Archive for July, 2012
xssPlay is my latest code. It will be added to the pWeb suite of tools for penetration testing web applications.
xssPlay takes a url for input and scans through all GET parameters testing each one for a XSS vulnerability. If found, it will deface the website with either simple CSS, a generic image, or a specified image URL.
This application is coded in Perl/Tk using the MozRepl Firefox plugin. This plugin will take a screenshot of all successfully defaced websites automatically.
Click the thumbnail above to see this bad boy in it’s full glory.
This way we can feed a huge list of URLs to the application via a line-by-line file or xargs and have it go on it’s merry way. In the screenshot above, it proves that xssPlay defeats/finds other simple security measures, such as URL sanitation with magic quotes. It takes into account that all programmers have mistakes somewhere.
xssPlay logs all output and makes a tidy directory named after the domain name, just like SQLmap. In the directory in the screenshot above, it makes a log file, which shows all http requests times-stamped, and all screenshots of successfully defaced websites. In my case, I used the generic image that says “xxsplay was here!” but I specified the full url to prove that it can take any image online.
We can also specify any User Agent we’d like, or randomly choose a Mobile or Standard web browser User Agent.
This tool is valuable not only to the penetration tester, but to the web programmer as well. All of this code shall be released in BETA form shortly. I am adding support for crawling a document for more URLs and I have a working “search bar” attack implemented, but not in the code.
Disclaimer: This has been tested for Sprint’s FF18 ICS update for the Epic 4g Touch model ONLY. We are Not responsible for ToS’s, damages or warranties voided by anyone, anywhere, ever. EVAR.
Using Ad-Hoc mode for tethering is garbage. You can’t save any profiles for automatic connection on your supplicants, you need to fiddle with the Tether application when it randomly responds with “…started with errors..check error log!” and it’s an all around pain in the ass when you have multiple supplicants that don’t even support ad-hoc – like the PSP, 3DS, LINUX Drivers for popular WiFi adapters, etc.
So Sprint finally gave us Ice Cream Sandwich huh? Yay! WE CAN NOW REBOOT OUR PHONES FROM THE POWER MENU! Well, you may notice, if your phone was previously rooted that it no longer tethers and, obviously, got unrooted after the update. Phones always unroot after an Android update because of the kernel updates, etc. Anyways, If you follow this video and re-root your Galaxy SII Epic 4g Touch:
1. Make sure you install Samsung Kies and allow it to install drivers for your device.
2. Download the EXE file and extract the contents
3. Run the application within the directory labeled Odin-OC called “SPH-D710.FF18_CL663858_ROOTED_NODATA-OneClick.EXE” and plug in your phone.
4. hold the power button and the volume down button on your phone until you see a screen asking you to press “Volume Up” to continue.
5. Press “Start” button in application once your phone is visible (yellow highlight and SERIAL ID in black font).
Then you will be able to install “WiFi Tether,” and “Titanium Backup Pro” from the Google Play Market and start tethering! Here are the Application you need on your phone after rooting it:
Once installed, run the Titanium Backup Pro application and freeze the following applications from turning off your hotspot each time your devices display is activated from sleep:
Next, select “reboot phone” from the menu. Next, start up WiFi Tether For Root Users, and go straight into the settings menu. Make the following changes:
** Change the channel (This seems to jump start the 802.11 radio at startup)
** Disable startup checks (This seems to interfere with the application)
** Select Generic ICS
** Turn ON routing fix (This seems to solve a timeout issue for certain domains while tethered)
** The Kernel now supports netd for Infrastructure mode!
Now reboot your phone once more for the WiFi Tether for Root Users application settings to refresh (this seems to solve any mem caching issues that I couldn’t solve from force stopping the application and restarting it.) Once done, you will no longer need to use shitty ad-hoc mode again with your hacked ICS/SII E4gT! :)