Buscar

Setting Up A Burp Development Environment

domingo, 26 de abril de 2020

This quick blog post will document getting started with developing Burp extensions using java. Burp provides interfaces for developers to hook into the Burp application and extend the application or integrate with other tools, this interface is documented on the following site - http://portswigger.net/burp/extender/

For this guide you will need the following items:


After downloading and opening up Eclipse you will need to create a new java project. This can be done by clicking "File->New Java Project". Fill in a project name and click finish.

Once the project has been created you will need to create a new package called "burp". This can be done by right clicking the "src" folder under your new project and selecting "New->Package". When the dialog comes up set the "Name" as "burp":

You should now have a package named "burp" under the source folder in the right pane. Now you will need to import the Burp extender classes into your project. Download all of the extender classes to a local folder, once this is done right click on the "burp" package in your project and select "Import". On the dialog window that comes up select "General->File System" and hit "next":

On the next dialog you will need to navigate to where you downloaded the Burp extender classes to. Once you have done this you should see the classes, click on the folder to select all items and click "Finish":

Next we can add the Burp application into the project. To do this click on "Project->Properties" on the top toolbar. When the dialog opens select "Java Build Path" and then the "Libraries" tab. On this dialog click "Add External JARs..."
Navigate to where ever you have Burp downloaded to and select it. After you have done this click "OK" to dismiss the dialog. You are now ready to build your own Burp extensions. You can test your environment by creating a new class in the burp package named "BurpExtender". Right click the "burp" package and click "New->Class". On the dialog that comes up enter "BurpExtender" and click "Finish":

In the "BurpExtender" class you can enter the following:


package burp;


public class BurpExtender
{
    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
    {
        callbacks.registerMenuItem("Hello World.", new CustomMenuItem());
    }
}


class CustomMenuItem implements IMenuItemHandler
{
    public void menuItemClicked(String menuItemCaption, IHttpRequestResponse[] messageInfo)
    {
        try
        {
            System.out.println("Hello From Burp!");
            System.out.println("Request Item Details");
            System.out.println("Host: " + messageInfo[0].getHost());
            System.out.println("URL: " + messageInfo[0].getUrl());


        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }
}


After adding the content to your "BurpExtender" class you are ready to run the project for the first time. Click on "Run->Run" from the menu. You should see the following dialog asking how it should run your project:
Select "Java Application" and click "Ok". Next you should receive a dialog asking which application you want to run. Select "StartBurp - burp" and click "Ok":

You should now see the burp application running. Intercept a request in the application and right click on the request, you should now see an item in the menu named "Hello World."

When you click the "Hello World." menu button you should see some information about the request in your eclipse console window:

That's it, you now have setup your working development environment for building your own Burp extensions. The javadocs for the Burp Extender interfaces are available on the Extender web page:


More information
  1. Como Aprender A Hackear Desde Cero
  2. Hacking Web
  3. Paginas Para Hackear
  4. Tutorial Hacking
  5. Curso De Ciberseguridad Y Hacking Ético
  6. Hacking Websites
  7. Mindset Hacking Nacho
  8. Growth Hacking Libro
  9. El Mejor Hacker Del Mundo

Postado as 10:46 0 comentários  

Confinamiento

El café sabe amargo en mi taza de Winnie The Pooh. Podría haberle echado más azúcar, pero quiero que esté así, amargo. Cercano a como es en realidad. Cuando te vas haciendo mayor disfrutas más las cosas amargas. Las cosas que te traen un sabor a la boca menos dulce. Parece que disfrutas más de los matices menos camuflados de la existencia. Son más reales.

Figura 1: Confinamiento

El café sabe amargo, ya os lo he dicho. Podría haber elegido una taza de café "normal", pero entonces no cabría tanto. Y no quiero vivir la vida a sorbos. Y tampoco soy de pensar que solo hay una forma de hacer las cosas de manera "normal". Nunca lo he sido. Me gusta pensar que eso no es ser hacker. También podría haber sacado una taza de Star Wars, de las grandes, pero esas son de mi colección.

