These addons can be of huge help when we perform the type of tests mentioned below.

• Cookie Prediction
• Session Fixation
• Cookie Persistence/Expiration
• Broken Session Management

Traditional Method

We use a proxy interceptor like Paros/Burp/WebScarab to trap the HTTP requests and modify the values during its transit. For this to happen, we need to setup a proxy and ensure that it listens to the browser traffic. An additional step is required if the application uses an SSL connection, i.e. to store the Proxy’s forged certificate in the browser. The intercepted request enables us to add new cookies or modify the existing ones. We can also check when exactly are the cookie values issued and whether it is getting flushed upon session expiration.

Usage of Addons

We have various addons for firefox which makes the tasks mentioned above easier. Certain addons allow to view the cookies stored in the browser and others allows us to edit it. The advantage – we don’t need any proxy to do this job, we can view/edit from the browser itself.

1. View Cookies

This addon adds a tab in the ‘Page Info’ box available on the Firefox context menu.

View Cookies Addon

Download Link:

2. Add N Edit Cookies

This addon integrates a Cookie Editor to firefox. This also allows us to edit the attributes of the cookie.

Add n Edit Cookies Addon

Download Link:

3. FireCookie

If you are using Firebug a lot, then cookies are easily accessible inside firebug tabs if you have FireCookie installed.

FireCookie Addon

Download Link:

4. Cookie Swap

This is an amazing addon which helps us to switch between various cookie profiles. This addon saves all the cookies for a particular domain to the chosen profile. These profiles can be managed through a Profile Manager which comes with the tool. One can add and organize the profile which can be easily swapped from the Firefox status bar. This is of great use if you are testing the application which has multiple login credentials.

Cookie Swap - Status Bar

Cookie Swap - Manage Profiles

Download Link:

5. WebDeveloper – View Cookies

Web developer has a built-in cookie viewer and editor. Once you select on ‘View Cookies’ available under the ‘Cookies’ menu, a new tab is displayed with a big list of cookies for that particular domain and options to edit it. I prefer using ‘Add n Edit Cookie’ to this addon.

WebDeveloper - View Cookies

Download Link:

Video Demo

Watch the following video. Here, I quickly go through each of the addon I’d mentioned above.

Stay tuned… Secfox will continue….

ClockingIt Screenshot

ClockingIt is a web based app which allows users to manage their project online. It has all the features needed for getting things done and to smoothly run the project. Apart from the ‘must have’ features like issue tracking and charts, this app features email notification, forums, chat etc which helps the users to communicate and share the info at a centralized location.

Video

ClockingIt Walkthrough

Tracking

Issue tracking is very easy with ClockingIt and can be done with few steps.

1. Add new Client
2. Create a New Project to the Client added (Step1)
3. Add users to the project
4. Click on New Task from the Menu
   

   NewTask Page (Screenshot from my previous site)

5. Submit the task details, priority, type and attach files, if any
6. Create Milestones from ‘Target section in newtask option
7. Assign the new task (Step 5) to appropriate milestone (step 6).

Dashboard

Click on overview button (acts like a dashboard)

• Drag the widgets to organize and arrange as needed
• Create new widget by specifying the type of it
• We can easily mark the tasks complete directly and the graphs will be updated instanly

Charting & Reporting

Click on GANTT chart from Schedule Menu. This chart extracts the data from the ‘Time Estimate’ option present in the ‘New Tasks’ page. Any change in the time duration for the particular task is immediately reflected on the GANTT chart.

Click on the report tab to run reports of various type like Pivot, Workload, Timesheet and Audit.

Features

• Task filters
• Milestones
• Timeline & Time tracking
• Calendar
• Graphs & GANTT charts (Ajax based)
• Drag & Drop organizing
• Notes & Comments
• Reports
• CSV Export
• Group chat / transcripts
• Instant messaging
• Email alerts
• RSS & iCal feeds
• File storage (for screenshots)
• Private Forum & Wiki for collaboration

Go to

Dropbox download is available for Windows, Mac and Linux.

Setting up Dropbox is very easy. We need to install dropbox, then

1. Create a Dropbox account.
2. Specify the Dropbox location in your PC (All the files and folders are sync’d with your online dropbox)

The mirror image of your files/folders can be accessed in all the PCs with dropbox and your online dropbox account. The folder structure of your local dropbox folder is maintained across the PC’s and the your online dropbox.

