Karit
-
Posts
84 -
Joined
-
Last visited
-
Days Won
2
Posts posted by Karit
-
-
That is why you should regularly change your PenTesting firms. Each firm has its different processes, methodologies, skill sets etc so good to swap the companies as they will all find different things.
-
-
That puny little dongle with its even punier antenna... I'm running dump1090 right now and looking at the map. I'm receiving schiphol airport over here. Hell, I'm tracking planes in Belgium and in the Netherlands as far out as Coevorden and beyond. That's in excess of 150 km (100mi) from that flimsy antenna indoors!
I have seen 120NM from my window. Currently getting 140NM with a DPD ADS-B antenna sitting my window. Waiting for the weather to be such that can mount it to the roof. Also have the the Pi and PoE kit so can keep the antenna cable as short as possible.
-
Ok six simultaneous now, there was a new version today. Have upgraded but haven't read the release notes for it.
I'm slowly figuring out how to read them. Most of those look like performance data and maintenance updates.
Though that last one looks like it might be a flight plan. As a list of waypoints. Look at http://skyvector.com/ which is waypoint map
Prior to take off often see a message that outlines how many people on board, weights etc
Then there are the human messages that can be funny. Though I haven't come across any interesting free text messages yet.
-
There are a lot of people here are in aviation given the talk about ADS-B. In addition to tracking them you can also see some of the messages going back and forward between the planes over ACARS (https://en.wikipedia.org/wiki/Aircraft_Communications_Addressing_and_Reporting_System). The tool I am using is acarsdec (http://sourceforge.net/projects/acarsdec/) and running it on pi (http://www.satsignal.eu/raspberry-pi/acars-decoder.html) so can just leave it logging. acarsdec can decode four frequencies at the same time so can keep an eye quite a lot of planes at the same time.
In NZ the frequencies to listen to are 131.45MHz and 131.55MHz
In US I think the frequencies are:
129.125 130.025 130.450 131.125 131.550 136.575 136.650 136.750 136.800 136.850
-
I think a transmitter that is able to transmit over a wide area of the spectrum and will be available to Joe Public is a terrible idea.
I know responsible people will buy them and those will only transmit where they are allowed to but we all know their are those out there who will but it just to cause issues.
For example you cannot transmit on the aircraft band 108 - 137 MHz but their will be someone who does it anyways and next thing we know the FCC with Homeland security is banning the boxs and dongles all together in the US.
Well on the flip side it may encourage people to encrypt what they do over the wireless.
Take Wifi back in the early 2000s was an open mess. These days Wifi is a lot better than it was because people could explore Wifi using the access that some more open cards allowed.
Joe public can already buy transivers that allow this. Just SDR makes it easier to explore. So if they bands these dongle you would have to look at banning TVs as they have TV tuners in them and a lot of Military Radios are currently SDR transcievers so would make access for the milatry harder.
Encrypt and/or sign the transmissions and you would cut out a lot of the abuse as you filter more effectivily.
Though that said the FAA currently don't seem that concerned with the ADB-B issues that renderman has highlighted
-
If you have a Pi and want to run dump1090 all the time have a look at
https://drive.google.com/folderview?id=0B_tFEQ4o1RoTZ21YVmNiWHJKYTg&usp=sharing
It has the details on how to get the data uploaded to http://www.flightradar24.com/ which means you get a free pro account while you are uploading data to them
FR24 will also store how far you can see the planes for. WIth the little 6inch aerial and R820T I am seeing ~130NM an older e4000 could only see 20NM
-
In NZ there is still plenty of POCSAG
Followed the steps here
http://www.raspberrypi.org/forums/viewtopic.php?f=41&t=45142&p=357671
And got the grewuencies from
http://www.radiowiki.org.nz/index.php?title=Scanning_Data_Modes_in_Auckland
-
There is also the hackRF which is an open source board due in the near future as well. I have my eyes on that :) Though think Hak5 will need to do a DIY faraday cage out of old microwave oven so can do transmiting safely
https://www.kickstarter.com/projects/mossmann/hackrf-an-open-source-sdr-platform
-
I tried that. All DNS requests go to the default gateway regardless of the IP in my system. Thanks though.
The problem with that is I still need to be able to get to 10.153.0.1 (default gw address) in order to log into the system. Think of it as a coffee shop network that I have no choice but to use. I put the block in my hosts file to 10.153.0.1, but I don't think it worked. I'm still getting blocked by the DNS. Do you think tunneling through DNS would solve this problem? Sorry for an odd kind of problem.
I assume your default gateway is your router? Can you log into router and set the IPs for the DNS servers you want to use there? Also if you want to specify DNS at the host level you most probably want to turn DHCP on the computer and go with static for everything.
Also to me DNS Tunneling means running other protocols over DNS like what iodine does http://code.kryo.se/iodine/
-
I use the Locale app and have friends who use Lama. Both do locations based profiles
-
When you submit a file to VirusTotal for scanning, we may store it and share it with the anti-malware and security industry (normally the companies that participate in VirusTotal receive files containing virus samples that their engines do not detect and are catalogued as malware by at least one other engine). The samples can be analysed by automatic tools and security analysts to detect malicious code and to improve antivirus engines.
