Tag: user agent string

Social Engineering Toolkit – User Agent Switcher – setuas.sh

by on Jan.20, 2012, under Code, Posts

Imprimis, if you are not familiar with the concept of social engineering, take a look at:

https://en.wikipedia.org/wiki/Social_engineering_(security)

If you are looking for a good book on this topic, then I would highly suggest buying a copy of:

http://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?ie=UTF8&qid=1327118815&sr=8-1

As for software implementations that you can use to leverage social engineering attacks on targets, David Kennedy‘s Social Engineering Toolkit (SET) is probably one of the best, if not only social engineering frameworks that I know of. SET does not really rely on vulnerable services which I believe is one of the most useful aspects of this toolkit. What you do have to rely on is social engineering. Services and software will be patched while humans will most likely always be vulnerable to social engineering attacks due to misplaced trust.

Despite the fact that this framework is practically the only of its kind, it does have some limitations in certain realms, namely the web site cloning feature. The issue I have ran into with SET is due to the user agent string not being easily switchable. To switch the user agent string for SET, you must manually edit the cloner.py (which is located in/src/webattack/web_clone/ directory) .

The default user agent of SET is:

Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6

This means that when the Social Engineering toolkit makes a request on a website and clones it, the response of the web service is based on this user agent string.

What if I want to clone a website that is the mobile version? What if I want to clone a website that checks to see if end users are Microsoft Windows users? This is where the Social Engineering Toolkit User Agent Switcher(setuas.sh) is applicable. This is a very simple Bash shell program that edits the user agent string in the cloner.py module of SET to whatever you like. Simply execute this:

./setuas.sh /pentest/exploits/set/src/webattack/web_clone/cloner.py

You will then be prompted to enter in a user agent string which for instance could be:

Mozilla/5.0 (Linux; U; Android 2.3; en-us) AppleWebKit/999+ (KHTML, like Gecko) Safari/999.9

For the moment this is just a quick hack to address the issue. I believe that the SET team should add an option in the config file (/set/config/set_config) for end users to adjust accordingly.

setuas.sh is located here:

http://zitstif.no-ip.org/set/setuas.sh

If you want to just see the plain text version of this file, it is located at:

http://zitstif.no-ip.org/set/setuas.txt

Leave a Comment :, , , , , , , , , , , , , , , , , more...

Smart Phone Privacy and Steps Towards Anonymizing the Nokia N900

by on May.07, 2011, under Posts

Within current times a lot of people are now using and relying on smart phones. Part of what makes these devices so ‘smart’, is their ability to gather information on the user and use this information to better serve the user. Per contra, the problem with this is that a lot of private information is being gathered which can include longitude and latitude coordinates.

Even when you take pictures with some smart phones, longitude and latitude information can be tagged on as metadata. (See: http://icanstalku.com/ )

What is ironic, is that from my personal experience and information gathering locally, a lot of people seem to not care about this or privacy. I think this is where the government needs to step in and do something. (Which the US government appears to be making steps towards this: http://www.nationaljournal.com/tech/online-privacy-concerns-fuel-drive-for-do-not-track-legislation-20110506 )

My concern with this, is that if people will really care to opt out of tracking and if they do opt out of tracking, then are the services that they use going to be a lot less useful?

Pertaining to the iPhone, I think this video gives you really good technical insight into the tracking issue: http://www.securitytube.net/video/1774

Now onto my beloved Nokia N900. I have taken steps towards anonymizing the N900 and I will show you what I did.

1.) Go to settings and then look for ‘Location’

2.) Disable GPS and disable network positioning.

3.) Under internet connections set ‘Connect automatically’ to ‘Always ask’.

4.) If you’re planning on using the N900 as a tablet and do not want to be tracked via triangulation, to mitigate this you can do as follows:

a.) Pull up the terminal and make sure you are root. (sudo gainroot)

b.) You also want to make sure you have enabled the extra repositories

c.) Install this following application via: apt-get install cell-modem-ui -y

d.) Now to enable the tablet mode and mitigate the possibility of being tracked via triangulation, click the power button on the top of the N900 and a new button should be there that says, ‘Tablet’

e.) Simply tap on this, and your N900 is now just acting as an internet tablet.

5.) tor is available for the N900, you can install this simply via: apt-get install tor -y

6.) You can use proxychains but only under a chroot environment. To use it do as follows:

a.) ssh -D 9050 user@somehost

b.)debbie bash (This is to get into the chroot environment without having to start a GUI session. 🙂 )

c.) proxychains ssh user@someotherhost

7.) You can spoof the MAC address of the wlan0 interface via: (as root) ifconfig wlan0 hw ether 00:12:34:56:78:90

8.) To change MicroB’s user agent string have a look at: http://gerrymoth.co.uk/?p=108

9.) When you first open the lens cover to the camera, you can opt out of adding metadata to your pictures.

10.) Truecrypt is available, however full disk encryption is not available for the N900 or any phone I can think of. I have heard that DARPA is working on a project related to this for iPhones and Androids. ( http://www.infosecurity-us.com/view/17340/darpa-working-on-full-disk-encryption-for-iphone-and-android/ )

This concerns me a bit because I’m a resident of Michigan… ( http://www.thenewspaper.com/news/34/3458.asp )

I hope this information is helpful to you and if you have anymore ideas on anonymizing the Nokia N900 please feel free to send me an e-mail or leave a comment.

2 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!