We can easily open our online dropbox account from the trayicon. We can also get the Status, Recently changed files etc from the tray icon.

Dropbox automatically maintains revisions of the files which are syncd. So that we can restore the previous versions as in when required.

Dropbox is not only used as an ultimate sync’ing solution but also to store and share any files to public users. You can put the public files inside the predefined public folder inside your dropbox. To share it with friends, provide the public URL as shown below. (We dont need to go to our dropbox site to copy the public URL, we can get the it from our local public folder itself by right click and select ‘Copy public link’).

We can also share our files with other dropbox users with the help of ‘Share folders’.

Check the Video demo here,

Enter any test string to get the error message.

Search for the referenced text strings and locate the message displayed in the error box. After analyzing the text references we find that there are no hardcoded keys or presence of any fragments of keys.

We have Double click to open the CPU window and set breakpoint by pressing ‘F2′

Check whether there are any new strings generated at the CPU window (and trust me you wont find any ). Now check the memory stack and scroll to the instruction where the userid we have entered is displayed. If you scroll a bit down you can find a ‘Key Like’ string below the userid string. Try to enter that in the key field, it should work.

There is no point in finding out the key without understanding the logic behind the generation of the key. Once if we find the logic, we can reverse engineer and create a distributable keygens.

We can segregate the userid and corresponding key values as follows

t – D8
e – C9
s – D7
t – D8
e – None
r – None

Now open ‘calc’ in scientific mode – Select Hex mode – Type D8

Select Dec mode to convert HEX value to Decimal.

Note down the corresponding Decimal value for each HEX equivalent.

Now open any asciichart and note down the ascii value for the userid chars.

We can notice a difference of 100 between the converted HEX value and ascii value of the userid.

So we can derive the logic to create our own Keygen

Logic Sequence

1. Take the 4 four characters of the username
2. Convert chars to corresponding decimal value
3. Add 100 to the decimal value obtained in step 2
4. Covert this to HEX and the Key is obtained!

CrackMe App Download : Alt:

Video

Conclusion: Always use a multilevel, complex logic to derive your own key. Always advised to use any standard encryption algorithm to generate the key used for comparison.

Note: The apps used in the tutorials are downloaded from the DeathSpawn Website (Not working anymore ) and detailed ‘How-to’ is can be read from the text file which is present along with the app package.

References

• OllyDbg Homepage – http://www.ollydbg.de/
• Death Spawn OllyDdg Tutorials – http://www.geocities.com/imdeathspawn/ (Doesn’t seem to work now)
• ASCII Chart – http://www.asciichart.com/
• UPX packing utility – http://upx.sourceforge.net/

Enter any test data and observe the error message displayed.

Search for referenced text strings as mentioned in Tutorial-1. Scroll to the location shown below.

Notice the 2 ‘Key like’ strings in the text strings referenced. If you think that one of them is valid, then you are wrong, but then why and where is it used? And what is the correct key? We can find that out soon.
Double click the message ‘The serial you entered is not correct’ to reach the instruction location in the CPU window. When we analyze the code we come across a few concatenations operations. But unfortunately the keys are concatenated with blanks and finally compared with the user input.

The blank values you see in the comments are not really blank ones. They values are assigned on runtime. We have to set a breakpoint to obtain the dynamic assigned value.

To set a breakpoint, select the instruction and press ‘F2′. Breakpoints highlighted in red over the memory location.

Press the ‘Play’ button to run the crackme application. Enter any random data and click the ‘Check’ button. The application pauses at the breakpoint set in the previous step. Go to the same location where you saw the 2 suspicious ‘Key Like’ strings in the previous step.

Just before where the breakpoint was set we can find a new long string value displayed instead of blank strings which was displayed earlier. If you reverse engineer now, you can understand that the 2 Keys ‘L2C-5781‘ and ‘4562-ABEX‘ are static ones and are prefixed and suffixed, respectively, with a dynamically generated string. This is what we were looking for; the correct key to this app.

CrackMe App Download : Alt :

Video

Conclusion : Never hardcode even fragments of static keys which can be helpful to deduce the complete key. Use some kind of logic to generate a dynamic key value.

Introduction

Ollydbg mainly has 4 windows in the default layout. CPU Window, Registers, Memory Stack and HEX Dump window. We will be working on CPU window most of the time.

OllyDbg Download :

A set of 3 tutorials illustrated here explains on how effectively can OllyDbg be used to identify the security holes and to ensure that the code written is healthy.

