Nov 18, 2011

Jailbreak 5.0.1 For iPad, iPod Touch, iPhone

1. Download the latest version of Redsn0w (0.9.9b8) for Windows or Mac.
2. Run Redsn0w and select "Extras".
3. Click on "Select IPSW", browse to where your iOS 5 firmware is and select appropriate firmware file for your iDevice.
4. Go back and then hit "Jailbreak".
5. Select "Install Cydia", hit "Next" to put your device in DFU mode and then Redsn0w will apply the jailbreak.
6. After everything is complete, you will be reminded to boot tethered the device.
7. Now click on "Back" on the Redsn0w screen, select "Extras" and then "Just Boot". (You will need to perform this action every time your device is switched off or rebooted)
8. Follow the instructions to put your device in DFU mode again
9. Wait till your device is rebooted, and it's done.


If you like my blog, Please Donate Me

Nov 16, 2011

Howto: How to downgrade 5.0.1 to 4.3.3 / 4.3.5 - iPhone 4, 3GS, iPod Touch 4G, 3G, iPad:

Step 1: Make sure that you have downloaded the version of iOS which you gonna downgrade to (4.3.5, 4.3.3 or any iOS version), you can download any iOS firmware from our library - Click Here.

Step 2: Navigate to :
Windows Users:
Windows > System 32 > drivers > etc
Mac Users :

Open hosts file with the text editor then add the following code to the end of the file :

Alternatively: Use TinyUmbrella to make iTunes look at Cydia's Server in the Advanced options.

Step 3: Plug your iOS device and switch it off

Step 4: Put your iOS device in DFU mode (If you don't know how to put your device in DFU mode - Click Here)

Step 5: Select the firmware you gonna downgrade to manually to restore your deice. (Shift on Windows, and option on a Mac)
iTunes will till you that it will talk to Apple servers but actually it will talk to Cydia servers.

Step 6: You may receive 10xx error, but don't worry, this is normal and has a quick fix - Click Here to fix such errors.

If you like my blog, Please Donate Me

Nov 13, 2011

Traceroute-like HTTP scanner

If you want the script and the detail and example of this topic, please go to the Source.

During some recent pentests, I used the "Max-Forwards" trick to identify some "hidden" reverse HTTP proxies. My customers were surprised by the information found and asked me a copy of the tool. I then choose to take some time to polish and release it. Btw, thanks to Julien Cayssol for the initial versions !

Some background information about the Max-Forwards trick ... The RFC 2616 (HTTP/1.1) and 3261 (SIP) define this HTTP header (resp. in section 14.31 and :

14.31 Max-Forwards

   The Max-Forwards request-header field provides a mechanism with the
   TRACE (section 9.8) and OPTIONS (section 9.2) methods to limit the
   number of proxies or gateways that can forward the request to the
   next inbound server. This can be useful when the client is attempting
   to trace a request chain which appears to be failing or looping in

       Max-Forwards   = "Max-Forwards" ":" 1*DIGIT

   The Max-Forwards value is a decimal integer indicating the remaining
   number of times this request message may be forwarded.

   Each proxy or gateway recipient of a TRACE or OPTIONS request
   containing a Max-Forwards header field MUST check and update its
   value prior to forwarding the request. If the received value is zero
   (0), the recipient MUST NOT forward the request; instead, it MUST
   respond as the final recipient. If the received Max-Forwards value is
   greater than zero, then the forwarded message MUST contain an updated
   Max-Forwards field with a value decremented by one (1). Max-Forwards

   The Max-Forwards header field MAY be ignored for all other methods
   defined by this specification and for any extension methods for which
   it is not explicitly referred to as part of that method definition.

   The Max-Forwards header field serves to limit the number of hops a
   request can transit on the way to its destination.  It consists of an
   integer that is decremented by one at each hop.  If the Max-Forwards
   value reaches 0 before the request reaches its destination, it will
   be rejected with a 483(Too Many Hops) error response.

   A UAC MUST insert a Max-Forwards header field into each request it
   originates with a value that SHOULD be 70.  This number was chosen to
   be sufficiently large to guarantee that a request would not be
   dropped in any SIP network when there were no loops, but not so large
   as to consume proxy resources when a loop does occur.  Lower values
   should be used with caution and only in networks where topologies are
   known by the UA.

But this is RFC, not a real life implementation. In fact, the TRACE method is often blocked at the perimeter and we need some smarter ways to identify the reverse proxies. Given my experience, using the TRACE and GET methods is in most cases sufficient to collect weird behaviors. These behaviors are then checked against a few heuristic rules in order to calculate a score. A score greater than zero indicates a possible reverse proxy.


If you like my blog, Please Donate Me