DingleBerries Posted September 15, 2008 Share Posted September 15, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
Swathe Posted September 15, 2008 Share Posted September 15, 2008 lol another shameful Vista user lol. I know where you are coming from :D Quote Link to comment Share on other sites More sharing options...
SmoothCriminal Posted September 15, 2008 Share Posted September 15, 2008 Why all the vista hate? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 15, 2008 Author Share Posted September 15, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
KeelBug Posted September 15, 2008 Share Posted September 15, 2008 You could try something like Greasemonkey to change the form on the page but it really depends how the page is handling the form. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 15, 2008 Author Share Posted September 15, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 15, 2008 Author Share Posted September 15, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
Steve8x Posted September 15, 2008 Share Posted September 15, 2008 hmm.. are you logging into that site, from a web browser? Its just a login form which has that hidden value right? Well You could easily change it if so... here's what I would do... First use a program like WPE pro(Winsock Packet Editor) Not to edit any packets, but just to read them and see what the packet looks like when you post the form... So attach WPE(or other packet logging app) to your web browser that you use(do so when your at the login page already so you don't capture unnecessary packets). Then if using WPE make sure to press the > (play) button to start logging packets. Then login to your website... since your posting a form it will be a POST request. it will look a little something like this: POST /login.php HTTP/1.1 Host: yourwebsite.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 connection: keep-alive Referer: http://www.yourwebsite.com/homepage.php Content-Type: application/x-www-form-urlencoded Content-Length: [lengthofstringbelow] username=DingleBerries&password=LamePassword&os=WINDOWS_VISTA_ALL The idea is to inject some code into your web browser which will do like how WPE does, hook winsock, and when that POST packet which has the hiddenfield 'os' is about to be sent... you modify the packet and change os= to say "os=MAC_OSX" then you can modify what gets posted for os without changing the content of the web page ;) I'm thinking that might be what your looking for, although I don't fully understand. Who is going to be looking at what "os" you have? Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 15, 2008 Share Posted September 15, 2008 I want to change the OS my network/any webpage see me as running. This is an excerpt of code from the login screen. https://addons.mozilla.org/en-US/firefox/addon/59 Quote Link to comment Share on other sites More sharing options...
Swathe Posted September 15, 2008 Share Posted September 15, 2008 Why all the vista hate? Just teasing lol Quote Link to comment Share on other sites More sharing options...
JJB Posted September 16, 2008 Share Posted September 16, 2008 I use tamper data (FF addon) for all my variable messing. You might find there are further vulns if you do some injections in hidden variables, some web devs seem to think that if they are hidden, they dont need to filter them... Silly catface Quote Link to comment Share on other sites More sharing options...
vanguard Posted September 17, 2008 Share Posted September 17, 2008 You should think of changing to linux. If you do, there is a nice little software, which is faking the os, so that it seems sike another one. Search at "deception tool kit". This is rather old, but still working. Quote Link to comment Share on other sites More sharing options...
Swathe Posted September 17, 2008 Share Posted September 17, 2008 You should think of changing to linux. If you do, there is a nice little software, which is faking the os, so that it seems sike another one. Search at "deception tool kit". This is rather old, but still working. See link below for windows. https://addons.mozilla.org/en-US/firefox/addon/59 Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 17, 2008 Share Posted September 17, 2008 See link below for windows. Not just Windows, any OS Firefox runs on. Quote Link to comment Share on other sites More sharing options...
Swathe Posted September 17, 2008 Share Posted September 17, 2008 Yeah I said windows because Vanguard said You should think of changing to linux. If you do, there is a nice little software, which is faking the os, so that it seems sike another one. Search at "deception tool kit". This is rather old, but still working. Just poiinting out there was no need to stwitch to Linux to this one particular thing although switching to linux is a better option period lol Quote Link to comment Share on other sites More sharing options...
Esqulax Posted September 18, 2008 Share Posted September 18, 2008 Could you not just use a JavaScript injection to change the form value on the fly? Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 18, 2008 Share Posted September 18, 2008 Could you not just use a JavaScript injection to change the form value on the fly? You could, but that wouldn't stop the server from knowing what OS and browser you are using. The only way to change this is by altering (I suppose it comes under the definition of spoofing) the useragent of your browser. https://addons.mozilla.org/en-US/firefox/addon/59 Dose it need drilling in any more? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 18, 2008 Author Share Posted September 18, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 18, 2008 Share Posted September 18, 2008 So what i was trying didnt work. I wanted to see if i could be granted access without loggin in. Even if i change my Mac address(to a mac linked one) and change my UAP i am still greeted with a login screen, however if i log in wirelessly i do not need to use the Cisco Clean Access tool and the shity slow Virus "protection" that the school has. Ill play around more, but i do not see a way around this atm. off to scan ports so i can get on irc :/ Did you try this: https://addons.mozilla.org/en-US/firefox/addon/59 *drill noises* Quote Link to comment Share on other sites More sharing options...
vanguard Posted September 18, 2008 Share Posted September 18, 2008 I think, I understood it false. You want to hide the OS of the client running firefox ? Well, so let me tell you, you cannot hide the OS by changing plugins of firefox. An OS is beeing recognized by some signatures, but also on other things, like special active ports, special answers, which the client is giving and a lot of other things, too. Check out, how nmap is recognizing an OS. I suppose there will be articles in the internet somewhere. Anyway, if you want hide your OS from attacks of evil servers, I do not see any other way, as to change your OS or use a proxy for hiding. O.k., I admit, you will be able to cheat normal webservers, but "hacker"-webservers you will not be able to cheat. Feel free to correct me. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 18, 2008 Author Share Posted September 18, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 18, 2008 Share Posted September 18, 2008 I think, I understood it false. You want to hide the OS of the client running firefox ? Well, so let me tell you, you cannot hide the OS by changing plugins of firefox. An OS is beeing recognized by some signatures, but also on other things, like special active ports, special answers, which the client is giving and a lot of other things, too. Check out, how nmap is recognizing an OS. I suppose there will be articles in the internet somewhere. Anyway, if you want hide your OS from attacks of evil servers, I do not see any other way, as to change your OS or use a proxy for hiding. O.k., I admit, you will be able to cheat normal webservers, but "hacker"-webservers you will not be able to cheat. Feel free to correct me. omg answer to problem = https://addons.mozilla.org/en-US/firefox/addon/59 Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 18, 2008 Author Share Posted September 18, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 18, 2008 Share Posted September 18, 2008 It worked but but it didn't work what? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted September 18, 2008 Author Share Posted September 18, 2008 Information taken down. Results will be posted at a later time. Thank you, and sorry. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.