Tuesday, January 10, 2012

Android network sniffing

The problem with android is that: until now, there hasn't been any Android device that can put its WiFi chipset on monitoring mode. It's a downside especially if you wanted to collect packets from open WiFi network or just to crack encrypted ones. The other problem is that: you need to root your device in order to get sniffers to work. So if you already did the latter, you may find the rest of the post interesting.

Some Android apps achieved to manage sniffing packets, like Shark for root, but that will let you gather only your device's packets data. So, what is needed next, is, an app that can induct ARP poisoning to re-direct packets from the network to your device; few applications succeeded in to bringing this to reality like FaceNiff and DroidSheep. I tried DroidSheep and it worked very well, it even has the ability to capture packets that look interesting such as login information and cookies and then present it to you. It still doesn't work with https, unless one day the developer decides to add SSL spoofing to it.
The only way to download DroidSheep is from its maker's site, since Android Market had it removed for breaking its rules.

Finally, you need to be cautious if you wanted to do ARP poisoning on networks that are not yours, since lots of them are protected against that attack and they warn users if it happens. Adding to that DroidSheep maker had created another application to test the network for ARP poisoning, that application is called DroidSheep Guard, the developer claims it works on non-rooted devices; I haven't tested DroidSheep Guard yet, but I think if you are paranoid about using public WiFi-s you may give it a try.

Labels: , , ,

Smilar pages

Tuesday, June 14, 2011

Ettercap in action - old memories

I just pulled an old video that I made while messing around with ettercap years ago. So I decided to upload it on youtube and post the link here.

Smilar pages

Thursday, March 17, 2011

Yahoo Messenger with voice on Android

If you have ever wondered how to get a yahoo messenger that supports voice on android, you can either go to Android Market and search for it; which did not work for me! or download the apk files.

You need two files, the first one is the newest(at the moment) yahoo messenger, and the second one the matching version voice and video calling plugin.

P.S.: It's been tested on Archos 70 with Android OS 2.2(Froyo).

Labels: , ,

Smilar pages

Sunday, September 05, 2010

32-bit vs 64-bit Ubuntu Lucid Lynx

I have been hesitating for months about using a 64-bit equivalent of my trusted old 32-bit Ubuntu, I tried the switch once with my HP Compaq 6720 (6720s) laptop, but it wasn't successful at any level, because there seemed to be an issue with its hardware that made using the two CPU cores at the same time impossible, so I had to login using the command

which essentially turns off the full utilization of my Core 2 Duo CPU. Dropping all the processing load on one core, which degraded the overall performance significantly. Using different kernel releases for Ubuntu Lucid Lynx did not address the problem.

I gave the switch another thought when I got the the HP Compaq 6910 (6910p) laptop. 64-bit processing worked flawlessly from the boot disks, which inspired the idea of doing a benchmark to see what the magnitude of the difference in performance between the two releases.

One factor that can confound the results is access to memory as in 32-bit platform, the operating system was unable to access the full available memory (4 GiB), and was limited to 3 GiB accessible by the 32-bit addressing.

I repeated every test three times so as to give some range of accepted values:

Test I: Boot speed (Less is better)

I used the live disks for the purpose of testing, so the installed drivers and/or software wouldn't affect the results and would spare me the hassle of installing and reinstalling everything twice.

content="OpenOffice.org 3.2 (Unix)">

Test II: Compression (More is better)

I used the benchmark option for 7z compression algorithm (LZMA) for the purpose of comparison.

The compression and decompression numbers are plotted below.

Test III: Super Pi test (Less is better)

I used same copy of System Stability Tester version 1.1.0. This program divides to obtain the value of Pi until it has x number of decimal places, in first case x was 128,000 ie 128k and the time required to achieve it is plotted at the x-axis, for three tries.

For the second and to show the magnitude of difference, I used 1 MiB as the number of spaces.

1 MiB test (1 try)

This comparison only means if you have 4 Gigs of RAM and are using 32 bit, its is better to use 64 bit system if it doesn't break on your system due to drivers/stability issue. This is NOT a fair comparison, as the memory accessed by the 64 bit system is more by a gigabyte than the 32-bit system.

Note: If you generous, bordering extravagant, then please donate!


Smilar pages

Monday, August 24, 2009


I have added a donation button on the right side of the screen, please if you feel that the blog has helped you and you can put some money for donation to Bug-Code the team will be very grateful, whatever the amount you want to donate it will make a difference.

Bug-Code Team
Smilar pages

Sunday, May 10, 2009

Quick IP-changer

If you are using multiple connections (like to get internet. networks..etc) you may find it boring that each time you have to change settings using GUI, MS "netsh" has the answers(not advertising for it!)..see the following examples (change the "Local Area Connection" to your connection name, and substitute the xxx with the ip number accordingly!):

netsh int ip set address name="Local Area Connection" source=static addr=xxx.xxx.xxx.xxx mask=xxx.xxx.xxx.xxx gateway=xxx.xxx.xxx.xxx gwmetric=1

And if you want to change the dns ip address:

netsh int ip set dnsserver name="Local Area Connection" static xxx.xxx.xxx.xxx primary
Just put the command lines you are willing to use in a ".bat" file and run it each time you going to change connection (Note: Vista users should run the script with Admin privilege on)


Smilar pages

Wednesday, December 17, 2008

Search Engine Plugin

Firefox was one of the first browsers to have this neat feature of incorporating a textbox in which u enter search terms to look for instead of visiting the search engine site and typing ur keywords in the site's search area, this feature saves alot of inconvenience and little time...