Me apego a recuerdos. A mis pequeñas cosas que cuando las miro con la realidad aumentada de mi mirada están llenas de historias vivas que danzan frente a mis ojos. En 3D. Con música envolvente. Son casa. Son refugio. Me gusta alejarme un poco de ellos para crear nuevos recuerdos. Solo un poco. Para volver a disfrutarlos más. Y los objetos y recuerdos que vienen conmigo son yo. Son parte de mí, fueran dulces o amargos.

El café sabe amargo, pero no es intenso. Me gusta americano. Largo de agua. Aguachirri. Como lo pido siempre cuando quiero café. Sin leche. Largo como mi jornada laboral. Largo y amargo. Largo como mi pasado. Largo, espero, como mi futuro. Para sentir la experiencia durante más tiempo. Solo un poco más. Nada dura para siempre salvo en la memoria donde el tiempo se pliega. Como en la película esa de "Origen". Un sueño dentro de otro. Recursivo como los algoritmos. No se acaba. Ni lo dulce ni lo amargo. Pero el sabor del café es amargo. Y no quiero vestirlo de algo dulcificado echando mucha azúcar. Un poco para hacerlo más llevadero, puede, pero no mucho más maquillaje. Quiero sentir las cosas como son. Que duelan si tienen que doler. Que amarguen si tienen que amargar.

Mis ojos ya no son lo que eran. Están más cansaditos. Empiezan a pedir tregua de tanta lectura. De tantas letras en pantallas. De tantos mensajes que releí. De tantas y tantas hojas luchando contra mis párpados. De mi cerebro ávido por captar más de todo lo que se ve y lo que no se ve. De tantas luces en aventuras galácticas. Series de superhéroes. O de zombies que decoran el paisaje o antihéroes que van a acabar mal porque toman malas decisiones constantemente intentando avanzar. O porque la serie ya comenzó en un psiquiátrico como declaración de intenciones de lo que nos esperaba por delante.

Mis ojos ya no son lo que eran. Me piden ayuda. Mis ojos. Y se la doy a dosis pequeñas. No quiero que se acomoden. Aún no. Quiero que peleen por descifrar el mundo con sus propias herramientas. Pero de vez en cuando los consuelo. Les echo un poco de azúcar. Dejo que se acunen sobre el cristal de unas lupas de lectura. Para que aguanten más. Para que me descifren el mundo unos minutos más antes de caer rendido en la negrura de la noche.

El día es gris. Igual que ayer. Igual que el otro domingo que hizo buen día. Lo veo desde aquí. Mi sitio es el mismo que llevo ocupando durante este último mes y algo. Un rincón de la existencia con una ventana por la que veo solo un poquito del mundo analógico cuando mi foco se relaja. Solo una esquina de la vida. Por la que miro mientras me amargo mi paladar con el sabor del café. Con las gafas puestas para leer esa presentación con números y letras pequeñitas. Es mi vida. Casi enteramente mi vida es esto ahora.

El día es grande. O será que yo me siento pequeño. Como seguro que te sientes tú. Porque es como si me escondiera. Me siento un poco azul. No. No lo tomes mal. No me disgusta el color. Ni el gris ni el azul. La vida no es solo sol. La vida no es solo color amarillo. No solo luz. El azul es bonito también. Me gusta su olor. Su tacto. Y acurrucarme un rato con una de mis muchas bolitas azules. Esas que tengo en la estantería. Cojo una un rato. Me abrazo a ella. Retozo en mi sofá acurrucándola. O mirando al cielo con mi taza de Winnie The Pooh.

Mi cerebro vuela. Por el cielo. Sé que pronto saldré a jugar con las bolas amarillas. Sé que volveré a salir al parque a jugar con mis amigos. A gritar. A dar abrazos y besos. A ver un partido de fútbol. A ir a escuchar a los poetas rasgar sus guitarras. A sudar. A escuchar los gritos. A pegar los chillidos. A destrozar las canciones por no saber cantar. A mezclar el rojo con el amarillo. A mezclar el amarillo con el azul. A trepar por el monte con mi bicicleta cual motivado. A escuchar la música mientras vagabundeo en soledad por el mundo. Ese al que solo viajo yo. Por otros países. A irme a retozar con Morfeo sin tener que pelear por ello. Correr a sus brazos sin hacer cola en la frontera.

