Hacking Tools For Mac
  36. Hacker Tools 2019
  37. Hacker Security Tools
  38. Hacks And Tools
  39. Hacker Tools Hardware
  40. Hacking Tools For Kali Linux
  41. Hacker Tools For Mac
  42. Hacker Tools 2019
  43. Hacker Tools Apk Download
  44. Pentest Tools Website Vulnerability
  45. Growth Hacker Tools
  46. Hacker Tools Apk
  47. Hacks And Tools
  48. Hack Tools
  49. Hack And Tools
  50. Hacker Techniques Tools And Incident Handling
  51. Hack Tools
  52. Pentest Tools Port Scanner
  53. Hacker Tools
  54. Pentest Tools
  55. Pentest Tools
  56. Hacker Techniques Tools And Incident Handling
  57. Hacker Tools Apk
  58. Hacker Tools 2019
  59. Black Hat Hacker Tools
  60. Hacking Tools For Games
  61. Hacking Tools 2019
  62. Hacking Tools Mac
  63. Hacker Tools For Windows
  64. Pentest Tools Bluekeep
  65. Hack Tools
  66. Wifi Hacker Tools For Windows
  67. Tools 4 Hack
  68. Hacking Tools For Windows
  69. Hacker Techniques Tools And Incident Handling
  70. Pentest Tools Linux
  71. Hacker Tools
  72. Hacking Tools Name
  73. Hack And Tools
  74. Hacking Tools Windows 10
  75. What Are Hacking Tools
  76. Hacker Search Tools
  77. Hacking Tools For Windows 7
  78. Free Pentest Tools For Windows
  79. Tools 4 Hack
  80. Hacker
  81. Hacker Tools Github
  82. Hacking Tools Kit
  83. Hacking Apps
  84. Hacker Tools Online
  85. Hacker Search Tools
  86. Pentest Tools Kali Linux
  87. Hacker Tools For Mac
  88. How To Make Hacking Tools

Read more »
2010 Hi There Theme designed by Wordpress Theme| Blogger Templates by Blogger Template | Bollywood Movie Wallpaper