Saturday 17 November 2012

Clickjacking attack and its variants

Clickjacking is one of the most used attacks by spammers on Facebook. Almost in every month, we face a new type of clickjacking attack on Facebook. Clickjacking is a new type of attack which is performed on web applications. And most of the users do not know about the attack. This attack is complicated and little difficult to understand. It requires some programming skills to perform the attack as it is an advance attack. The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008. These are the persons who first described the attack.

ClickJacking: Clickjacking word comes from the term “Click Hijacking”. This attack is also known as User Interface redress attack, UI redress attack or UI redressing. In this attack, attacker hijacks the users click. This attack is tricking a user to click on a link which is different to what the user is clicking. It means a user will try click on a different link, but the action will be performed on different link. Attacker uses iFrames and CSS to create a good looking page to fool the victim. I know it’s confusing but I am trying to explain the attack in simple words.
Suppose there is webpage A which is created by the attack. In this web page, attacker has included an IFRAME which loads some other website B. And the frame is included in a way that only a button of the page B is visible on the page A. And the border and frame is not visible. The content on Page A around this frame in put i a way that the button on the frame seems to be the part of the page A. Now think the page B is the Facebook and the button is the like button of a page, but it is included on the page A in a way that it does not look like a like button. Misleading User Interface implies that the button serves a different purpose and is a part of site A. On the page A, attacker is claiming something else and requesting users to click on the button.  But user needs to be login on the website B to perform the attack. If the user is not logged in on Facebook, then clicking on the like button will ask him to login and the attack will fail.
Example: There is a web page with a video of a song and a button to play the song. But there is a Amazon affiliate button just inside the play button. As the user clicks on the play, the click will be transformed to the affiliate button. In real, the user tries to "play" the video but actually he/she "buys" the product from Amazon.
I think now it’s clear why this attack is known as click hijacking. But sometimes layers are not exactly the layers. They are the frames which are used to load the external pages on a clickjacked web page. So hackers can use frames or layers to trick a user.
How this attack is performed:
First of all we need to prepare the page where we will load the element from the target website. In this attack we use 2 iframes. First of all we will create a inner page on which we position the button (which we want to be clickjacked) at the top right corner of the page. Then we will load this inner page in a second page suppose it is outer. In the outer page we will keep the frame too small to show only the button from the page.
While creating and loading the target website in the inner page, use the frame code given below.
<head>
<style> body { display : none;} </style>
</head>
<body>
<script>
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>

We have given the ID inner to this frame.  Scrolling=“no” will remove the scroll bars from the frame and frameborder=”none” will remove the border from the frame. This makes the frame look like the part of some page elements. No one can tell that the content is being loaded from an iframe.
Now position this page with CSS to make sure that the subscribe button (which we want to clickjack on some other page) is at the top left. Change the left and top positions to change to location of the frame content on the page.
#inner { position: absolute; left: -600px; top: -600px ;}
After positioning the button at the top left corner of the page, now we will add this page to any page where we want to add this button. Also on the target page, we will use same rules of scrolling and borders. This will force users to think that the button is the part of the page. Add text and other contents around the button. Design a proper layout and theme and add texts according to your button.  You can also request visitors to click on the button by posting some request messages.
Some popular clickjacking incidents: These are some popular incidents of the attack which attracts security researchers attention.



    • Adobe vulnerability which allows attackers to trick enable their webcam and microphone. It was later patched by Adobe.




  • Likejacking attack on Facebook to increase fan page likes.

  • Facebook dislike button scam which posts false messages from the affected profiles.

  • Trick users to follow someone on twitter. It is used by spammers to increase twitter followers.

  • Most of the strange video posts on Facebook which spreads automatically on friend's wall.


Other variants of the attack:
Cursorjacking: Cursorjacking is another type of attack in which the cursor of the users screen is displaced from the position user perceives. So user thinks cursor some other place while it is not there. Thus attacker managed to hijack user’s actions on the webpage.
See the nice demo of cursorjacking attacks on the links below.
http://koto.github.com/blog-kotowicz-net-examples/cursorjacking/
http://www.mniemietz.de/demo/cursorjacking/cursorjacking.html
In these demos, you will see how in actual the attack works.
The most important fact about this attack is that no successful prevention methods have been implemented yet. You can also create your demo page to learn more about the attack. See the java script code below.
<body style="cursor:none;height: 1000px;">
<img style="position: absolute;z-index:1000;" id=cursor src="cursor.gif" />
<button id=fake style="font-size: 150%;position:absolute;top:100px;left:630px;">Please click me</button>
<div style="position:absolute;top:100px;left:30px;">
<a href="#" onclick="alert(/you tried to click on button but you actually clicked on the link /)">Want to click here</a>
</div>
<script>
var oNode = document.getElementById('cursor');

var onmove = function (e) {
var nMoveX = e.clientX, nMoveY = e.clientY;
oNode.style.left = (nMoveX + 600)+"px";
oNode.style.top = nMoveY + "px";
};
document.body.addEventListener('mousemove', onmove, true);
</script>
</body>
NOTE:  In the code given above, change the fake cursor icon’s URL at cursor.gif

You will see that the original cursor is not on the page and the fake cursor is moving. When you try to click on the “Please Click Me” button, the fake cursor clicks on the link at the left side of the page. The code is easy to understand.  Use of NoScript addon can prevent the attack upto a good level. So always try to use that add-on on your firefox web browser.

