Firefox 65 rolls out new redesigned privacy controls as part of Mozilla’s anti-tracking promise.
Firefox 65 rolls out new redesigned privacy controls as part of Mozilla’s anti-tracking promise.
SharpWeb is a .NET 2.0 CLR compliant project that can retrieve saved logins from Google Chrome, Firefox, Internet Explorer and Microsoft Edge. In the future, this project will be expanded upon to retrieve Cookies and History items from these browsers.UsageUsage: .\SharpWeb.exe arg0 [arg1 arg2 …]Arguments: all – Retrieve all Chrome, FireFox and IE/Edge credentials. full – The same as ‘all’ chrome – Fetch saved Chrome logins. firefox – Fetch saved FireFox logins. edge – Fetch saved Internet Explorer/Microsoft Edge logins.Example: Retrieve Edge and Firefox Credentials.\SharpWeb.exe edge firefoxExample: Retrieve All Saved Browser Credentials.\SharpWeb.exe allStanding on the Shoulders of GiantsThis project uses the work of @plainprogrammer and his work on a compliant .NET 2.0 CLR compliant SQLite parser, which can be found here. In addition, @gourk created a wonderful ASN parser and cryptography helpers for decrypting and parsing the FireFox login files. It uses a revised version of his work (found here) to parse these logins out. Without their work this project would not have come together nearly as quickly as it did.Download SharpWeb
Poor DNS housekeeping opens the door to account takeover.
Unlike its browser competitors, Firefox will soon start blocking tracking cookies by default in the name of consumer privacy.
The service gleans information from receipts, travel itineraries, trade confirmations for online brokerages, Uber messages, auto-loan confirmation and promotions.
This extension allows you, in a quick and simple way, to improve the active and passive burpsuite scanner by means of personalized rules through a very intuitive graphical interface. Through an advanced search of patterns and an improvement of the payload to send, we can create our own issue profiles both in the active scanner and in the passive. This Extension Requires Burp Suite Pro.- Usage:1. Config sectionProfile Manager: you can manage the profiles, enable, disable o remove any of them.Select Profile: you can choose any profile, for modify it and save.Profiles reload: you can reload the profiles directory, for example, when you add new external profile to directory.Profile Directory: you choose the profiles directory path.2. PayloadsYou can add many payloads as you want. Each payload of this secction will be sent at each entry point (Insertion points provided by the burp api) You can choos multiple Enocders. For example, if you want encode the string alert(1), many times (in descendent order): Plain text: alert(1) HTML-encode all characters: alert(1) URL-encode all characters: %26%23%78%36%31%3b%26%23%78%36%63%3b%26%23%78%36%35%3b%26%23%78%37%32%3b%26%23%78%37%34%3b%26%23%78%32%38%3b%26%23%78%33%31%3b%26%23%78%32%39%3b Base64-encode: JTI2JTIzJTc4JTM2JTMxJTNiJTI2JTIzJTc4JTM2JTYzJTNiJTI2JTIzJTc4JTM2JTM1JTNiJTI2JTIzJTc4JTM3JTMyJTNiJTI2JTIzJTc4JTM3JTM0JTNiJTI2JTIzJTc4JTMyJTM4JTNiJTI2JTIzJTc4JTMzJTMxJTNiJTI2JTIzJTc4JTMyJTM5JTNi If you choose “URL-Encode these characters" option, you can put all characters that you want encode with URL. 3. Grep – MatchFor each payload response, each string, regex or payload (depending of you choose) will be searched with the specific Grep Options. Grep Type: Simple String: search for a simple string or stringsRegex: search for regular expressionPayload: search for payloads sendedPayload without encode: if you encode the payload, and you want find for original payload, you should choose thisGrep Options: Negative match: if you want find if string, regex or payload is not present in responseCase sensitive: Only match if case sensitiveNot in cookie: if you want find if any cookie attribute is not presentContent type: you can specify one or multiple (separated by comma) content type to search the string, regex or payload. For example: text/plain, text/html, …Response Code: you can specify one or multiple (separated by coma) HTTP response code to find string, regex or payload. For example. 300, 302, 400, …4. Write an IssueIn this section you can specify the issue that will be show if the condition match with the options specified.Issue NameSeverityConfidenceAnd others details like description, background, etc.- ExamplesSo, the vulnerabilities identified so far, from which you can make personalized improvements are:1- Active ScanXSS reflected and StoredSQL Injection error basedXXECommand injectionOpen RedirectLocal File InclusionRemote File InclusionPath TraversalLDAP InjectionORM InjectionXML InjectionSSI InjectionXPath Injectionetc2- Passive ScanSecurity HeadersCookies attributesSoftware versionsError stringsIn general any string or regular expression.For example videos please visit our youtube channel:YouTubeDownload BurpBounty