Mis palabras se amontonan. Están ahí. Guardadas. Para ti. Para las cenas. Para las charlas. Para las confesiones. Para los reencuentros. Para cuando las quieras oír. Para cuando las puedas escuchar de mi voz. Para que no sea algo digitalizado. Para que sea el sonido que emito con mis cuerdas vocales directamente. Ese que conecta directo con el motor de mi cuerpo. Ese que escribe cosas que nadie lee. Que nadie escucha. Que nadie le dicta. El inventor de los sentimientos. El pintor de las bolitas.

Mis caricias te extrañan. En los confines de mis dedos. Las noto palpitar cuando golpeo con suavidad las teclas de mi teclado. Cuando escribo algo para nadie. Pidiendo salir. Pidiendo espacio para ellas. Para que no duelan los dedos al final del día por el repiquetear constante. Para que el cansancio no sea solo mecánico sino también cuántico. Para que los dedos se muevan como olas al compás de dunas de ese desierto inmenso en soledad que queda por recorrer. Una vez más. Lentas. Eléctricas. Quemando. Como un calambre que sube por mis antebrazos y enciende el tatuaje imaginario de las llamas que nunca me hice.

La vida sigue escribiendo grietas en mi cara con tinta indeleble. En los surcos de mi piel. Donde guardo lo importante. Las risas. Los recuerdos. Los anhelos. Los planes inconclusos. Los conclusos. Con todos los metadatos. Con los recuerdos que he querido convertir en yo. En casa. Lo mejor de historia, de física y química. De arte. O incluso de filosofía sobre la vida que iba a tener pero que nunca tuve.

Mi pasado se perdió en este futuro. Porque de los mil caminos del multiverso el premio cayó en otra línea temporal. Porque la banda cambió el setlist por el camino. Porque fallé el pie de una estrofa. Porque no afinamos la canción en el mismo tempo. O porque mi diapasón se rompió por usarlo tanto a tanta velocidad. Y cada día puedo leerlos con más intensidad. Cuando me miro al espejo. Las canciones que salieron al final para el elepé son las que tengo escritas en mis arrugas. Pero aún me queda discografía que componer. Ouh, yeah!

Mis huesos me gritan. Cuando subo o bajo una escalera. Cuando recuerdo los golpes en la cadera al caerme de los patines. Cuando me levanto de la silla para preguntarle al sol qué hora es. Cuando pienso en todas las veces que necesito caerme aún. Cuando me veo volando sobre una tabla. Cuando recuerdo la negrura que viene tras la rampa. Cuando me despierto de la oscuridad y me están cosiendo la cabeza. Con sangre en los ojos. Cuando pienso en que el dolor no existe cuando el golpe es suficiente certero como para abrirte la cabeza. Y te quedas en calma para siempre. Mis huesos malvados me gritan. A veces bajito. Otras como lo hago yo cuando necesito quemar energía. O echar fuera todo.

Mi alma no te ve. No sabe donde estás. No sabe dónde te escondes. Donde se mete la gente cuando se acaba la conferencia. Donde te vas cuando acabo mi charla. Cuando me quito el gorro. Cuando ya no tengo el micrófono conectado. Cuando las fotos se acabaron. Donde estas ahora que mi mundo es este café amargo. Esta ventana analógica al mundo. Este sorbo tan pequeño de lo que es vivir. Donde todos los recuerdos bonitos de este confinamiento son solo terciopelo.

Mi televisión llora. Cuando da las noticias. Cuando dan números y números. Curvas. Gráficas. Tendencias. Nunca pensé que las matemáticas pudieran ser tan dolorosas. Cuando yo me presentaba a subir nota en matemáticas si sacaba menos de un notable. Y tengo que limpiar la pantalla con un pañuelo. Porque si no limpias las lágrimas se enraízan y ya no salen como el rocío. Y se congelan. Y el hielo corta los órganos blandos del interior. Los que están cerca de tu corazón.

