Contact Me @ +91-9041922099
Mail me at
Showing posts with label Cookies. Show all posts
Showing posts with label Cookies. Show all posts

Tuesday, February 14, 2012

Backtrack 4 Download for Windows VMWare & Torrents

BackTrack is a live CD Linux distribution that focuses on penetration testing. A merger of two older security-related distros Whax and Auditor Security Collection BackTrack bundles more than 300 security tools.
BackTrack is based on the SLAX distribution (a live CD derived from Slackware) and runs a patched 2.6.20 kernel. It offers users both KDE and Fluxbox desktop environments.
To start using BackTrack, download the ISO image and burn it to a CD. Insert the disc and boot your machine. Once booted, the system start at runlevel 3 (text mode), where you must log in as root and choose whether to start KDE or Fluxbox or just use the terminal.
BackTrack provides clear, concise instructions for logging in, starting the window manager, and configuring the video card before you see the login prompt. If youve never used BackTrack before, use a graphical environment, since it will help you understand how all the included applications are organized and let you take advantage of some graphical utilities. When the window manager comes up youll find some ordinary desktop programs, such as Firefox, Gaim, K3b, and XMMS, within a nice environment with beautiful wallpaper and window transparency.
Dont let the attractive appearance fool you BackTrack packs a punch. The security tools are arranged inside a Backtrack submenu. This is a big improvement over older releases, because you can easily follow an attack methodology: starting by collecting information and end by hiding your actions.
The tools are arranged in 12 categories, such as vulnerability identification, penetration, privilege escalation, radio network analysis, and reverse engineering. Among the more than 300 security tools youll find such familiar names as the Metasploit Framework, Kismet, Nmap, Ettercap, and Wireshark (previously known as Ethereal).
One of the core points of this release is the attention to detail. For example, when you choose most of the programs from the Backtrack menu, a console window opens with the output of the programs help. Some tools have been bundled with scripts that in a few steps configure and run the program for you. For example, if you run the Snort intrusion detection application, a script asks for some passwords and then sets up MySQL, Apache, Base, and Snort itself so you can easy browse alert logs via a Web browser.
If you open Firefox or Konqueror youll find some useful security-oriented bookmarks. In the Documents submenu the developers have included PDF manuals for the ISSAF and OSSTMM security methodologies. There are also some tools that you wouldnt expect inside a live CD; for example, you have a popular debugger for Windows, OllyDbg, which runs fine through Wine, so you can even debug .exe files.
If you like the live CD, you can install BackTrack to a hard drive (decompressed, it requires 2.7GB of space) or USB memory stick (compressed, 700MB) using a graphical wizard.
While BackTrack is an excellent tool, nothing is perfect. Unfortunately it doesnt include Nessus, the popular security scanner, due to license problems. I tried to start PostgreSQL from the Services menu, but it gave an error. And it seems as if the developers forgot to update the Backtrack menu in Fluxbox, because it offers the previous version arrangement. Tools like VMware and Nessus appear on the menu but are broken links because they have been removed from this release.
Despite a few little bugs and problems, BackTrack is the best distribution Ive found for handling security-oriented tasks out of the box.
Download Links :
Last Update: 11.01.2010
Description: Image Download
Name:: bt4-final.iso
Size: 1570 MB
MD5: af139d2a085978618dc53cabc67b9269
Description: VM Image Download
Size: 2000 MB
MD5: 733b47fad1d56d31bc63c16b3706a11c

Friday, March 18, 2011

Cookies are bad for privacy - Is that true?

This is a myth - cookies are a friendly internet tool primarily used by the advertising and e-commerce industry to make surfing easier and quicker. They have several roles, none of which can compromise your privacy:
  1. Protection - to ensure you are a genuine visitor and not someone else using your password.
  2. Authenticate and speed up your identification and e-commerce transactions.
  3. Recognise preferences e.g. remember user names and passwords for websites.
  4. Cap the frequency of ad serving and to make sure that advertisements are rotated and not duplicated during any one visit to a site
Many websites use the services of other companies to provide the content and services on their website. These third parties may provide content or services to more than one website. If they are using cookies, in theory, they can understand what that cookie does on a number of different sites.

What are Web Beacons OR Web Bugs?

Web beacons, also called web bugs and clear GIFs are used in combination with cookies to help people running websites to understand the behaviour of their customers. A web beacon is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a site or in an email.
The use of a web beacon allows the site to record the simple actions of the user opening the page that contains the beacon. The beacon is one of the ingredients of the page, just like other images and text except it is so small and clear that it is effectively invisible. Web pages and graphical emails use presentation code that tells your computer what to do when a page is opened. While they may contain some of the text that you see on the screen at the time they typically contains a number of instructions, or tags' that then ask the website's server to send you further content (such as an image or a block of text that changes frequently). Web beacons are retrieved in the same way and the action of calling the material from another server allows the event to be counted.
When a user's browser requests information from a website in this way certain simple information can also be gathered, such as: the IP address of your computer; time the material was viewed; the type of browser that retrieved the image; and the existence of cookies previously set by that server. This is information that is available to any web server you visit. Web beacons do not give any "extra" information away. They are simply a convenient way of gathering the simplest of statistics and managing cookies.
Web beacons are typically used by a third-party to monitor the activity of a site. Turning off the browser's cookies will prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address, but unique information will not be recorded.
For example a company owning a network of sites may use web beacons in order to count and recognise users travelling around its network. Rather than gathering statistics and managing cookies on all their servers separately, they can use web beacons to keep them all together. Being able to recognise you enables the site owner to personalise your visit and make it more user friendly.
Why do websites use Web Beacons?
Web beacons are used by website owners to log activity on their web pages and websites. Their purpose depends on what a site wants to understand about how visitors interact with pages. To see the demonstration how web beacons work, CLICK HERE.

Learn How to collecting and analyzing cookies Using COOKIEDIGGER

CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

Download Free Internet Explorer Cookie Forensic Analysis Tool: GALLETA

Many important files within Microsoft Windows have structures that are undocumented. One of the principals of computer forensics is that all analysis methodologies must be well documented and repeatable, and they must have an acceptable margin of error. Currently, there are a lack of open source methods and tools that forensic analysts can rely upon to examine the data found in proprietary Microsoft files.

What is Cookie ?

  • Attacking web applications is the easiest way to compromise hosts, networks and users.

  • Generally nobody notices web application penetration, until serious damage has been done.

  • Web application vulnerability can be eliminated to a great extent ensuring proper design specifications and coding practices as well as implementing common security procedures.

  • Various tools help the attacker to view the source codes and scan for security holes.

  • The first rule in web application development from a security standpoint is not to rely on the client side data for critical processes. Using an encrypted session such as SSL / "secure" cookies are advocated instead of using hidden fields, which are easily manipulated by attackers.

  • A cross-site scripting vulnerability is caused by the failure of a web based application to validate user supplied input before returning it to the client system.

  • If the application accepts only expected input, then the XSS can be significantly reduced.

Amarjit Singh