Jan 3, 2015

Tools: Hyperfox - Proxy for recording HTTP and HTTPS

Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN.

Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key (both provided by the user). If the target machine recognizes the root CA as trusted, then HTTPs traffic can be succesfully intercepted and recorded.



Source:: https://hyperfox.org/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: iDict - iCloud Dictionary Tool

Disclaimer: Do whatever you want with this code as long as you give me credit (@Pr0x13) 
Check and make sure its legal in your country to use this tool before doing so.
I'm not responsible for any damage done whatsoever to anyones iCloud account or iDevice.
I Didn't exploit any accounts while writing this, as well i didn't even test it out (Hope it works lol).
I merely observerd and reported.


Install:
Put in HtDocs Folder in your Xampp installation.
Install cUrl for your OS
Navigate to http://127.0.0.1/iDict/ in your web browser (preferably Firefox, Chrome, or Safari).
Wordlist.txt is from iBrute and it satisfies iCloud password Requirements
It's been reported if icloud server responds with an error restart xampp or your computer



What is this?
A 100% Working iCloud Apple ID Dictionary attack that bypasses 
Account Lockout restrictions and Secondary Authentication on any account.


                                                                      

What this isn't:
A bypass or fully automated removal




Why? 
This bug is painfully obvious and was only a matter of time before it was 
privately used for malicious or nefarious activities, I publicly disclosed it so apple will patch it.


@Pr0x13 
 
Source:: https://github.com/Pr0x13/iDict 




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 29, 2014

Tools: List of Open Source Static Code Analysis Security Tools

Multiple Languages
- VisualCodeGrepper(http://visualcodegrepp.sourceforge.net/)
- YASCA
Java
- OWASP LAPSE+
PHP
- RIPS
- DevBug
C/C++
- FlawFinder
- CPPCheck
Ruby on Rails
- Brakeman

Source:: https://www.checkmarx.com/2014/11/13/the-ultimate-list-of-open-source-static-code-analysis-security-tools/
 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.