Cyber News Rundown: Android Trojan Steals Credentials

Reading Time: ~2 min.Android-based Trojan Steals Credentials A new Trojan has been spotted on the Android OS that uses screen overlays for popular applications to trick users into entering credentials for apps like PayPal, Google Play, and even several banking apps. By displaying the overlay in the lock foreground screen, users are unable to close the pop-ups with […]
The post Cyber News Rundown: Android Trojan Steals Credentials appeared first on Webroot Blog.

Link: https://www.webroot.com/blog/2018/12/14/cyber-news-rundown-android-trojan-steals-credentials

How To Add Startup Password in Google Chrome

Are you worried about the stored password in your browser? If you have a habit of storing passwords in the browser, there is a possibility that someone having access to your system can misuse your online accounts by that saved password. Not just your saved password, but other people can check your download history and web history. This […]
The post How To Add Startup Password in Google Chrome appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/vyeqUPqScYk/how-to-add-startup-password-in-google.html

AES-Killer v3.0 – Burp Plugin To Decrypt AES Encrypted Traffic Of Mobile Apps On The Fly

Burpsuite Plugin to decrypt AES Encrypted traffic on the fly.RequirementsBurpsuiteJavaTested onBurpsuite 1.7.36Windows 10xubuntu 18.04Kali Linux 2018What it doesThe IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses.Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version.NOTE: Currently support AES/CBC/PKCS5Padding encryption/decryption.How it worksRequire AES Encryption Key (Can be obtained by using frida script or reversing mobile app)Require AES Encryption Initialize Vector (Can be obtained by using frida script or reversing mobile app)Request Parameter (Leave blank in case of whole request body)Response Parameter (Leave blank in case of whole response body)Character Separated with space for obfuscation on request/response (In case of Offuscation)URL/Host of target to decrypt/encrypt request and responseHow to InstallDownload jar file from Release and add in burpsuiteOriginal Request/ResponseGetting AES Encryption Key and IVFirst setup frida server on IOS and Android device.Launch Application on mobile device.Run this frida script on your host machine to get AES Encryption Key and IV.Decrypt Request/ResponseProvide SecretSpecKey under Secret Key fieldProcide IV under Initialize Vector fieldProvide Host/URL to filter request and response for encryption and decryptionPress Start AES KillerDownload AES-Killer

Link: http://feedproxy.google.com/~r/PentestTools/~3/dDw3ZmPgZP4/aes-killer-v30-burp-plugin-to-decrypt.html

How to Hide Apps on Android

Our smartphone tells a lot about us. We use several apps for several things, but we may not be comfortable in showing all of our installed apps to others. For example, you will not like if you girlfriend finds Tinder on your phone. If you feel same, you can hide apps. Hidden apps will not […]
The post How to Hide Apps on Android appeared first on UseThisTip.

Link: http://feedproxy.google.com/~r/blogspot/csAFg/~3/s_QXxm3aQkU/how-to-hide-apps-on-android.html