Monday, 29 July 2013

Firexfox Add-onns for Penetration Testers

Firefox is the popular web browsers that lets users to customize the look and functions with the help of add-ons. There are many kind of add-ons are available. So, add-ons are also available for penetration testers. Penetration testers can use these add-ons to turn their browser into a penetraation testing tool. Add-ons are available for all kind of penetration testing phase.

Few popular add-ons are below
  • FoxyProxy Standard
  • Firebug
  • Web Developer
  • User Agent Switch
  • Live HTTP Headers
  • HackBar
  • Tamper Data
  • Web Securify
  • Add N Edit Cookies
  • XSS Me
  • SQL Inject Me
  • CryptoFox
See a full list with detailed description here on Infosec institute resources. In this detailed article, I mentioned all the important security add-ons and how those add-ons work. Read the original article and express your views in comments.

Interested in learning web security, join web application security course offered by infosec Institute.

Saturday, 27 July 2013

Find XSS vulnerabilities with X5s and Fiddler

Fiddler is a web debugging proxy tool. It is used to monitor we traffic between your computer and Internet. With the help of the tool you can inspect the request and response of web traffic. The tool is available for free and inspect traffic incoming to all browsers of the system. Its ability to monitor web traffic makes it useful tool for penetration testing.

It is mostly used in finding XSS vulnerability in web applications. Although the tool cannot directly help in finding XSS vulnerabilities, it can with the help of an add-on. X5S is the fiddler add-on that help it. But the tool is not for beginners. Before using the tool, you need to have understanding of XSS encoding. Because it only helps in finding possible injections. Most of the times, it shows false alerts. Basically the tool helps in finding places where safe encoding was not applied in use inputs.


X5s for Fiddler is also available for free. So, you can download it from official link. After installation, it adds a X5s tab in the fiddler from where you can manage all the settings and see the vulnerable links.

The tool needs proper configuration and then test case setup. I am not going to explain it here. I already wrote a full article on X5S and Fiddler on Infosec Institute website. You can read there.

Intersted in learning web security, join web application security course offered by infosec Institute.

Tuesday, 22 January 2013

WebSecurify web vulnerability scanner

With the increasing use of Internet, everything is now connected and online. Organizations use internet to share data and web applications allow data to be accessed from any where else. This makes our work easy but puts our information at risk. As we know that websites and web applications uses our data, it must be secure.  Hackers are very active these days and they try their best to hack into websites to get secret information or deface it.

To protect our website from hackers, developers must develop a website secure and free from all kind of bugs and security vulnerability. It is impossible to developer a secure website in first attempt, we need testers to check whether the website is secure or not. To test a website for security vulnerability, there are many scanners available.

Websecurify is one of those popular vulnerability scanners that is used to test a website and find all the known popular vulnerability. Unlike other automatic penetration testing tools, it is not fully automatic and it only shows the possible vulnerable points of the application. Therefore, you need to have manual testing skills before deciding to use Websecurify.



If you are interested in learning how to use this scanner to find vulnerability, you can read my article Websecurify Walkthrough, Web Application Penetration Testing Tool on Infosec Institute.

Intersted in learning web security, join web application security course offered by infosecinstitute.

Friday, 18 January 2013

C program for odd or even number

Write a C program to check even or odd number in C
#include<stdio.h>

int main(){

    int number;
 
    printf("Enter any integer: ");
    scanf("%d",&number);

    if(number % 2 ==0)
         printf("%d is even number.",number);
    else
         printf("%d is odd number.",number);
 
    return 0;

}
Sample output:
Enter any integer: 5
5 is odd number.

Check the given number is armstrong number or not using c program

C program to check whether a number is Armstrong or not
#include<stdio.h>
int main(){
    int num,r,sum=0,temp;

    printf("Enter a number: ");
    scanf("%d",&num);

    temp=num;
    while(num!=0){
         r=num%10;
         num=num/10;
         sum=sum+(r*r*r);
    }
    if(sum==temp)
         printf("%d is an Armstrong number",temp);
    else
         printf("%d is not an Armstrong number",temp);

    return 0;
}

Sample output:
Enter a number: 153
153 is an Armstrong number

Find Out the Perfect Number Using c Program

 C Program to find whether the given number is perfect or not
#include<stdio.h>
int main(){
  int n,i,sum;
  int min,max;

  printf("Enter the minimum range: ");
  scanf("%d",&min);

  printf("Enter the maximum range: ");
  scanf("%d",&max);

  printf("Perfect numbers in given range is: ");
  for(n=min;n<=max;n++){
    i=1;
    sum = 0;

    while(i<n){
      if(n%i==0)
           sum=sum+i;
          i++;
    }

    if(sum==n)
      printf("%d ",n);
  }

  return 0;
}
Sample output:
Enter the minimum range: 1
Enter the maximum range: 20
Perfect numbers in given range is: 6

C Program to find perfect number in range
#include<stdio.h>
int main(){
  int n,i,sum;
  int min,max;

  printf("Enter the minimum range: ");
  scanf("%d",&min);

  printf("Enter the maximum range: ");
  scanf("%d",&max);

  printf("Perfect numbers in given range is: ");
  for(n=min;n<=max;n++){
    i=1;
    sum = 0;

    while(i<n){
      if(n%i==0)
           sum=sum+i;
          i++;
    }

    if(sum==n)
      printf("%d ",n);
  }

  return 0;
}

Sample output:
Enter the minimum range: 1
Enter the maximum range: 20
Perfect numbers in given range is: 6

Write a C program to generate all the prime numbers between 1 and n

/* Write a C program to generate all the prime numbers between 1 and n, where n is a value supplied by the user. */


#include <stdio.h>

void main()
{
int no,counter,counter1,check;
clrscr();
printf(“<———————–PRIME NO. SERIES————————>”);
printf(“\n\n\n\t\t\tINPUT THE VALUE OF N: “);
scanf(“%d”,&no);
printf(“\n\nTHE PRIME NO. SERIES B/W 1 TO %d : \n\n”,no);

for(counter = 1; counter <= no; counter++)
{
check = 0;
//THIS LOOP WILL CHECK A NO TO BE PRIME NO. OR NOT.

for(counter1 = counter-1; counter1 > 1 ; counter1–)
if(counter%counter1 == 0)
{
check++;        // INCREMENT CHECK IF NO. IS NOT A PRIME NO.
break;
}
if(check == 0)
printf(“%d\t”,counter);
}
getch();
}

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More