Pages

iPhone used as a keylogger

0 comments

I think you shocked like me.Ya i am also shocked when i am know about it.A team of researcher said that he discovered a way to log keystrokes from computer simply by placing an iPhone 4 near a user's keyboard and monitoring the keyboard's vibrations.So it is not wrong to say iPhone is a 'Spiphone' .

The team at Georgia Tech used the accelerometer in an iPhone 4 to sense keyboard vibrations and determine what was being typed, without any connectivity to the user's computer or peripherals.Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers", the researchers could decipher complete sentences with up to 80 per cent accuracy.




"The way we see this attack working is that you, the phone's owner, would request or be asked to download an innocuous-looking application, which doesn't ask you for the use of any suspicious phone sensors," said Henry Carter, a PhD student in computer science, and one of the study's co-authors. "Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening."

But i am not say clearly because since March 2011,Mohamed Hassan, founder of NetSec Consulting, said he discovered StarLogger software on Samsung laptops with model numbers R525 and 540 after running security scanning software on the systems. But Samsung says Keylogging claims false.




Burp-Attacking Web Application

3 comments

Burp Suite is an integrated platform for attacking web application.It contains many tool with numerous interface between them designed to facilitate and speed up the process of attacking an application.Generally, to test an application, you want to slow down the transmission of data to and from the server to a snail’s pace so you can read and modify the transmitted data; hence
the proxy.

proxies were capable of slowing down the connection in only the outbound direction and as such, a user could only alter the information being transferred to the server; however, that’s only part of the equation when analyzing a Web application.

Sometimes you want to be able to modify the incoming data. For example, you might want to modify a cookie so that it doesn’t use HttpOnly, or remove a JavaScript function. Sometimes you just want a bidirectional microscopic view into every request your browser is making. And then Burp Proxy come in work.



Burp Proxy is part of a suite of Java tools called Burp Suite that allow for Web application penetration.

For Download Burp Suite Click Here



To get started, you need the Java run time environment installed, which you can get from Java.com’s Web site. Once that is installed you modify your proxy settings in your browser to use localhost or 127.0.0.1 at port 8080.I am given a example of Mozila Browser,here set your settings like below picture and work...



After set Mozila Configuration then open the Burp Suite please remember Burp Suite is a executable ZAR file so for run this it is necessary you also install JAVA run time environment.

The Intercept and Options windows are the most important ones that we will be focusing on. First let’s configure Burp Proxy to watch both inbound and outbound requests. Under “Options” uncheck resource type restrictions, turn on interception of Server Responses, and uncheck “text” as a content type.This will show you all of the data to and from every server you connect to.
Summary is make your Burp Suite Settings like below pic...



NOTE
This is also a good way to identify spyware you may have on your system.

Once this has been configured, you should be able to surf and see any data being transferred to and from the host.This will allow you to both detect the data in transit and modify it as you see fit. Of course any data you modify that is sent to your browser affects you and you alone, however, if it can turn off JavaScript client side protection this can be used to do other nefarious things, like persistent XSS, which would normally not be allowed due to the client side protections in place. Also, in the days of Asynchronous JavaScript and XML (AJAX), this tool can be incredibly powerful to detect and modify data in transit in both directions, while turning off any protection put in place by the client to avoid modification by the browser.

When You Enter a site name in browser and click on 'forward' button then it given lot of information about your site like below picture...



You are also capable to watching the Cookies and remove it manually by going on Proxy>>Intercept>>Params like below pic...



For watch information in Hex code then click on 'hex' like below pic...



if you wanted to find only XML files for debugging AJAX applications, a Burp proxy rule can be created to capture just this information.



By use of this Tool you able to doing many attack like XSS,MIMA and many more.It just only the intro of BURP SUITE If You want Complete Knowledge of all tool of Burp like how to find USERNAME AND PASSWORD BY USE OF THIS TOOL so please given your GOOD COMMENT.Your Good Comment Encourage me for write New post on BURP.


Related Posts Plugin for WordPress, Blogger...

Hackarde's Search Engine- Search Hacking Tutorial,Tool and eBook

Loading
 
HACKARDE © 2011 | Designed by HrDe