dustbyter

Active Members
  • Content count

    326
  • Joined

  • Last visited

  • Days Won

    6

1 Follower

About dustbyter

  • Rank
    Hak5 Pirate
  • Birthday

Recent Profile Visitors

2,710 profile views
  1. Sorry, but we do not condone this type of activities on the forum. I am sure a moderator will lock this up shortly.
  2. Look at my past posts. I wrote most of this but never finished it. I provided code for the python scripts... Just set up the dependecies. had it names wigleAgent
  3. I tested instagram. I was able to get it to route traffic to burp, but I used proxydroid, I also installed the burp certificate on the android phone. is your phone rooted?
  4. Are you talking about doing wardriving with the nano? It would be that with out the GPS component.
  5. I have not tested those applications that you are referring to, however some applications are implementing certificate pinning. The applications in those cases would stop processing requests is they see that the certificate they receive is not the one expected. The pinning occurs by having the application check for hard coded values within the certificate. In your case, did the application still function correctly when trying to run it through burp? From my experience, I use ProxyDroid to set up the address of the machine that is running burp (requires root on device), sounds like you may have a different set up in your environment.
  6. Sorry guys, I have not been around lately. McFly, sounds like the issue is resolved. Can you confirm this? Thanks!
  7. Is there any way to query the information stored within the interface of the nano from a 3rd party application using an API? I saw the API Token module, but its not clear how to use that. I have an idea to use some of the information that the nano can get and display it in an interesting way. More details to come once I can confirm if it can be done.
  8. You can also route with iptables to another machine and use wireshark. Otherwise you can use tcpdump to save the pcap... and analyze it later.
  9. Just an update from my end. The new update to the DWall module corrected any issues that I had before. Thanks!
  10. Staging could be a way to get it working. Depending how the first stager is coded, it can be loaded with a reflective dll. I was experimenting with A/V evasion, but haven't had much luck. I wrong some code that for now just XOR'ed the payload to hide it from AV. The XOR works fine, but when using the memcpy method on the buf that is XOR decrypted, A/V triggers. Some how, A/V is keeping track of the buf that is XOR'ed and then checks if its copied with memcpy. Have not found a way to bypass that...
  11. thanks for your input guys.
  12. TextWrangler on my Mac. But looks like Sublime may be editor of choice from what I have been seeing.
  13. Have not put too much thought into this, but was thinking... So many people wear wearables today. Why not have a way to use the Pineapple "sense" who is around. Each device I imagine has a unique identifier that could be use to track who is around the pineapple when, or just to even do a traffic analysis at a particular area that the pineapple may be dropped off to. I haven't done any research to see if openwrt has any module to support bluetooth, but i imagine it does. WIth a dongle it should be do-able. Thoughts?
  14. Check out the blog on the site of the organization that releases burpsuite. https://portswigger.net/ Additionally, like many other tools, i'd say look at youtube, but before that even. Look to understand the HTTP protocol. Understand what is happening. This will allow then for a deeper understanding of what is occurring in the videos. Understand what HTTP headers are and what a request's format is, where do parameters to and how do they impact the application. Next think what you can do if you can tamper them as you exercise various security controls on the application.
  15. Their was an issue with the package version information. I submitted a new version of the application to Seb. Not sure if has been rolled out yet.