Gobuster is a tool used to brute-force:URIs (directories and files) in web sites.DNS subdomains (with wildcard support).Oh dear God.. WHY!?Because I wanted:… something that didn’t have a fat Java GUI (console FTW)…. to build something that just worked on the command line…. something that did not do recursive brute force…. something that allowed me to brute force folders and multiple extensions at once…. something that compiled to native on multiple platforms…. something that was faster than an interpreted script (such as Python)…. something that didn’t require a runtime…. use something that was good with concurrency (hence Go)…. to build something in Go that wasn’t totally useless.Common Command line options-fw – Force processing of a domain with wildcard results.-m
Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert, and Federico Dotta, a security expert at Mediaservice.net. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests.InstallationDownload Burp Suite (obviously): http://portswigger.net/burp/download.htmlDownload Jython standalone JAR: http://www.jython.org/downloads.htmlOpen burp -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JARInstall Autorize from the BApp Store or follow these steps:Download the Autorize.py file.Open Burp -> Extender -> Extensions -> Add -> Choose Autorize.py file.See the Autorize tab and enjoy automatic authorization detection :)User Guide – How to use?After installation, the Autorize tab will be added to Burp.Open the configuration tab (Autorize -> Configuration).Get your low-privileged user authorization token header (Cookie / Authorization) and copy it into the textbox containing the text “Insert injected header here". Note: Headers inserted here will be replaced if present or added if not.Uncheck "Check unauthenticated" if the authentication test is not required (request without any cookies, to check for authentication enforcement in addiction to authorization enforcement with the cookies of low-privileged user)Click on "Intercept is off" to start intercepting the traffic in order to allow Autorize to check for authorization enforcement.Open a browser and configure the proxy settings so the traffic will be passed to Burp.Browse to the application you want to test with a high privileged user.The Autorize table will show you the request’s URL and enforcement status.It is possible to click on a specific URL and see the original/modified/unauthenticated request/response in order to investigate the differences.Authorization Enforcement StatusThere are 3 enforcement statuses: Bypassed! – Red color Enforced! – Green color Is enforced??? (please configure enforcement detector) – Yellow colorThe first 2 statuses are clear, so I won’t elaborate on them.The 3rd status means that Autorize cannot determine if authorization is enforced or not, and so Autorize will ask you to configure a filter in the enforcement detector tabs. There are two different enforcement detector tabs, one for the detection of the enforcement of low-privileged requests and one for the detection of the enforcement of unauthenticated requests.The enforcement detector filters will allow Autorize to detect authentication and authorization enforcement in the response of the server by content length or string (literal string or regex) in the message body, headers or in the full request.For example, if there is a request enforcement status that is detected as "Authorization enforced??? (please configure enforcement detector)" it is possible to investigate the modified/original/unauthenticated response and see that the modified response body includes the string "You are not authorized to perform action", so you can add a filter with the fingerprint value "You are not authorized to perform action", so Autorize will look for this fingerprint and will automatically detect that authorization is enforced. It is possible to do the same by defining content-length filter or fingerprint in headers.Interception FitlersThe interception filter allows you configure what domains you want to be intercepted by Autorize plugin, you can determine by blacklist/whitelist/regex or items in Burp’s scope in order to avoid unnesseary domains to be intercepted by Autorize and work more organized.Example of interception filters (Note that there is default filter to avoid scripts and images):AuthorsBarak Tawily, Application Security ExpertFederico Dotta, Security Expert at Mediaservice.netDownload Autorize
