Jun 28, 2012

DNSCrypt - encrypts DNS traffic between your computer and OpenDNS

DNSCrypt, as its name suggests, encrypts DNS traffic between your computer and OpenDNS, in the same way SSL turns HTTP traffic into HTTPS encrypted traffic.

Initially, DNSCrypt was announced as being available for Mac only for now, but according to an OpenDNS article posted yesterday, the source code for DNSCrypt was published on GitHub when they've released the Mac preview and even though there's no user interface yet, Linux users can already install DNSCrypt.

Why use DNSCrypt?

DNSCrypt encrypts all DNS traffic between your computer and the OpenDNS servers (so you'll be using OpenDNS) and can protect you from man-in-the-middle attacks, spying, resolver impersonation, can prevent Internet service providers from blocking various websites and more.

This is the first tool that encrypts DNS traffic - for instance, TOR encrypts DNS requests, but they are decrypted at the exit node.

    It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers.

You can read more about DNSCrypt @ OpenSND DNSCrypt page and on GitHub.

How to use DNSCrypt in Linux

Download DNSCrypt, install it and then run the following command in a terminal:

sudo /usr/sbin/dnscrypt-proxy --daemonize

Then set your DNS server to "" - to do this under GNOME, go to your Network Connections and select "Edit" and enter "" under "DNS servers". If you are using DHCP, just select "Automatic (DHCP) addresses only, so you can enter a DNS server. Then, restart your network connection.

You can then check if you're using OpenDNS by visiting THIS link.

To get DNSCrypt to start automatically, you must create an init script. For Ubuntu, see below.

Arch Linux users can install DNSCrypt-proxy via AUR (it includes an rc.d script).

DNSCrypt in Ubuntu

To make DNSCrypt start automatically in Ubuntu, I've created an Upstart script which you can use if you want - download it.

Update: Because in Ubuntu 12.04 there is a local DNS cache running on (dnsmasq), I've updated the script to make DNSCrypt use, so you should add "" as your DNS and not "" if you're using this script (for any Ubuntu version). Thanks to zzecool for testing it in Ubuntu 12.04!

To install the script, use the commands below (firstly extract the downloaded archive):

sudo cp dnscrypt.conf /etc/init/
sudo ln -s /lib/init/upstart-job /etc/init.d/dnscrypt

And finally, start it with:

sudo start dnscrypt

DNSCrypt should now start automatically when you boot. To stop it, you can use:

sudo stop dnscrypt

Download DNSCrypt (.deb, .rpm and source code available)

Source: http://www.webupd8.org/2012/02/encrypt-dns-traffic-in-linux-with.html

If you like my blog, Please Donate Me

Webhoneypot - Web Application Honeypot

DShield.org is offering this honeypot for users to capture automated web application exploits. It is a very simple "semi interactive" honeypot implemented in PHP. 

Source: https://code.google.com/p/webhoneypot/

If you like my blog, Please Donate Me

Jun 26, 2012

WordPress Application Firewall. Protects against current and future attacks.

WordPress Application Firewall. Protects against current and future attacks. Email notification is disabled by default, notification can be activated and configured in Settings > WP WAF. Go to your WP WAF configuration page.

Source: https://wordpress.org/extend/plugins/wp-waf/

If you like my blog, Please Donate Me

finddomains - discovering domain names/web sites/virtual hosts

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

I have prepared this tool by starting with Bing API 2.0 code sample.

In order to use FindDomains :

    Create an appid from "Bing Developers", this link.
    It'll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
    When you have registered an appid, enter it to the "appid.txt" which is on program directory.  

Source: https://code.google.com/p/finddomains/

If you like my blog, Please Donate Me

BoNeSi - the DDoS Botnet Simulator

If you want to see demo video of this tool, please go to the Source.

BoNeSi, the DDoS Botnet Simulator is a Tool to simulate Botnet Traffic in a testbed environment on the wire. It is designed to study the effect of DDoS attacks.

What traffic can be generated?

BoNeSi generates ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). BoNeSi is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured.

What makes it different from other tools?

There are plenty of other tools out there to spoof IP addresses with UDP and ICMP, but for TCP spoofing, there is no solution. BoNeSi is the first tool to simulate HTTP-GET floods from large-scale bot networks. BoNeSi also tries to avoid to generate packets with easy identifiable patterns (which can be filtered out easily).

Where can I run BoNeSi?

We highly recommend to run BoNeSi in a closed testbed environment. However, UDP and ICMP attacks could be run in the internet as well, but you should be carefull. HTTP-Flooding attacks can not be simulated in the internet, because answers from the webserver must be routed back to the host running BoNeSi.

How does TCP Spoofing work?

BoNeSi sniffs for TCP packets on the network interface and responds to all packets in order to establish TCP connections. For this feature, it is necessary, that all traffic from the target webserver is routed back to the host running BoNeSi

How good is the perfomance of BoNeSi?

We focused very much on performance in order to simulate big botnets. On an AMD Opteron with 2Ghz we were able to generate up to 150,000 packets per second.

Are BoNeSi attacks successful?

Yes, they are very successful. UDP/ ICMP attacks can easily fill the bandwidth and HTTP-Flooding attacks knock out webservers fast. We also tested BoNeSi against state-of-the-art commercial DDoS mitigation systems and where able to either crash them or hiding the attack from being detected.  

Source: https://code.google.com/p/bonesi/

If you like my blog, Please Donate Me

Jun 25, 2012

Portsplit - Use multiple service in the same port.

Simple TCP port multiplexer (or "port splitter").

Just run "make" to compile. Binary will be in
"src" directory.

See example config file in examples directory.
Source: https://github.com/kheops2713/portsplit

If you like my blog, Please Donate Me