Escolar Documentos
Profissional Documentos
Cultura Documentos
With Firefox
Michael Schearer
1
Who am I?
2
Who am I?
4
Agenda
5
Penetration Testing
Methodologies
Focus is on freely available methodologies
Open Source Security Testing Methodology
Manual (OSSTMM)
http://www.isecom.org/osstmm/
Open Web Application Security Project
(OWASP)
http://www.owsap.org/index.php/Main_Page
NIST Special Publication 800-42 and NIST
Special and Publication 800-115 (draft)
http://csrc.nist.gov/publications/PubsSPs.html
Penetration Testing Framework
http://www.vulnerabilityassessment.co.uk/Penetration
6
Penetration Testing
Methodologies (cont’d)
7
Pen Testing the Web with Firefox
Stand-Alone
Website-based tools
Google Hacks
Firefox plug-ins/extension
Recommended Setup
8
Using Firefox Stand-Alone
Out of the box
Primarily passive reconnaissance
Whois – http://whois.net,
http://www.samspade.org
DNSStuff – http://www.dnsstuff .com
NetCraft (toolbar or browser-based)
EDGAR filings
Google
Names, locations, email addresses, etc.
Mailing lists, newsgroups
9
Using Firefox:
Website-Based Tools
Website-based tools
Leak checkers
10
11
No, that’s
not my
IP…
Tor ;-)
12
13
On-line Hash Crackers
http://gdataonline.com/seekhash.php
http://www.passcracking.com
http://hash.insidepro.com/
http://www.md5this.com/
http://gdataonline.com
http://us.md5.crysm.net
http://md5.rednoize.com
http://www.milw0rm.com/md5
http://shm.hard-core.pl/md5
14
15
16
Using Firefox –Plugins and
Extensions
FireCat
60+ extensions and growing
Strengths
Weaknesses
A few examples
Exploit-Me
Tamper Data
Passive Recon
17
Proxying / Web Information
Utilities FireCat 1.4
Gathering
Security
Auditing
Editors
Network
Utilities
18
Exploit-Me
19
Tamper Data
Acts like a proxy server
Allows you to view and modify HTTP/HTTPS
headers and post parameters
Trace and time http response/requests
Popular for hacking e-commerce sites that
don’t do server-side validation (i.e., of price)
Changing high scores on flash-based games
22
Passive Recon
Uptime reports
23
Passive Recon - Menu
24
Passive Recon – DNS Info
25
Passive Recon – Domain
Tools
26
Passive Recon – MX Records
27
Passive Recon – What’s This Site
Running
28
Passive Recon – Link:
29
Other noteworthy add-ons
Proxies
Tor
Paros Proxy
SPIKE Proxy
Burp Proxy/Suite
Web Frontends
Metasploit
Fast-Track
Inprotect (web interface for Nessus and Nmap)
BASE (Snort)
Others?
31
32
Recommended Setup
Profiles
Concerns:
Too many extensions!
Duplicate tasks
Memory use/time to load
Fixes:
Profile Manager Mode
“everyday”
“pen testing”
Install/load only those you use
regularly
34
Recommended Setup
Add-ons
Concerns:
Add-on portability
Installing multiple add-ons manually
Fixes:
FEBE (Firefox Environment Backup
Extension)
CLEO (Compact Library Extension Organizer)
OPIE (Ordered Preference Import/Export)
35
Recommended Setup
Incompatible Add-ons
Concerns:
Loss of functionality
Slow update to FF3 compatibility
Fixes:
Different add-on, same functionality
Manually edit add-on:
Sign in
Ignore version check
Download .XPI
Edit “maxVersion” in install.rdf
Update archive and install
36
Incompatible Add-ons
Places/Things to hack “safely”
OWASP’s WebGoat
http://www.owasp.org/index.php/OWASP_WebGoat_Project
38
Conclusion
Penetration Methodologies
Using Firefox
Stand-alone
Website-based tools
Google Hacks
Firefox plugins/extension
Firefox as a Front end
Recommended Setup
The Future
39
Questions ?
40
Credits
John Fulmer
Church of WiFi
Chuck Baker
Justin Morehouse 41
Pen Testing the Web
With Firefox
Michael Schearer
42