Defeating Google’s audio reCaptcha system with 85% accuracy. InspirationAcross the Internet, hundreds of thousands of sites rely on Google’s reCaptcha system for defense against bots (in fact, Devpost uses reCaptcha when creating a new account). After a Google research team demonstrated a near complete defeat of the text reCaptcha in 2012, the reCaptcha system evolved to rely on audio and image challenges, historically more difficult challenges for automated systems to solve. Google has continually iterated on its design, releasing a newer and more powerful version as recently as just this year. Successfully demonstrating a defeat of this captcha system spells significant vulnerability for hundreds of thousands of popular sites.What it doesOur unCaptcha system has attack capabilities written for the audio captcha. Using browser automation software, we can interact with the target website and engage with the captcha, parsing out the necessary elements to begin the attack. We rely primarily on the audio captcha attack – by properly identifying spoken numbers, we can pass the reCaptcha programmatically and fool the site into thinking our bot is a human. Specifically, unCaptcha targets the popular site Reddit by going through the motions of creating a new user, although unCaptcha stops before creating the user to mitigate the impact on Reddit.BackgroundGoogle’s reCaptcha system uses an advanced risk analysis system to determine programmatically how likely a given user is to be a human or a bot. It takes into account your cookies (and by extension, your interaction with other Google services), the speed at which challenges are solved, mouse movements, and (obviously) how successfully you solve the given task. As the system gets increasingly suspicious, it delivers increasingly difficult challenges, and requires the user to solve more of them. Researchers have already identified minor weaknesses with the reCaptcha system – 9 days of legitimate (ish) interaction with Google’s services is usually enough to lower the system’s suspicion level significantly.How it worksThe format of the audio captcha is a varied-length series of numbers spaced out read aloud at varied speeds, pitches, and accents through background noise. To attack this captcha, the audio payload is identified on the page, downloaded, and automatically split by locations of speech.From there, each number audio bit is uploaded to 6 different free, online audio transcription services (IBM, Google Cloud, Google Speech Recognition, Sphinx, Wit-AI, Bing Speech Recognition), and these results are collected. We ensemble the results from each of these to probabilistically enumerate the most likely string of numbers with a predetermined heuristic. These numbers are then organically typed into the captcha, and the captcha is completed. From testing, we have seen 92%+ accuracy in individual number identification, and 85%+ accuracy in defeating the audio captcha in its entirety.InstallationFirst, install python dependencies:$ pip install -r requirements.txtMake sure you also have sox, ffmpeg, and selenium installed!$ apt-get install sox ffmpeg seleniumThen, to kick off the PoC:$ python main.py –audio –redditThis opens reddit.com, interacts with the page to go to account signup, generates a fake username, email, password, and then attacks the audio captcha. Once the captcha is completed (whether it passed or not), the browser exits.To learn morePlease read our paper, located here, for more information. Additionally, you can visit our website here, or check out the original Slides for USENIX WOOT ’17.DisclaimerunCaptcha is intended to be a proof of concept. As of the time of our paper, we found it to successfully solve reCaptcha’s audio challenges with 85% success. Since that time, reCaptcha appears to include some additional protections that limit unCaptcha’s success.For instance, Google has also improved their browser automation detection. This means that Selenium cannot be used in its current state to get captchas from Google. This may lead to Google sending odd audio segments back to the end user. Additionally, we have observed that some audio challenges include not only digits, but small snippets of spoken text.We encourage you to be careful when doing research in this field, to be mindful of local, state, and federal law, and to responsibly disclose any potential vulnerabilities to Google immediately.Additionally, we have removed our API keys from all the necessary queries. If you are looking to recreate some of the work or are doing your own research in this area, you will need to acquire API keys from each of the six services used. These keys are delineated in our files by a long string of the character ‘X’.ExampleDownload uncaptcha