Archive for the 'Privacy' Category

browserrecon - Passive Browser Fingerprinting

Published at May 15, 2008 in Privacy, Hacking Tools and Web Hacking. Comments

Most of todays tools for fingerprinting are focusing on server-side services. Well-known and widely-accepted implementations of such utilities are available for http web services, smtp mail server, ftp servers and even telnet daemons. Of course, many attack scenarios are focusing on server-side attacks.

Client-based attacks, especially targeting web clients, are becoming more and more popular. Browser-targeted attacks, drive-by pharming and web-based phishing provide a broad aspect of threats during surfing in the world wide web. Attacker might initialize and optimize their attacks by fingerprinting the target application to find the best possible way to compromise the client.

The browserrecon project is going to prove, that client-side fingerprinting is possible and useful too. In this particular implementation, currently available in php only, the given web browser is identified by the used http requests. Similar to the http fingerprinting provided within httprecon the header lines and values are analyzed and compared to a fingerprint database.

The current release of browserrecon is written in PHP. Therefore, you might be able to use browserrecon on a web server supporting PHP. If you want to include browserrecon in a given web application, the software has to support PHP itself or a fork of the PHP scripts.

You can download browserrecon here:

browserrecon-1.0-php.tar.gz

Or read more here.

Technorati Tags: , , , , , , , , ,

Metagoofil v1.4 Released - Metadata and Information Gathering Tool

Published at May 12, 2008 in Privacy, Hacking Tools and Web Hacking. Comments

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available on the target/victim website.

It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn and so on. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network names, shared resources etc.

This new version extracts MAC address from Microsoft Office documents. Now you can have an idea of what kind of hardware they are using.

All this information should not be available on the net, but most of the companies don’t have policies about information leaking… and most of them don’t know this information exists. So you can show them what information an attacker can obtain, with this simple technique.

You can download Metagoofil v1.4 here:

MetaGooFil 1.4 (tar) (20/04/2008)

Or read more here.

Technorati Tags: , , , , , , , , , ,

Data Leakage Bug in Mozilla Firefox Confirmed

Published at January 28, 2008 in Privacy, Articles and Vulnerabilities & Exploits. Comments

It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.

It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).

It’s rated as low risk, but it can give away the existence of files (if the attacker knows the name and location).

The bug resides in Firefox’s chrome protocol scheme and allows for a directory traversal when certain types of extensions are installed. Attackers could use it to detect if certain programs or files are present on a machine, gaining information to use in perpetrating another, more malicious exploit.

Normally, Firefox’s chrome package is restricted to a limited number of directories, but a bug in the way it handles escaped sequences (i.e. %2e%2e%2f) allows attackers to escape those confines and access more sensitive parts of a user’s computer. The exploit only works if a user has made use of Firefox extensions that are “flat,” this is, those that don’t package their files in a jar archive. Examples of flat add-ons include Download Statusbar and Greasemonkey.

You can protect yourself by using NoScript, which I would guess most of you guys are using already.

The open bug can be found here.

Source: The Register

Technorati Tags: , , , , , , ,