Solo queda batirse. Y resistir. Y volver al mundo que está ahí fuera. Al círculo de tus brazos. Al calor de esa botella de vino. A abrazar a mi mamá con fuerza. A celebrar los cumpleaños, los santos, los acontecimientos que nos hemos saltado. A caerse al suelo y hacerse una herida en la rodilla tropezándose al correr lejos, muy lejos. A abollar el mundo saltando. A tumbarse exhausto al descender de la bicicleta por el calor, y meterse en una fuente para refrescarse del calor. A sentir cómo se te cuartea la piel con el aire y el sol de la montaña. A bucear buscando peces en mar. A chocar unas cervezas al aire con unos amigos en la barbacoa.

Saludos Malignos!

Autor: Chema Alonso (Contactar con Chema Alonso)



Sigue Un informático en el lado del mal RSS 0xWord

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com
More articles

  1. Car Hacking
  2. House Hacking
  3. Growth Hacking Libro
  4. Retos Hacking
  5. Hacking System
  6. Hacking Forums
  7. Hacking Raspberry Pi

Postado as 03:01 0 comentários  

How To Track Iphone Without Them Knowing

sábado, 25 de abril de 2020

Few feelings are as stomach-sinkingly awful as the thought of losing an expensive new iPhone. Whether you left it on the bus or someone slid it out of your back pocket, we put so much store in our phones that their loss leaves is saddened and angered. Most of us keep at least copies of everything in our lives on our phones, from personal conversations to emails, 


To say nothing of all our personal information and social media accounts. Of course there are security measures in place, but nobody wants to risk having all that information fall into the hands of the wrong people. In this article, I will show you how to find a phone that has been lost, whether your own phone or the phone of a friend or family member.

Can you track an iPhone without them knowing?

First off, hopefully you activated the Find My Phone feature of your iPhone when you still had it in your possession. Secondly, if your phone doesn't have service (and thus a connection to the Internet) or if you don't have iCloud set up, then these solutions are not going to work for you. Unfortunately phone technology is advanced but it isn't magical; if your phone isn't talking to the network or if you haven't turned on Find My Phone, then unfortunately the technological solution is probably not going to work. (Seriously. If you have possession of your phone(s) then stop reading this article, pick up your devices, go to Settings and select "Find My Phone" (iPhone) or "Find My Device" (Android) and make sure they are toggled on. TTjem upi cam dp ot/"

Without further ado, let's find your phone!

Can I Tell if Someone is Tracking my iPhone?

 

image1-3

Usually yes, if someone is using the "Find my Phone" feature, it will be displaying things on the iPhone screen. Thankfully, "Find My iPhone" comes pre-loaded on all phones with iOs 9 or newer. "Find my iPhone" is the gold standard when it comes to locating your lost iPhone. The service is integrated as part of iCloud. Here's how to use it to find your missing iPhone then track down your phone's exact location.

Step 1: Open up the "Find My iPhone" on a different device

It doesn't matter if you decide to use your iPad, your laptop, or a friend's iPhone – you can run the Find My Phone app fr0m Mac. You can use the Find my Phone app.

If you are using an Apple product like another phone or an iPad, you can simply click on the app.

If you are using a computer (even a Windows PC will work), go to icloud.com then click on the "Find iPhone" icon. Once you've clicked on the "Find iPhone" icon the website process and "Find my iPhone" app process are the same.

Step 2: Input Your Apple ID Credentials (they are the same as your iCloud info)

Since you are not using your phone, you won't be automatically logged in.

Once you log in to the app, select the "All Devices" drop-down option and then find the device that you want to locate.

Step 3: Once You Select Your Phone, Options Will Appear

As soon as you select your device on the page, iCloud will begin to search for it. If the search is successful, you will see your device on a map, pinpointing it's location. Before you sprint out the door to get it, there are some other options you should take a look at.

Once you select your device you will have three additional options in addition to seeing your phone's location. These options are playing a sound, activating "Lost Mode" and erase the phone.

Playing the sound is a great way to find your phone if you lost it somewhere around your house. If you click the option, an audio alert will go off on your phone which will hopefully help you find it. The alert will sound like a loud pinging noise alerting you that your phone is at home with you and not at the coffee shop you just visited. If you hear the pinging sound then you'll quickly find your phone by just following the sound.

When enabled, Lost Mode will lock your phone with a passcode and will display a message of your choice. This can either ensure it will be safe until you can find it, or will alert the thief what you expect of them and that you know where they are. This mode can also enable location services on your phone too.

