domingo, 30 de julio de 2017

How to turn-off detectportal.firefox.com

While intercepting traffic with Burp Suite I want to check HTTP requests only for the site I am auditing but there is a lot of requests to http://detectportal.firefox.com/success.txt and it is a kind of annoying for me dropping every undesired request despite I intercept this and sending to "Don't intercept request for this Host/IP Address".

Searching for information about http://detectportal.firefox.com it is a functionality that Mozilla Firefox does to verify if the browser is trapped in a captive portal. Captive portals are common in public Wi-Fi hot-spots so for some reason Firefox does that check.

For some Network or System Administrators it could be difficult dealing with it because it shows a lot of traffic from users in their networks returning inaccurate statistics about browsing time by day, week, month.

In my case it fills the HTTP history with undesired requests so the best way for me is turning it from the browser. For larger networks maybe this task could be programed through deploying a GPO or some scripts doing something like that. Anyway, in the reference link there is a proposal for a managed environment.

In a simple way there's not a check box to disable it, so we have to type in the Address bar about:config then in the Search bar type captive now we have to look for network.captive-portal-service.enabled and hit double-click on it to switch from the boolean value true to false. That's it.

As Richard Stallman said: Software is for us and and we should to know what it is doing.

Reference: https://support.mozilla.org/en-US/questions/1157121
Publicadas por a la/s No hay comentarios.:

jueves, 15 de junio de 2017

How to update Burp Suite in Kali Linux 2017.1 [Rolling]

When we run Burp Suite from the dock launcher (or in any other way) it does a check to see if one have the latest version.

If we want to continue using the launcher instead to running it from the folder when we have other tools/scripts we just have to download the .jar file. Once downloaded now rename it to burpsuite (without extension), now it looks like a zip file but it doesn't matter.

Then move this renamed file to /usr/bin (root@kali:# mv burpsuite /usr/bin) and that's it.
Publicadas por a la/s No hay comentarios.:

viernes, 12 de mayo de 2017

Install docker-engine [Kali 2017.1]

I read a blog post regarding how to install docker on Kali 2016.2 and for the last release at the time of writing this there's one step to add, the rest is alike.

Since Kali has root as the default user, it isn't need to use sudo command but, if you try to do with an unprivileged user you'll have to.

Here are the steps to install docker (docker-engine) on Kali 2017.1:

1. Create a backports file and add the entry for Debian Wheezy:

echo 'deb http://http.debian.net/debian wheezy-backports main' > /etc/apt/sources.list.d/backports.list && apt-get update

2. Install ca-certificates and allow APT to operate via https: 

apt-get install apt-transport-https ca-certificates

3. For step 4 there's a needed package in order to execute the whole command, so let's install this package named 'dirmngr'

apt-get install dirmngr

If you opt to install without this package you'll have errors similar like...

gpg: failed to start the dirmngr '/usr/bin/dirmngr': The file or directory does not exist
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.O06UOd0ijZ/S.dirmngr' failed: The file or directory does not exist
gpg: keyserver receive failed: No dirmngr

In order to continue you need to install it.

4. Add the appropriate GPG key:

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D

5. Add the appropriate Docker source entry: 

echo 'deb https://apt.dockerproject.org/repo debian-wheezy main' > /etc/apt/sources.list.d/docker.list && apt-get update

6. Install Docker:

apt-get install docker-engine

In this step, you'll have to install a bunch of packages that are needed in order the right working of docker. aufs-dkms, dkms, some kernel headers, etc.

After installation the system starts the service it self. Confirm it with:

service docker status

7. Verify that Docker is working: 

docker run hello-world

In this last step it will take a little bit of time while download (pull) the image hello-world from github repo. At the end you will see a message about the recently pulled image.

Source and original article is HERE!

#happyhacking
Publicadas por a la/s No hay comentarios.:

martes, 9 de mayo de 2017

Install Wicd in Kali 2007.1

Gnome Network Manager is a piece of junk. I got problems using my second wireless card, it's an Alpha USB card. If I turned off the PCI wireless card physically the USB card got turned off too. It's a terrible behavior since I want to get working (turned on) only one card and not both. There are a lot of known and weird troubles with GNM so Wicd is a better option if not the best.

As I'm working on Kali I'll omit the commands launched are fired as root. If someone come around here and its distro is Debian or Ubuntu you know you have to make use of sudo command.

After doing apt-get update && apt-get upgrade

We have to install Wicd. Since it is a metapackage we only need to launch:
apt-get install wicd

And it will install wicd-gtk, wicd-curses, wicd-cli, wicd-client too.

Next, we have to stop and remove Gnome NM:
service network-manager stop
update-rc.d network-manager disable
apt-get purge network-manager

After the last command, appear that some packages were installed automatically and they are not useful anymore, so to remove them just launch:
apt-get autoremove

It's known that trying to connect to any wireless network with Wicd while GNM it is installed some people have problems with Wicd related to "bad password" so, after have installed Wicd remove network-manager.

Now, to start and make Wicd being autostarted at boot time, run these commands:
systemctl start wicd
systemctl enabled wicd

And that's it!

All the steps mentioned above assumes Kali made use of an Internet connection during the installation process, if someone installed using a DVD (and had no Internet connection) perhaps Wicd won't be available to get installed. If it is your case, request a friend or go yourself to a Cafe Internet to search for the latest Kali (2017.1) repositories, copy and paste them in the file: /etc/apt/sources.list and don't forget to apply a comment (with the symbol #) at the beginning of the line belonging to CD/DVD repository.

My source.list file:
deb http://http.kali.org/kali kali-rolling main non-free contrib

References:
https://debian-handbook.info
https://wiki.archlinux.org/index.php/wicd#Autostart
https://wiki.archlinux.org/index.php/Systemd#Using_units
Publicadas por a la/s No hay comentarios.:
Suscribirse a: Entradas (Atom)