Tutorial 1 – Unpack the compressed exe & Find the hardcoded password

First step is to get a picture of how application works by submitting some random data, understanding the sequence of dialog boxes displayed and analyzing it. This might serve useful at later point of time. Enter some random test string in the CrackMe application and click ‘Check the Serial’. Note down the message displayed in the alert box.

Drag and Drop the CrackMe app to OllyDbg to disassemble the binary. As a thumb rule, always do Right click – Search for – All referenced text strings, first, to obtain any text string being used in the application so that we can directly jump into the required memory location. The ‘messages’ displayed in the alert box while a wrong key is entered, or any other info displayed while navigating the application are nothing but plain strings stored and being referred by a particular instruction which can be called as required.

Once the search is complete, results are displayed; and unfortunately displays no useful info after disassembling the app. Ideally it should have the message displayed, while that wrong value was entered, referred somewhere in the application. You must have noticed that an alert was displayed when the app was opened in OllyDbg which gives some hint that the application is compressed. This is the reason why Ollydbg is not disassembling the code properly.

So inorder to proceed further, we must uncompress/unpack the application. Here, UPX is used for packaging the app so we must use an option in UPX to decompress the app. (Download the UPX from here)

Unpacking with UPX

Copy the app exe into the same folder where UPX exe is present.

Open cmd and use the ‘decompress’ option

upx -d CrackMe2.exe

Try ‘Search for’ – ‘All referenced text strings’ again.

Now we can see the comments and referenced string values in the results window. Scroll down to location where you can see these strings in the below screenshot. Double click to get to the location in the CPU main window. If you reverse engineer the logic we can find that ‘12011982‘ is the string which is compared before ‘Trial CrackMe Cracked‘ is displayed or called. (Check the tutorial found in the app zip for detailed info). Even otherwise, on the first shot itself we can do a ‘Trail and Error’ method and guess that ’12011982′ is the key.

Conclusion : Never hardcode the static key in the code to compare the user input key.

CrackMe app download : Alt:

Video

OpenDNS provides a complete solution for blocking certain sites which falls under various identified categories. Once we register at OpenDNS website we get access to our Dashboard.

All we have to do is to to enable parental control is

1. Change the our DNS nameservers to OpenDNS NS (Nameservers are 208.67.222.222 and 208.67.220.220.)
2. Customize the level of filtering in the setting found in OpenDNS website.

OpenDNS can be configured either at Router or individual PC while using at the Home network. Most of the users who utilize this service for parental control use it in their PC rather than the router (Note: Enabling OpenDNS in router provides better security than in the PC). But in case of a shared computer is the admin is forced to switch OpenDNS back to direct connection for accessing few blocked sites, manually changing the LAN settings whenever required (Or by changing the filter level which consumes few mts to apply the changes). This process can be achieved in a single click with the help of a free tool called as NetSetMan.

Enable/Disable OpenDNS with NetSetMan

NetSetMan is a tiny tool which allows to create multiple profile for managing our LAN settings. This feature can be utlized to create two profiles which serves the purpose of enabling and disabling OpenDNS.

Open NetSetMan and create 2 profiles as mentioned

1. Profile 1 for enabling direct internet connection by providing DNS NS provided by our ISP

2. Profile 2 which is configured for enabling OpenDNS

The profiles can by activated right clicking the NetSetMan from the system tray.

Tips

1. NetSetMan can work in portable mode which means the program folder can be moved to any location which is not ideally accessible by the unintended user.
2. Execute NetSetMan only when required and close it once the switch is accomplished.

Links

OpenDNS – http://www.opendns.com/
NetSetMan -http://www.netsetman.com/index.php?s=nsm

Send the ‘URL’ of the requested page in the subject and mail to ‘browse@webmail.com’. This service sends the requested webpage offline through email,not just that, it can even send us the google search results page for the search queried for. It also sends you the results of the google image searches as well. Just change the subject of the mail from ‘url’ to ‘google:query’, ‘googleimg:query’ & ‘rediff:query’ and send it to ‘browse@webinmail.com’

This is a simpler version of the previous mentioned service. Send a mail to ‘www@web2mail.com’ with subject as requested url.

Cheat Sheet

Subject- <URL>
To- www@web2mail.com

Subject- <URL>
To- browse@webinmail.com

Subject- google:query
To- browse@webinmail.com

Subject- googleimg:query
To- browse@webinmail.com

Subject- rediff:query
To- browse@webinmail.com