Likejacking: Likejacking is used for those clickjacking attacks which are related to facebook. In Likejacking attack, attackers tricks website visitors to like a facebook page and post the status message about the website on their wall. This attack was on the peak more than a year ago when After that facebook has managed to get the solution to reduce the attack up-to a level in Facebook's hackathons. Although, Facebook has implemented some security techniques to prevent the attack, but the attack is still possible on the social networking website. And we see a new type of clickjacking or likejacking attack on the facebook which goes viral in few days and flood our walls.
Prevention:
This attack can be prevented from both server and client side. Users can also use some tools and scripts to protect themselves from the attack. And web masters can also use some security measures to protect their visitors and users from the attack.
Client side methods to prevent the attack
NoScript
NoScript is a nice Firefox addon which works on both desktop and mobile version of the browser. It This firefox addon prevents execution of unauthorized malicious scripts on the client browser. It also prevents users from clicking on invisible or "redressed" page elements of embedded documents or applets. This is the best security tool available for free in the market which protects against clickjaking and cursorjacking attacks. Each new update of the scripts adds more security level to the add-on. It is recommended to use No-Script if you use Firefox web browser.
Ghostery
Ghostery is also a nice browser extension which is widely used as a protection against clickjacking attack. This is a privacy browser extension which is available for all the major web browsers. This nice extension         enables users to detect and control tags, web bugs, pixels, and beacons on the webpage which can collect data from their web browsers.
GuardedID
GuardedID is a commercial paid product. Users need to buy this which works on FireFox and Internet explorer. This tool includes client-side clickjack protection for users on their Internet Explorer and Firefox browsers. This tool forces all the frames to be visible on the page. This tool does not interfering with the operation of legitimate iFrames.
Server side methods to prevent the attacks:
X-FRAME-OPTIONS:
This was added with the release of RC1 of Internet Explorer 8. After this website developers have an option to add a page header to detect and prevent frame-based UI redressing. This new added X-Frame Options is used to mark the response that the page should not be framed. There are two options with the tag.
DENY: It prevents everyone to frame the web page
SAMEORIGIN: It only allows the current site to frame the content.
Many web browsers have also adopted this. But this has some limitations. In this method, web developers need to deploy the header policy in each page which can make the development part complicated. Many web proxies also modify header add strip some part. If a web proxy strips the X-FRAME-OPTIONS header then use of this method is waste and website will lose its framing protection.
Defending with Frame Breaking Scripts:
In this method, we embed a script on the web page which we do not want to be framed. Although there are many methods and scripting have been suggested to protect with this method. In these scripts, developers try to force loading the parent page on all the attached frames. So that attacker couldn’t load any attacking buttons or links from some other websites.
All the protection scripts are browser dependent so no proper security mechanism have been deployed yet.
But the best and secure script it this.

<head>
<style> body { display : none;} </style>
</head>
<body>
<script>
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>
Conclusion: This is an advance attack and most of the web developers and users do not know about the attack. This attack is already famous on Facebook. There are various popular video clickjacking scams. Most of the developers also think that protection against CSRF will also fix the clickjacking issue. But this is not the true fact. As you can see that it is just a framing and uses the same page. So referrer checking and token is not going to protect against the attack.
As I have already discussed common and popular defenses against the attack, we developers must use any of the server side method. Users are not too technical to use all these prevention methods. But all these methods can be bypassed with some targeted attacks. As we have already seen that facebook is much affected by this attack while it spends millions on the security.
It is my personal advice to use NoScript add-on while using Firefox web browser. NoScipt add-on is the only successful prevention. NoScript add-on protects users from the clickjacking and other variants of the attack.

Additional reading:
http://www.sectheory.com/clickjacking.htm
http://noscript.net/faq#qa7_1
https://www.owasp.org/index.php/Clickjacking
http://www.contextis.com/research/white-papers/clickjacking/Context-Clickjacking_white_paper.pdf

Friday 16 November 2012

How To Skip Redirection of Linkbucks, Adf.ly and Other Ads

On the internet, everything is fine but some websites irritate us by showing too much ads. These ads are irritating when we click on a link and we have to wait for some redirection ads. These ads can only be skipped after after 5 seconds.


