My Favorite Firefox Search Engines - Add-ons

Catagory: Techs


This are some of my frequence use Firefox Search Engines Add-ons.
msnLive.com - The Reason why I use this? MSN seach engine have some features that google don’t. For example you can search by IP (if you would like to know what website is living on this IP). Usually poeple use this to check what are the virtual hosts on the particular server. type this for example. ip:<x.x.x.x>
WikiPediaWikipedia - Ya, I like WIKI. With Wikipedia you can easily find alots of useful info for almost everything under the sun ( sooner or later due to public contribution) :P

YouTubeYoutube - ‘Youtubing’ become hobby of many peoples now day. If you often search movie clips over Youtube, you probably can try this.

WhoisWhois Lookup - How do you check on domain whois usual? through some whois website? Probably you can do it more faster through this Firefox search engine add-on.

No Comments

Salute to Opera legend ~ Pavarotti

Catagory: Music

Luciano Pavarotti The greatest tenor had gone. I think people will not forget your great voice. After couples of century later, people will still playing your song. R.I.P
No Comments

My Favorite Firefox Extensions

Catagory: Techs

  • speed-dial.pngSpeed Dial - Probably inspired by Browser - Opera. I used Opera because of the Speed Dial feature attract me the most. Now Firefox can also have speed dial feature. Speed Dial will be automatically loaded in blank new windows. It can also load in blank new tabs.
  • firefox extension - web developerWeb Developer - 1 of my favorite firefox extension, probably I can’t live without :P. I think many peoples love this too (web developer, designer, pen tester). There are too many great features come together with this tools. For those people who I mentioned who work in this line, try it if you don’t.
  • DownThemAllDownThemAll - a powerful firefox download manager. Beside just a download manager like other do, DownThemAll can list you the current browser’s link to be downloaded. Like some other download manager, it support resume/pause download, split segment (contemporary) download,etc..
  • FireFTPFireFTP - FTP that integrate into your Firefox. This client FTP can be handy if you have any better stand alone ftp client installed. FireFTP is easy to use (good for new FTP user) since it has no advance feature like other FTP client do. For developer/ designer, or some of my friends who connect to my files pool, they might love this.
  • GooglePreviewGooglePreview - GooglePreview is a extension that give you thumbnail preview when you ‘googling’ over google search engine. Without entering to the actually website, it will give you a preview of how is the website look like..and of because the thumbnail is not real time update, so sometimes you might see difference from the thumbnail and the actual website.
  • IE TabIE Tab - This is really a cool extensions and probably this the reason why my Internet Explorer seldom to be used. IE Tab Embedding Internet Explorer in tabs of Mozilla Firefox, which mean without open with your Internet Explorer you can view the page as shown as in Internet Explorer under Mozilla Firefox. It has a switch tab for you to switch among Firefox and IE. This could be handy if you come across some website Firefox browser incompatible, just 1 click you will be jumped from Firefox to Internet Explorer.
  • ShowIPShowIP - ShowIP show the IP address of the current page in the status bar. This might be useful if you would like to check what the server IP addres (usually you don’t care :P), and sometimes you can easily spot a website with running on multiple IP. Beside show you IP, ShowIP also allow you to check the whois IP and hostname.
  • Live HTTP HeadersLive HTTP Headers - This is a tool to allow you to view HTTP headers of a page while browsing. From the headers, usually you can expect to see the web server banner, session ID. With this tools you can actually make it work like a web proxy. You can tamper/alter date and resend to server.
  • Server SpyServer Spy - This tool will show you the web server banner (eg: IIS5 , Apache) on the task bar. A very simple tool but is a good piece of information to be display on the status bar.
  • SwitchProxy ToolSwitchProxy Tool - This is some sort like Proxy Manager Tool for you to easily manage and change your browser proxy setting. This tool could be handy if you often change your proxy setting (eg: proxy connection at office, direct connection at home), you can use put in some ‘free public’ proxy to keep you self anonymous while surfing to some website. Alternatively, you can try other firexfox extentiont called Torbutton.
  • Tamper DataTamper Data - This tool is more for poeple who would like to do web application testing proposes(for security audit / web development testing). Similliar with Live HTTP Headers, it allow you to trace and time http response/requests, view and modify HTTP/HTTPS headers and post parameters. Also with come with some basic build-in string to you to test for XSS and SQL injection.

to be continue..

No Comments

Pen Test Tools for Web Services

Catagory: Internet Security

WSFuzzer

This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform.

Features of WSFuzzer:

  • Attacks a web service based on either valid WSDL, a valid endpoint & namespace, or it can try to intelligently detect WSDL for a given target.
  • It gives you the ability to handle methods with multiple parameters. Each parameter is handled as a unique entity and can either be attacked or left alone. As of version 1.8.1 this was taken one step further, there are now 2 modes of attacking parameters. The traditional mode is unchanged and is now called “individual” mode due to the fact that each param is fuzzed individually. The new mode is “simultaneous” and attacks multiple parameters simultaneously with a given data set.
  • The fuzz generation (attack strings) consists of a combination of a dictionary file, some optional dynamic large injection patterns, and some optional method specific attacks including automated XXE and WSSE attack generation.
  • The tool provides the option of using some IDS Evasion techniques which makes for a powerful security infrastructure (IDS/IPS) testing experience.

Ddemonstration available at : http://www.neurofuzz.com/modules/software/vidz.php
WSDigger
WSDigger is a web services testing framework. WSDigger contains sample attack plug-ins for SQL injection, cross site scripting and XPATH injection attacks. A web service vulnerable to XPATH injection is provided as an example with the tool. By releasing the framework as an open-source tool, users are encouraged to develop and share their own plug-ins.

No Comments

XSS Tunnelling Demo On WordPress

Catagory: Internet Security

XSS Tunnel is a proxy which allows you to traffic any HTTP traffic through a Cross-site Scripting (XSS) Channel opened by XSS Shell. The Demo below shows how to setup an XSS Channel between a victim and an attacker so that an attacker to control a victim’s browser by sending it commands.

This demo show the attacker post an comment with put in the malicious URL on the victim’s blog. All you need to do is to trick the victim to go your malicious website where you have your XSS channel setup. Once the victim click on the malicoius URL, then that’s is how the story began:

Demo of XSS Tunneling with hijack WordPress’s admin authenticated session.

No Comments

BBQ Party - Genting Sempah, Janda Baik

Catagory: Photo Blog
No Comments
Total Pages:9First Post<Previous PostNext Post>Last Post