However, if things have gone too far and you think there is a very slim chance you will ever get your device back – perhaps your phone has already crossed an international border – the best course of action is to simply erase it. Yes, this is giving up, but it also prevents your personal information getting into the hands of someone who could abuse it.

If you follow these steps, you should have your phone back in your pocket in no time. 

Is there an app to track someones phone without them knowing?

maxresdefault-11

What if you're looking for someone else's phone? I'm sorry to burst your bubble, but you are not allowed to track someone else's phone without their knowledge. While there are supposedly apps that you can install on a target's phone to track it and keep tabs on what they are doing on it, that is completely illegal and immoral. In addition to the moral issue, there is the practical fact that they could find the app which could lead to a very awkward situation, possibly one involving the police.

However, there are times when you want to find a friend's phone and you have a legitimate reason, and (the important part) they have given you permission to find it. Just as when you were looking for your own phone, there is an app that can help you find the phones of your friends and family with ease. The "Find My Friends" app used to be an extra download, but now it comes with iOS, so if your friends have ever updated their phone, they should have it.

"Find My Friends" is an app that basically allows you to share your location with others and vice versa. It can be great for keeping track of where your kids are, knowing what your significant other is doing, or just keeping tabs on your friends. It can also help them find a lost phone (as long as you have "Shared Locations" with them). Here is how to set it up:

Step 1: Open the app on your phone and the phone of the person you want to be able to share locations with.

Step 2: Click your profile in the bottom left of the screen.

Step 3: Enable "Share My Location" and make sure AirDrop is enabled on your own phone.

Step 4: From there, your friends and family will be able to search/add you to share your location with them and vice versa. You each will need to accept the "Shared Location" request from the other. Now, you can just click on their profile in the app and keep track of them.

As you likely realized while reading this article, it is a much better idea to be proactive than reactive when it comes to tracking phones. If you set up "Find My iPhone" and "Find My Friends" before your phone gets stolen or lost, it will save you a lot of potential hassle down the road. While it may be a bit worrisome to have someone be able to see your location at all times, it can really save you once your phone goes missing and you need to track it down. It is obviously best to pick someone who you trust not to take advantage of the information an app like "Find My Friends" can provide them.

No one deserves to have their phone stolen or go missing, but thankfully, there are some ways to find it, or at least have the information deleted. Hopefully, this guide helped you be able to find your phone or the phone of your friends and family, or at least prepared you for when it may happen.

If you have other ways of finding a lost phone, please share them with us below!

@EVERYTHING NT

Read more


Postado as 19:06 0 comentários  

How To Start PHP And MYSQL | The Best Server For PHP And MYSQL | Tutorial 1


Many of people want to start PHP programming embedded with MYSQL databases concepts. So i thought that I should start a series about PHP and MYSQL. So in this series of video tutorials you exactly got the content about PHP and MYSQL.

As PHP is server side scripting language. So it requires a server to get execute over the web browser. First of all you have to download and install a server that may be XAMPP, WAMPP or LAMPP. I'm using XAMPP server in the tutorials. So if you wanna follow me then download a XAMPP server. I'm using this because it has a good interface to work  and it's really simple. XAMPP is compatible with windows, MAC and Linux operating as well. WAMPP is only for windows and LAMPP is used for MAC and Linux operating system. So i prefer XAMPP for this series.

How to create Database

Step 1:

Open Your XAMPP control panel and start Apache and Mysql services.

Step 2:

Go to your Web browser and type "localhost/phpmyadmin". It will open your databases area. If you have an error then your services are not in running state. If you have any error then comment below.

Step 3:

Click over the "new" to create a new database.

Step 4:

Write Database_Name and click over the Create button. For example Facebook, Students etc.

Step 5:

Write Table_Name like admin, users etc. your can increase and decrease the size of rows. Click over Save/Create button.

Step 6:

Write your Attribute_Names in first column like Username, Email, Passwords etc. In the next data type column you have to select the data type whether it is integer or string type etc. In the next column you have to set the length of string/words.