Reading that if it is marked clean by all of them it won't get submitted. To me it reads as if some detect and some don't it gets submitted to others to improve their filters. They aren't exactly going to look at every clean results as that would be high and people could DOS the process by uploading tons of clean files and thus diluting the bad files.
Stuxnet lasted so long in the wild as its infection was small and the AV companies did have it sitting in their backlog but because its infection was limited to one organisation it was more likely to be a custom app rather than a virus according to their probability system for files to investigate.
But if there are others who don't resubmit stuff it is most probably the best to go with them.
-
Mine bitcoins?
-
I have done a similar things (http://blog.karit.geek.nz/2012/11/testing-android-apps-for-ones-doing-ssl.html) recently though I used the Burp Proxy (http://www.portswigger.net/burp/proxy.html) rather than Squid. Though the iptables stuff I did you should be able to tweak the port numbers in to redirect the traffic through squid.
-
Its must be transparent without using dhcp & routing. Because i cant route from 192.168.1.0 to 192.168.1.0
Well if that is the case you will need to do some type of arp poisoning to get the devices to send the traffic to you rather than the real gateway. Once you have it you can use iptables to grab the 80 traffic and pipe it through sslstrip. If you want to decrypt HTTPS 443 you will need a man in the middle proxy like Burp.
f you just want to capture the traffic there is also the throwing star LAN Tap
-
you're a very smart man. I am wondering how to wrap traffic to sslstrip in created bridge .
Well in your first picture you can just install sslstrip from the pineapple bar and use the WiFi on the pineapple as the AP and you are away laughing.
For your second would be something more like what I have written in my setup but just replace burp with sslstrip. The trick will be get the downstream to use you as the gateway which is DHCP setup and the Pineapple will just do that with the wp4.sh script.
-
On the whole if device has a saved network that is encrypted and it encounters an open one with the same name it won't connect as it is expecting it to have encryption.
-
Also sslstrip will only strip HTTPS links and redirects out of HTTP it won't actually decode HTTPS traffic. SSLStrip requires the user to first navigate to an HTTP url for that site
-
Haven't figured out how to do it with only the pineapple, but maybe what I wrote in this forum post and this blog post http://blog.karit.geek.nz/2012/11/testing-android-apps-for-ones-doing-ssl.html might help you or give you some ideas
-
Wrote this up in the blog post with some more of the why I am doing it as well
http://blog.karit.geek.nz/2012/11/testing-android-apps-for-ones-doing-ssl.html
-
Hi Sebkinne you are right iptables aren't too bad. This post told me what I needed to do http://serverfault.com/questions/211536/iptables-port-redirect-not-working-for-localhost
On to the helping future people.
I am needing to test an app on an Android phone and want to direct it through the Burp Proxy. It is HTTPS only with no HTTP start or HTTP fallback so SSL Strip wouldn't help in this situation. It also doesn't follow Andriod's "global" proxy.
- On Backtrack download Burp from http://www.portswigger.net/burp/download.html
- Unzip and run it with java -jar burpsuite,jar
- Set up burp to listen on 8080 and listening on all interfaces
- Plug in the cables and pineapple and internet
- Run wp4.sh http://wifipineapple.com/wp4.sh
- the interface linked with the pineapple is eth1 and I always need to ifconfig eth1 172.16.42.42 up
- Connect my phone to the pineapple
- Ensure that the app is working as expected
- iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080
- iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8080
- Run your app and you will see it going through burp. You will see a cert error because it is using Burp's cert rather than the real cert
Thanks for the iptables pointer, hopefully this is helpful feel free to ask a questions if want to know more or if I have missed something.
- On Backtrack download Burp from http://www.portswigger.net/burp/download.html
-
IP tables will do the trick for you.
Thanks cool, it will be my next weekend task then was hoping there was something a little simplier :( (though need to have some challenges right?) Though if I get it working I will post the info here.
-
You could take a look at sslsniff, which seems to do exactly what you want. Might need some configuring to get it working on the Pineapple though.
I have had a look at sslsniff and it appears to just redirect requests to an http version and requires the user to be on http first as just changes links and redirects to be http rather than https. What I am trying to test are Andriod apps that are https only and don't respect the Andriod proxy settings, so just trying to get a shim inbetween and the internet. Yes the app's handling of bogus SSL certs is one of the things I am investigating here along with the server side of the application as well.
-
Failing that does anyone know with ICS how to force all traffic through a proxy that will do SSL decryption and Man in the Middle? I normally use Backtrack as ICS OS.
Thanks
Odd ADSB Beacon
in SDR - Software Defined Radio
Posted
Not sure what D4CDAB as it isn't on http://www.airframes.org/
Airframes matches the ICAO code to Rego and Rego history.