Jump to content

Karit

Active Members
 View Profile  See their activity

  • Posts

    84

  • Joined

  • Last visited

  • Days Won

    2

 Content Type 

Everything posted by Karit

  1. Karit
    That is why you should regularly change your PenTesting firms. Each firm has its different processes, methodologies, skill sets etc so good to swap the companies as they will all find different things.
  2. Karit
    mcx https://en.wikipedia.org/wiki/MCX_connector
  3. Karit
    I have seen 120NM from my window. Currently getting 140NM with a DPD ADS-B antenna sitting my window. Waiting for the weather to be such that can mount it to the roof. Also have the the Pi and PoE kit so can keep the antenna cable as short as possible.
  4. Karit
    Ok six simultaneous now, there was a new version today. Have upgraded but haven't read the release notes for it. I'm slowly figuring out how to read them. Most of those look like performance data and maintenance updates. Though that last one looks like it might be a flight plan. As a list of waypoints. Look at http://skyvector.com/ which is waypoint map Prior to take off often see a message that outlines how many people on board, weights etc Then there are the human messages that can be funny. Though I haven't come across any interesting free text messages yet.
  5. Karit
    There are a lot of people here are in aviation given the talk about ADS-B. In addition to tracking them you can also see some of the messages going back and forward between the planes over ACARS (https://en.wikipedia.org/wiki/Aircraft_Communications_Addressing_and_Reporting_System). The tool I am using is acarsdec (http://sourceforge.net/projects/acarsdec/) and running it on pi (http://www.satsignal.eu/raspberry-pi/acars-decoder.html) so can just leave it logging. acarsdec can decode four frequencies at the same time so can keep an eye quite a lot of planes at the same time. In NZ the frequencies to listen to are 131.45MHz and 131.55MHz In US I think the frequencies are: 129.125 130.025 130.450 131.125 131.550 136.575 136.650 136.750 136.800 136.850
  6. Karit
    Well on the flip side it may encourage people to encrypt what they do over the wireless. Take Wifi back in the early 2000s was an open mess. These days Wifi is a lot better than it was because people could explore Wifi using the access that some more open cards allowed. Joe public can already buy transivers that allow this. Just SDR makes it easier to explore. So if they bands these dongle you would have to look at banning TVs as they have TV tuners in them and a lot of Military Radios are currently SDR transcievers so would make access for the milatry harder. Encrypt and/or sign the transmissions and you would cut out a lot of the abuse as you filter more effectivily. Though that said the FAA currently don't seem that concerned with the ADB-B issues that renderman has highlighted
  7. Karit
    If you have a Pi and want to run dump1090 all the time have a look at https://drive.google.com/folderview?id=0B_tFEQ4o1RoTZ21YVmNiWHJKYTg&usp=sharing It has the details on how to get the data uploaded to http://www.flightradar24.com/ which means you get a free pro account while you are uploading data to them http://forum.flightradar24.com/threads/6133-Raspberry-Pi-type-B-DVB-T-Dongle-to-feed-FR24?p=37114&viewfull=1#post37114 FR24 will also store how far you can see the planes for. WIth the little 6inch aerial and R820T I am seeing ~130NM an older e4000 could only see 20NM
  8. Karit
    In NZ there is still plenty of POCSAG Followed the steps here http://www.raspberrypi.org/forums/viewtopic.php?f=41&t=45142&p=357671 And got the grewuencies from http://www.radiowiki.org.nz/index.php?title=Scanning_Data_Modes_in_Auckland
  9. Karit
    There is also the hackRF which is an open source board due in the near future as well. I have my eyes on that :) Though think Hak5 will need to do a DIY faraday cage out of old microwave oven so can do transmiting safely https://www.kickstarter.com/projects/mossmann/hackrf-an-open-source-sdr-platform http://greatscottgadgets.com/hackrf/
  10. Karit
    I assume your default gateway is your router? Can you log into router and set the IPs for the DNS servers you want to use there? Also if you want to specify DNS at the host level you most probably want to turn DHCP on the computer and go with static for everything. Also to me DNS Tunneling means running other protocols over DNS like what iodine does http://code.kryo.se/iodine/
  11. Karit
    I use the Locale app and have friends who use Lama. Both do locations based profiles
  12. Karit
    Reading that if it is marked clean by all of them it won't get submitted. To me it reads as if some detect and some don't it gets submitted to others to improve their filters. They aren't exactly going to look at every clean results as that would be high and people could DOS the process by uploading tons of clean files and thus diluting the bad files. Stuxnet lasted so long in the wild as its infection was small and the AV companies did have it sitting in their backlog but because its infection was limited to one organisation it was more likely to be a custom app rather than a virus according to their probability system for files to investigate. But if there are others who don't resubmit stuff it is most probably the best to go with them.