If you want to get rid of these kind of ads, you can use this nice browser script. This script is called Redirection Helper. It can be installed on Firefox with the help of Grease Monkey and directly to Google Chrome. It not only removed the annoying redirection ads, but also removed Ad Masks.


This script supports these redirection ads

  1. adf.ly

  2. urlcash.net

  3. linkbee.com

  4. lnk.co

  5. pushba.com


This script supports these Ad masks website

  1. turboimagehost.com

  2. imagevenue.com

  3. imageporter.com

  4. imagedunk.com

  5. imageswitch.com

  6. picleet.com

  7. picturedip.com

  8. pixhost.org


 Follow these steps to Install Redirection helper in Google Chrome


IF you are Google Chrome, just click on the link and visit the official website. Find the Install button at the top right corner of the page.
How To Skip Redirection of Linkbucks, Adf.ly and Other Ads

Follow These Steps to Add Redirection Helper in Firefox


In Firefox, we can not directly install this script. First of all, we need to install GreaseMonkey Addon. After installing GreaseMonkey, You will see a monkey icon at the top right corner of the browser. Click on it and then click on "New User Script."

Then install Redirection Helper script to Firefox.

How to Find Person Behind the Email Address

You got an email from an unknown sender and now you want to know about the person. You can directly ask via email. But, sometimes we find it hard or due to circumstances, we cannot ask directly to the person. Then how to do know who is behind the strange email?


Internet is the great resource of finding anything. If the person has some online identity and used the email address in some forums and websites, you will easily find information about the person from Google. Simply, write email address in the search box and press enter. You will find so many useful information about the person from Google search. But what if the person never used the email id for any these kind of activity  Google can not help you enough and you need to perform something else.

1. Find the location of the person by Email Headers


First thing which you can do is finding the location of the person. You can easily do it with the help of email header which contains the IP address of the sender. Open the email header and search for the entry “Received: from" followed by the IP address of the person. In case, you find multiple entries, use the last one.
Now paste this IP address in the IP tracing tools and you will get the IP of the person.

But this method has a limitation. If the email has been sent by using GMail's web interface, you will not get the original IP address of the person. As we know that IP addresses are sensitive information and can be used to get the location of a person. Gmail hides sender's IP address information from outgoing mail headers.

2. Use Identity Search Tools


Use Identity Search Tools to find person behind email


Pipl is a nice identity search tool which can help you in finding a person. Identity search tools are used to find the online identity of a person by his name or email. It will give you the list of all available online profiles, blogs and website that are associated with that email accounts.  It also lists some images so that you get an idea about the person.
With this tool, you can also search all the available profiles of a person from a country with the help of name and country. In most of the cases, this too brings better results

3. Use Facebook Search


Facebook search by email

Facebook also allows users to search other users by email id. If a person has not blocked website in search results, you can easily find about the person on Facebook. Facebook now has more than 1 billion people so there’s a high probability that the sender may also have a Facebook profile.
If you got the Facebook profile, you will be able to get more information about the person.
But it will not help you if the sender uses different email address for social media accounts.

Collection of best hacking books

If you are curious about learning hacking and want to have some good books, this collection will surely help you. First of all, i want to say few words about Indian readers. Never run after self claimed hackers who always fail to show proof of what they have done. In India, hacking workshop is now a big business. Persons who come as trainer show themselves as big hackers but only few of them have real knowledge. I also know few trainers who arrange this kind of workshops and have great command over what they teaching. But most of the Indian self claimed hackers are fake. They publish hacking books by copying other writers content without giving them credits. There are many big names who have done like this. I am just warning to all of you that hacking books written by those writers are only copy paste material and do not have clear idea about what they are writing.


If you want to read some original and real material to know what is hacking, these are some best hacking books. You can also download these books by some tools which allow users to download books from Google Books.
Collection of best hacking books

Hacking For Dummies 
By Kevin Beaver, Stuart McClure


Dummies series always have nice books with unique content. This books also covers some basic part of hacking for beginner students. Apart from hacking, this book also covers about internet safety and protection from hackers.


Hacking the Human: Social Engineering Techniques and Security Countermeasures
By Ian Mann


This book covers one of the most powerful attack, social engineering. Social engineering is really a powerful attack and exploit human nature. This book covers sources of risk from social engineering and basis human vulnerabilities.



Ceh Certified Ethical Hacker Study Guide
By Kimberly Graves


This book covers basic about ethical hacking. It is one of the best guides on CEH preparation.



Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems
By Ec-Council


This book is also a nice guide for CEH preparation by EC-Council. EC-Council is one of the best guide that covers topics in offensive network security, ethical hacking, and network defense and countermeasures.



