Friday, 20 June 2014

WOW! FRIDAY Network Club was RAD!

Minds blow by Friday Network Club. we’re learning all about some sweet networking tools and tricks. Thanks Samy!


“so many insecurities. and, so many people haven’t thought of. you should think about this.” –Samy



next time:

fuzzing

transparent mitm


start here:

http://ift.tt/pAgGCj
airport -s is sweet for osx. find it here:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport

oui database for mac addresses to vendor

xss bugs in routers

google

cross site scripting via iframes

to find you without location check

google can still find you without the street view cars

androids might be sniffing locations

enter ssl man-in-the-middle (mitm)

tcpdump

understand this: http://ift.tt/PpJV4y

fire sheep came out to force everyone to start using ssl and browsers started making things trickier. enter charles. charles will create a cert.

CAs in your phone keep you from mitm. you can install your own charles cert:

http://samy.pl/x.crt
great public dns 8.8.8.8

sudo tcpdump -i en0 -n port 53

nslookup chase2.com

hub we see everything

arp spoofing will allow you to see other wireless traffics

arp -na

apple is tracking your ass every time you are on a network:

http://ift.tt/16n3eEv
starbucks is always att-wifi

setup your pc to act like ssid: att-wifi with a second wifi card and sharing

nothing is secure. just assume it.

ngrep is network grep

ngrep -d en1 crashspace

-x hex

be mindful of the datatype / encoding

and regex! cr.shsp[aei]\w

nslookup blog.crashspace.org

http://samy.pl/3.pl to convert to 3

arpspoof via dsniff

perl imll of cross platform networking and injection:

http://samy.pl/packet
checkout arp requests

sudo tcpdump -i en0 arp

nmap as port scanner. ping everyone:

nmap -sn 172.16.16.0/24

view raps

arp -na|grep -v incomplete

send arp to spoof router

use ipfw (available on all os)

http://ift.tt/1lUCR9r
find other super cool stuff for this and productivity

http://samy.pl/tools
learn a shit load from TCPIP illustrated volume 1

arm frame and dive into rfcs with google

arpspoof -i en -t 172.16.16.143 172.16.16.1

prevent with static arp routes

pcap files record packets. the ngrep can read em later. or you can replay them.


homework: redsocks






from SpaceBlogs http://ift.tt/1lUCR9x

via IFTTThttp://ift.tt/eA8V8J

No comments:

Post a Comment