'proxy'에 해당되는 글 22건

  1. 2012.01.06 OWASP AJAX Crawling Tool (update)
  2. 2011.06.08 Android Usb Port Forwarding (1)
  3. 2011.04.25 SSL 인증서 릴레이 네트워크 중계 sslsniff
2012.01.06 18:44

OWASP AJAX Crawling Tool (update)

Enumerating AJAX Applications with ACT (AJAX Crawling Tool)




This demo shows how the AJAX Crawling Tool can be used in conjunction with your favorite proxy to fully enumerate and test AJAX applications. The purpose of the video is to:

1) Demonstrate how traditional spidering tools do not enumerate entire applications
2) How to run a basic ACT session and attacking it's findings using a proxy


출처 : owasp.org 

Trackback 0 Comment 0
2011.06.08 20:33

Android Usb Port Forwarding

Introduction  

The Android architecture does not allow to start communication from the Android to the host through the USB cable.The opposite is possible, using the Google "Android Debug Bridge" (ADB in short).    

This tool will act as a tunnel between the Android client application and the host server. It is a software implementation of a router doing IP port forwarding.



On the Host part, you have to declare the ports you want to be opened on the Android and the tunnel will transfer communications between the android and the host. The host can be any server on the network or your local host. 

Prerequisits   

  • Enable "Usb debuging" on your Android
  • Install "Usb Tunnel" on your Android (see donwnload link on top of the article) or from the market :
  • Screenshot - market.jpg
  • Install the host windows application (see download link on top of the article) or this skydrive link or this GDoc link   
  • On the configuration panel, enter the path to the ADB program. ADB is part of the Android SDK. The installation includes the minimum files required.
  • Add tunnels. Each tunnel is composed of a name, an Android port (low port like 80 can't be used), a host IP and a host port (can be different from the android port)  


HTTP proxy 

If Tethering is a technology that allows you to use the mobile internet connection on your PC, this tool gives you the opposite. It's a sort of Reverse Tethering.   

You can now surf on your mobile (using the internet connection on your PC) through the Usb tunnel and via a proxy. 

If you are on a company network, ask your administrator what IP adddress and port he is using for the proxy. In some cases it can be the default gateway (run ipconfig command at the DOS prompt to find out what the default gateway is). 

If you are on a private network and you have no clue about the proxy adress and port, you can use a public proxy (do search for "Public proxy" on the internet). To help you out, here is link to a list of proxies. 

Another possibility is to install a local http proxy server like squid.  

Step 1 : configure the windows part. Since low ports can't be used, you should use a different high port for the android and another port for the host.  

Sample configuration for a company network : (192.168.xxx.xxx) on port 80 


Sample configuration for a public internet proxy on port 8080 

Step 2 : Connect he USB cable (of course).  Click the refresh button to display your device in the device list then click connect. The Android Usb tunnel service will start in the background. A connection icon will be added on the notification pannel.  

Step 3 : Setup your browser to use a proxy. Depending on the version of your Android OS, it's possible to define a http proxy in the advanced wifi settings menu (Not tested, available in Android 2.2). 

If you don't want to change the proxy each time (or have an older Android), it's perhaps better to install another browser that lets you specify a proxy.  

I tested it with Opera mobile ( Here is an article with some screenshots) :  

  • Enter about:config in the address bar 
  • Expand the proxy line  
  • Enter 127.0.0.1:8080 in the HTTP server and HTTPS server text box 
  • Click "Save" 

It may work with Firefox (not tested). I didn't find any information for proxy settings for skyfire 

Step 4 : Enjoy! enter any URL on your browser. Your firewall may detect that AndroidTool.exe is trying to access the internet. Give him the rights to access the proxy. 

In this screenshot, you can see the number of active connections , closed connections, total bytes transfered (to and from) 

I checked with an internet speed test. It's just a little bit slower. 

History 

May 2011 : First version 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author
Thierry Parent


Trackback 0 Comment 1
  1. 2011.06.08 20:36 address edit & del reply

    비밀댓글입니다

2011.04.25 18:37

SSL 인증서 릴레이 네트워크 중계 sslsniff

Some History:

This tool was originally written to demonstrate and exploit IE's vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.

It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.

The New Scoop:

Version 0.6 has been significantly updated to additionally support the null-prefix attacks that I demonstrated at BlackHat 09 and Defcon 17. These allow for completely silent MITM attacks against SSL/TLS in the NSS, Microsoft CryptoAPI, and GnuTLS stacks — ultimately allowing for SSL communication in Firefox, Internet Explorer, Chrome, Thunderbird, Outlook, Evolution, Pidgin, AIM, irssi, and every other client that uses the Microsoft CryptoAPI to be intercepted.

sslsniff has also been updated to support the OCSP attacks that I published at Blackhat 09 and Defcon 17, thus making the revocation of null-prefix certificates very difficult. Additionally, sslsniff now supports modes for hijacking auto-updates from Mozilla products, as well as for Firefox/Thunderbird addons. Attackers can specify payloads of their choice, which will be delivered to the targets being man-in-the-middled.

sslsniff is useful for deploying other vulnerabilities as well. This is the tool that the people who pulled the recent MD5 hash collision publicity stunt used to demonstrate MITM attacks with their rogue CA-certificate. Also, anyone who is capable of obtaining a forged certificate by any means can easily deploy it through sslsniff with the targeted mode designed for null-prefix attacks.

For more information on these attacks, see the video from Defcon 17.

The three steps to get this running are:
  • Download and run sslsniff-0.7.tar.gz
  • Setup iptables
  • Run arp-spoof

Installing sslsniff

  • Install the sslsniff dependencies (openssl, libboost1.35-dev, libboost-filesystem1.35-dev, libboost-thread1.35-dev, liblog4cpp5-dev)
  • Unpack sslsniff-0.7.tar.gz, run './configure', run 'make'

sslsniff requires Linux 2.4/2.6, although it can easily be ported to other platforms.

Running sslsniff

  • sslsniff can now be run in the old "authority" mode or the new "targeted" mode. You can specify a single cert to sign new certificates with, or you can specify a directory full of certificates to use for targeted attacks (these can be null-prefix or universal wildcard certificates).
  • sslsniff can now also defeat OCSP, fingerprint clients to attack, and hijack auto-updates.
  • See the README for more information on how to run sslsniff

Setting up iptables

  • Flip your machine into ip_forward mode (echo 1 > /proc/sys/net/ipv4/ip_forward)
  • Add a rule to intercept SSL traffic (iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports <$listenPort>)
  • If you wish to fingerprint clients and only intercept some traffic based on client type, add a rule to intercept HTTP traffic (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports <$httpListenPort>)

Running arpspoof

Assuming we want to intercept SSL traffic from 172.17.10.36, we need to trick that host into thinking that we're the router. Using arpspoof, we can convince the target that the router's MAC address is our MAC address.

  • arpspoof -i eth0 -t 172.17.10.36 172.17.8.1

At this point, any SSL traffic should get proxied by sslsniff and logged to the file you specify.



출처 : http://www.thoughtcrime.org/software/sslsniff/

Trackback 0 Comment 0