Hands-On Ethical Hacking and Network Defense
By Michael T. Simpson, Kent Backman, James Corley


This book covers penetration testing methodologies in details. This covers all the latest methods of security and penetration testing. Hands-On Ethical Hacking and Network Defense, Second Edition provides a structured knowledge base to prepare readers to be security professionals who understand how to protect a network by using the skills and tools of an ethical hacker.



Hacking: The Art of Exploitation
By Jon Erickson


This is a nice book on hacking written by Jon Erickson who explains how arcane hacking techniques actually work.

Thursday 15 November 2012

free download e book : Hacking The Invisible Network




iDefense – Hacking The Invisible Network

 

 
Wireless networking technology is becoming increasingly popular but at the same time, had introduced many security issues. A wireless local area network (WLAN) allows workers to access digital resources without being tethered to their desks. Tools to identify WLANs, break WEP keys and capture traffic is discussed in this book.

 

Download Here

 
http://hotfile.com/dl/78833000/2afe26c/iDefense.rar.html

free download ebook Ethical Hacking (EC-Council Exam 312-50): Student Courseware

 



 
EC-Council E-Business Certification Series

Copyright © by EC-Council


Developer - Thomas Mathew

Publisher - OSB Publisher


ISBN No - 0972936211


 
By explaining computer security and outlining methods to test computer systems for possible weaknesses, this guide provides the tools necessary for approaching computers with the skill and understanding of an outside hacker.




Introduction

This module attempts to bridge various aspects of ethical hacking by suggesting an approach for undertaking penetration testing. There are different ways of approaching a penetration test.



  • External Approach



    • With some prior knowledge


    • Without prior knowledge




  • Internal Approach



    • With some prior knowledge


    • With deep knowledge




Whatever the approach adopted, it is a fact that penetration testing is constrained by time and availability of resources, which varies from client to client. To effectively utilize both these telling factors, penetration testers adopt some form of structure or methodology. These can be checklists developed by consulting practices, widely available resources such as Open Source Security Testing Methodology or a customized attack strategy.

There are is no single set of methodology that can be adopted across client organizations. The skeletal frame of testing however is more or less similar. The terms of reference used for various phases may differ, but the essence is the same. As discussed in preceding modules, the test begins with:



  • Footprinting / Information Gathering phase


  • Discovery and Planning / Information Analysis phase


  • Detecting a vulnerability / security loophole


  • Attack / Penetration / Compromise


  • Analysis of security posture / Cover up / Report


  • Clean up


The general objective of a penetration test is to reveal where security fails. The result of a penetration test can be:



  • successful attack - when the objective is met within the scope of the attack


  • a partial success - when there has been a compromise, but not enough to achieve the objective


  • a failure - when the systems have been found to be robust to the attack methodology adopted


Foot printing / Information Gathering phase:



  • Client site intelligence


  • Infrastructure fingerprinting


  • Network discovery and Access point discovery


Discovery and Planning / Information Analysis phase



  • Target Identification


  • Resource and Effort Estimation


  • Modeling the Attack strategy (s)


  • Relationship Analysis


Detecting a vulnerability / security loophole



  • Vulnerability Analysis


  • Scanning


  • Enumeration


  • Zeroing the target


Attack / Penetration / Compromise



  • Exploring viable exploits (new / created / present)


  • Executing the attack / Alternate attack strategy


  • Target penetration


  • Escalating the attack


Analysis of security posture / Cover up / Report



  • Consolidation of attack information


  • Analysis and recommendations


  • Presentation and deliverables


Clean up



  • Clean up tasks and procedures


  • Restoring security posture


Download Here:
http://www.ziddu.com/download/13121682/Ethical_Hacking_and_Countermeasures_EC_Council_Exam_312_50_.rar.html

CEH V7 (Certified Ethical Hacking version 7) Study books Free Download

CEH V7 (Certified Ethical Hacking version 7) is the well known ethical hacking and network security-training program. It meets the security standard and is aimed to train security professionals. CEH V7 training course contains all the latest tools and exploits from underground hackers.
CEH V7 Study books Free Download

If you are preparing for the CEHv7 and looking for the exam guides, you can download CEHv7 eBooks to prepare well.

These are the main chapters in CEH V7


  1. Introduction to Ethical Hacking

  2. Footprinting and Reconnaissance

  3. Scanning Network

  4. Emuration

  5. System Hacking

  6. Trojans and Backdoors

  7. Viruses and Worms

  8. Sniffers

  9. Social Engineering

  10. Denial of Service

  11. Session Hijacking

  12. Hacking Webserver

  13. Hacking Web Applications

  14. SQL Injection

  15. Hacking Wireless Networks

  16. Evading IDS, Firewalls and Honeypots

  17. Buffer Overflows

  18. Cryptography

  19. Penetration Testing


CEH V7 Study books Free Download