This Python script by the author ‘sickness’ updates many of the tools present in Backtrack suite, which otherwise would’ve to be updated manually.
Get the script
Screenshot
Backtrack5 Update Script
Source: backtrack-linux.org
| Backtrack5 Update Script Info | |
|---|---|
| App Name | Backtrack5 Update Script |
| License | free |
| Type | code |
| App URL |
 |
| More Info | link |
This batch file decompiles an apk to its corresponding java sources. People who are looking forward to do a code review on an android app who’s source code is not readily available can utilize this bat. This batch runs various free tools available on the internet in a sequence to obtain the java source files.
This is not made to encourage piracy/plagiarism in any case.
1. Extract batch file and lib folder to C:\apk2java\ (or any folder that doesnt have space in its path)
2. Backup the target app’s apk from phone to PC via ASTRO Browser (check this post for details)
3. Keep the target apk in the root folder where batch file is present
4. Run ‘apk2java.bat target.apk’ in cmd
c:\apk2java>apk2java.bat target.apk
This post talks about process of extracting apk file of any app available in market and then decompiling it to Java source. This can be helpful for those who perform code review (for security vulnerabilities) on apps whose source code is not available. Once Java source code is obtained, we can either do manual code review or run any free/commercial automated code scanners.
List of chrome browser extensions that can be useful while performing application security assessments. Some of the extensions are already discussed earlier in our blog. On the sidenote, a similar collection exists for Firefox users – check SecFox at Mozilla Addons Collection site
Note: Below table will be updated regularly. If you find any addons that are not listed but might be useful while conducting pentests, please mention in comments.
Proxy Switchy! is an advanced proxy manager for Google Chrome, it allows users to manage and switch between multiple proxy profiles quickly and easily.
This will be one must-have addition to the chrome addons that helps for security testing which we had discussed earlier here. While conducting blackbox security assessments, we normally do analysis on communication between the server and the browser (client). This is done with the help of various software proxy interceptors such as Paros, Webscarb, Burp etc. by redirecting traffic to these proxies.
Most of the times its required to change the browser proxy settings to
1. Change the port to switch the listener (proxy) that intercepts web traffic
2. Filter the URLs that are not in our scope to reduce the overhead on the proxy.
3. Match the URLs to send to different listeners based on certain patterns.
Proxy switch can help to easily overcome the situations mentioned above.
AdBlock is one of the most popular browser extension that prevents ads or annoying page elements those are usually displayed in any webpage. It works by matching the pattern of unwanted elements in the page with what is available in its database and filters them.
Adblock can be made more efficient by adding custom patterns for the elements to be filtered.. This feature of AdBlock can be extended to block not only the ads but also the malicious content those are injected in seemingly genuine sites. This is done by adding MalwareDomains subscription to our Adblock preferences. MalwareDomain contains a list of domains that are known to be used to propagate malware and spyware. Adblock verifies whether there are any cross domain content loaded from any of malicious websites present in that list and if there is, then it blocks those elements.
Note: Subscribing to this list can increase the load time of the site. Increase in security at the cost of slight reduction in performance.
Here, we illustrate the steps to add the MalwareDomain list to our Adblock addon available for Chrome and Firefox browsers.
Download Adblock for Chrome here.
1. Access the AdBlock Options from the Chrome Extensions page and add MalwareDomains URL (http://malwaredomains.lanik.us/malwaredomains_full.txt)
2. Entered URL will now display in the subscriptions list. Make sure that its checked.
How to choose a strong and secure password? The obvious answer is to choose a very long password and the next answer in the list is to include as much special characters as possible. But doing so would make it more difficult to remember and would even force us to jot it in postits.
But the ideal solution would be to choose a password which takes longer time to crack. Hackers can find someway to crack our password, all we have to make them try stronger and harder. Passwords are usually cracked using a method called as Bruteforce attack where a malicious tool tries to match all the type of password combination available against the target system. More complex the password is, more are the combinations to be tried and less probable it becomes for the tool to guess our password right.
This website, HowSecureIsMyPassword, gives us an idea on how long it takes to crack a password with a normal desktop PC. We can try various combinations, longer password/different character sets and analyze the results.
So as mentioned earlier we should choose a password which takes at least more than ‘a year’ to crack. This arbitrary value – ‘a year’ is based on the assumption that we would change our passwords once in every year so by the time the cracker obtains our password, we would have changed it 
Google has launched Secure Google search hosted on SSL lately . This post talks on how to enable this Secure Google search to the browser search bar/search suggestions in Firefox, Chrome and IE browsers.
Updated: Added Screenshots for IE
Go to the Mozilla Addons Page and add Google SSL Search Plugin
Select ‘Start using it right away in the dialog box that displays – Add “Google SSL” to the list of engines available in the search bar?
Right Click on Chrome Omnibar(Address bar) and Select ‘Edit Search Engines’.
In the Edit Search Engines Dialog box add https://www.google.com/search?q=%s in the URL field and click on Make Default Button.
Dont forget to check the Chrome Extensions List for Security Testers, here (Internal Post)
3. Internet Explorer
Click on the Install Button to see the following screen. Check the ‘Make this my default search provider’
Now the Search box in IE will display Google.
via Google Blog and TechDows
Gruyere is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.
Update: Jarlsberg is now Gruyere
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:
This post lists 13 Chrome Extensions to aid security testers during their web application pen testing.
3d access addons apps appsec automate batch chrome code command concept customize Download files Firefox free google Graphics greasemonkey icon imageEditing linux mail mp3 online organize passwords pics Portable rightclick scan scripts Secfox store sync systools tips updates usb va versions videos webdesign xss youtube
WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.