  13. Karit
    Mine bitcoins?
  14. Karit
    I have done a similar things (http://blog.karit.geek.nz/2012/11/testing-android-apps-for-ones-doing-ssl.html) recently though I used the Burp Proxy (http://www.portswigger.net/burp/proxy.html) rather than Squid. Though the iptables stuff I did you should be able to tweak the port numbers in to redirect the traffic through squid.
  15. Karit
    Well if that is the case you will need to do some type of arp poisoning to get the devices to send the traffic to you rather than the real gateway. Once you have it you can use iptables to grab the 80 traffic and pipe it through sslstrip. If you want to decrypt HTTPS 443 you will need a man in the middle proxy like Burp. f you just want to capture the traffic there is also the throwing star LAN Tap
  16. Karit
    Well in your first picture you can just install sslstrip from the pineapple bar and use the WiFi on the pineapple as the AP and you are away laughing. For your second would be something more like what I have written in my setup but just replace burp with sslstrip. The trick will be get the downstream to use you as the gateway which is DHCP setup and the Pineapple will just do that with the wp4.sh script.
  17. Karit
    On the whole if device has a saved network that is encrypted and it encounters an open one with the same name it won't connect as it is expecting it to have encryption.
  18. Karit
    Also sslstrip will only strip HTTPS links and redirects out of HTTP it won't actually decode HTTPS traffic. SSLStrip requires the user to first navigate to an HTTP url for that site
  19. Karit
    Haven't figured out how to do it with only the pineapple, but maybe what I wrote in this forum post and this blog post http://blog.karit.geek.nz/2012/11/testing-android-apps-for-ones-doing-ssl.html might help you or give you some ideas
  20. Karit
    Wrote this up in the blog post with some more of the why I am doing it as well http://blog.karit.geek.nz/2012/11/testing-android-apps-for-ones-doing-ssl.html
  21. Karit
    Hi Sebkinne you are right iptables aren't too bad. This post told me what I needed to do http://serverfault.com/questions/211536/iptables-port-redirect-not-working-for-localhost On to the helping future people. I am needing to test an app on an Android phone and want to direct it through the Burp Proxy. It is HTTPS only with no HTTP start or HTTP fallback so SSL Strip wouldn't help in this situation. It also doesn't follow Andriod's "global" proxy. On Backtrack download Burp from http://www.portswigger.net/burp/download.html Unzip and run it with java -jar burpsuite,jar Set up burp to listen on 8080 and listening on all interfaces Plug in the cables and pineapple and internet Run wp4.sh http://wifipineapple.com/wp4.sh the interface linked with the pineapple is eth1 and I always need to ifconfig eth1 172.16.42.42 up Connect my phone to the pineapple Ensure that the app is working as expected iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080 iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8080 Run your app and you will see it going through burp. You will see a cert error because it is using Burp's cert rather than the real cert Thanks for the iptables pointer, hopefully this is helpful feel free to ask a questions if want to know more or if I have missed something.
  22. Karit
    Thanks cool, it will be my next weekend task then was hoping there was something a little simplier :( (though need to have some challenges right?) Though if I get it working I will post the info here.
  23. Karit
    I have had a look at sslsniff and it appears to just redirect requests to an http version and requires the user to be on http first as just changes links and redirects to be http rather than https. What I am trying to test are Andriod apps that are https only and don't respect the Andriod proxy settings, so just trying to get a shim inbetween and the internet. Yes the app's handling of bogus SSL certs is one of the things I am investigating here along with the server side of the application as well.
  24. Karit
    Failing that does anyone know with ICS how to force all traffic through a proxy that will do SSL decryption and Man in the Middle? I normally use Backtrack as ICS OS. Thanks
  25. Karit
    Hi, Are there any SSL decrypting Man in the Middle proxies fro the Pineapple? I am looking for something like The Burp Proxy. There is sslstrip but doesn't work for things that won't follow redirects and only do things over SSL like some Android Apps. Just the decrypting aspect would be a great start even if there wasn't the MitM tampering. Thanks
×
×
  • Create New...