The basis for this feature is that there is a folder in firefox called "searchplugins" which contains a plethora of xml files which dictate which search form is selected and how keywords are submitted, and whether suggestions for keywords should appear in case user was writing into search plugin's textbox.
Below is an example of a typical xml search plugin file,

<SearchPlugin xmlns="http://www.mozilla.org/2006/browser/search/">
<ShortName>BlahBlah search</ShortName>
<Description>BlahBlah Search Engine Plugin</Description>
<Image width="16" height="16">data:image/x-icon;base64,R0lGODlhEAAQAJECAP8AAAAAAP///wAAACH5BAEAAAIALAAAAAAQABAAAAIplI+py+0NogQuyBDEnEd2kHkfFWUamEzmpZSfmaIHPHrRguUm/fT+UwAAOw==</Image>
<Url type="text/html" method="GET" template="http://search.balhblah.com/search">
<Param name="p" value="{searchTerms}"/>
<Param name="ei" value="UTF-8"/>
<MozParam name="fr" condition="pref" pref="Blah-fr" />

As u can see the First line (<SearchPlugin...>)is a tag for the file, the 2nd line (<ShortName>)is the name u c inside the search box when its empty and is not selected for writing, and when u click on the list of search plugins available for ur browser.
<Description> tag is the description info about the plugin that is usually seen when the plugin is inspected further by browser.
<InputEncoding> tag tells the plugin how to treat the keywords enterd, UTF-8 is the most widely used encoding, however, some plugins might use others, so choose according to ur search keywords and language.
the next part (<Image ..../Image>) tells the browser which image should appear next to the search box, and wat kind of image, in addition to its dimensions, in this case (which is the most widely used method) tje image is 16x16 pixels and is of PNG type icon, the next few lines represent image data encoded in the mentioned base64 format.
the following tag (<Url.../Url>) states how to treat the keywords entered and whether or not to show suggestions related to keywords entered, in the previous example no suggestions will be presented as focus is mainly on how to submit search request.
The Last line (<SearchForm>) states which form to submit the written keywords to for the search engine to process.
A number of situations can arise in day to day use of browsers, for example u might like ur search plugin to search images section of search engine instead of web or vice versa, and u might want to remove the suggestions feature or u might want to decrease the amount of info ur search plugin submits to the search engine and limit it to the keywords only....
To change search of google from web search to image search change the template to http://www.images.google.com" and save it into a different name so as to keep both, remember to change the Short name at least, so that u would be able to tell which is which when u search!

<Url type="text/html" method="GET" template="http://www.google.com/search">
<Param name="q" value="{searchTerms}"/>

One last issue can arise, the icon, in order to change the icon u have either to modify the existing icon, in which case u have to decode the base 64 encryption and revert it to the icon and then modify it and re-encode it, then paste it into the search plugin...or most commonly, create, or obtain the image from other sources, ie, web pages, when encode it to base 64 format, by using many of the availabe programs in the web, for example B64Dcode to encode ur image, open the b64 file, copy the base 64 encryted data and paste it over the template search plugin data, but make sure that ur source is a 16x16 PNG icon....

have fun!

Labels: ,

Smilar pages

Win32 PE :adding entry to import table

I was having hard time trying to add specific dll with certain function to an executable PE file until I reached two great tuts about this subject
here and here
The first thing we have to have extra space in that PE file, for me I am accustomed with adding new section using some article from Sunshine( the same site of the latter link) but the problem was the conflict that I faced while investigating assembled file using masm32 compared toother executable files, the difference was easy, but hard to find for a novice coder like me, in the articles(above) pointed that OriginalFirstThunk and FirstThunk in the ImportDirectory may be put same,but they are not similar in masm32 assembled files, and the other thing regarding masm32 is that creates JMP table, so when call user32!MessageBoxA, it actually redirect that into JMP user32!MessageBoxA.
The other thing I sought in whole this die hard one day of trial and error of coding, is that don't ever try to remove the original ImportTable nor modify it after copying it to the new location, just temper by adding new ImportDirectory, if it sounds confusing now I will try to throw a tutorial/Code snippet in upcoming post(s), cause JMP and CALLs point to the FirstThunk values, so if you want to change those values you should go on though the whole code trying to find the RVAs and changing them accordingly.
Now, I am too thrilled to re-adjust and optimize my current example code, But first I need to have a rest ;)

Music: Cymphony of Pain[Snakeskin], this is Duetsch[Esibrecher]., 1000 flammen[Eisbrecher]..etc(whole day music hardly memorizing them)

Labels: ,

Smilar pages