Step 7:

If you wanna go through with a Primary_Key. Then just you have to checked the Auto_Increment box as you will shown in the video. For further watch the video for better understanding. 



 VISUAL FEATURES 

This tool has a visual crawler. Normal crawlers doesn't parse the ajvascript, this tool does. The visual crawler loads each link of the web site, rendering the html and executing all the javascript as a normal load, then the links are processed from he DOM and clicked.
A visual form cracker, is also available, althow is experimental and only works on some kind of forms.


 SCANNING FEATURES

The web-fu's portscanner, has a database of a common web ports, like 80,81,8080 and so on.
The cracker module, can bruteforce web directories to find new attack vectors, and can fuzz get and post parameters for discovering vulns, and also crack passwords. There are 9 preloaded wordlists, and you can also load a custom wordlist. Prefilters, falsepositive reductor and render will be helpful. The scanners support SSL, if the website can be loaded in the chrome, can be scanned by web-fu.


ENCODERS & DECODERS

The supported encoders and decoders are: base64, urlescape and urlencode


OTHER FEATURES

A web notepad is available, saving the information on the browser localStorage, there is one notepad per site. A cookie editor is also very useful for pentesting. The inteceptor, is like a web proxy but from the inside of the browser, you can intercept a request There is also a session locker and a exploit web search.


CHROME STORE 
Here is the link to the chrome store, the prize is about one euro, very cheap if you compare with other scanners: Web-Fu on Chrome Store


 With webfu, you will do the best web site pentest and vulnerability assessment.


More information


Postado as 23:39 0 comentários  

HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

Everything over the internet is secured by the passwords. You need a login to do any stuff on any social or banking website. Passwords are the first security measure for these type of websites. So, I brought a tutorial on how to hack such sort of login passwords. This tutorial is based on credential harvester attack method. In which you will know about hacking passwords using credential harvester attack method.

HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

REQUIREMENTS

It's very simple and easy to follow. Before you start, you need the following things to work with.
  1. Kali Linux OS
  2. Target Website

STEPS TO FOLLOW

  • Run the Kali Linux machine. If you have not Kali Linux installed, you can grab a free copy and install it as a virtual machine. You can learn more about Kali Linux VirtualBox installation.
  • Sign in to Kali Linux by entering username root and password toor.
  • As you'll sign in, navigate to the Applications > Social Engineering Tools > Social Engineering as shown in the following screenshot.
  • Now you will see the different options. You have to choose Social Engineering Attacks by simply entering its number in the terminal. Once you do it, it will show a few options further. Simply choose Website Vector Attack by putting its number.
  • Website vector attack will show up it's a different type of attacks. We are going to use Credential Harvester Attack.
  • Choose the Site Clone option. As you do it, it will ask for your public IP address. Just open up a new terminal and type ifconfig. It'll show the public IP. Just copy it and paste in the previous terminal as shown in the following screenshots.
  • After we do it. Enter the target website of which passwords you want to hack. Make sure to use a website that has username and password on the same page.
  • All done now. As someone opens up the browser on the public IP we specified, it'll show up the website that we entered in the previous step. Now as someone enters their username or password, it will be captured in the terminal.

That's all. If you're not clear yet. You can watch the following complete video tutorial on how to do it.

More information


  1. Hacker Tools Apk Download
  2. Ethical Hacker Tools
  3. Best Pentesting Tools 2018
  4. Pentest Tools Online
  5. Tools 4 Hack
  6. Pentest Tools Online
  7. Game Hacking
  8. Hacker Tools Software
  9. Hacking Tools For Kali Linux
  10. Pentest Tools Find Subdomains
  11. Hacking Tools
  12. Hacking Tools And Software
  13. Hacking Tools And Software
  14. Pentest Tools Apk
  15. Pentest Tools Bluekeep
  16. Hacking Tools For Windows Free Download
  17. Hacking Tools Usb
  18. Best Pentesting Tools 2018
  19. Pentest Tools Bluekeep
  20. Pentest Tools Free
  21. Pentest Tools List
  22. Blackhat Hacker Tools
  23. Hacking App
  24. Nsa Hacker Tools
  25. Hacking Tools Usb

Postado as 19:48 0 comentários  

Assinar: Postagens (Atom)