Wednesday, March 30, 2011

Intercepting TOR traffic to Sniff Passwords or other Data

For this tutorial, I recommend you have some decent tcp/ip knowledge.
UPDATED on 12th May 2018

TOR:
For those of you who do not know what TOR is - it is an extremely powerful proxy project. TOR stands for 'The Onion Router'. It uses second-generation onion routing to hide your connection. TOR was originally sponsored by the US Naval Research Laboratory until it became an EFF project. TOR is completely free.

Onion routing works by relaying communications through a network of systems in various places. These systems are generally volunteers. Your connection travels through various nodes(it's encrypted) until it reaches the exit node, and then the location(ie the website you're connecting to via port 80).

This unencrypted connection on the exit node is what we will be exploiting.

Packet Sniffing:
The purpose of this post is to teach you how to sniff packets on a TOR network. TOR, like various other forms of hiding your identity, has its vulnerabilities. First of all, there's a chance your traffic could be passing through a government node as the onion routing takes place(unlikely, but still possible).

Now, TOR is highly encrypted when traveling from node to node, but once it leaves the final node, the connection is not encrypted(unless encryption is forced). This means, if you set up your network as a TOR EXIT node, you can then sniff traffic as it travels through your network - setting up a MITM(Man In The Middle) style attack.

To do this, you'll first need your connection to be a TOR exit node. So, let's get started. First off, you need to install Vidalia.

Vidalia:
All Vidalia is, is a GUI for TOR, giving you easier control over things. Start by installing TOR and Vidalia, and set up your TOR connection. Download them here. Make sure you select the Vidalia bundle for your OS.

Once you have Vidalia installed, you need to configure it to become an exit node. To do this, you need to configure it so your connection acts as an exit node. You need to go to 'Setup Relaying' on the Vidalia GUI, and then find exit policies, and tick any of the boxes.

My advice would be only to allow the unencrypted HTTP and 'Retrieve Mail', as most other default ports that tor is being used are useless - either that or they are TLS encrypted.

Getting the data:
Now, let's get to work. If you're running a Linux distro, I'd suggest using TCP flow for this, download it here.

Once you have TCPflow installed, create a new directory, then open up a console session, use the cd command to cd to the new directory you made, switch over to the root account, then run the following commands in that directory(TCP flow is console-based):
Code:
tcpflow -i eth0 port 80

Code:
tcpflow -i eth0 port 110

Code:
tcpflow -i eth0 port 143
This will capture HTTP requests, POP3 emails, and IMAP emails. Open a new console window and use the following command to stop sniffing:
Code:
killall tcpflow
or of course, just use CTRL + C to kill the processes currently running in the terminal. If you want to have a play around with TCP flow, then there's a guide on how to use it here.

What you're doing with these commands, is sniffing the traffic that travels through your connection, allowing you to read and intercept the traffic of people using TOR, before it reaches the final destination. You'll be able to see useful information here, including people's passwords for site logins, and potentially sensitive email information.

If you're using Windows or another operating system, then try downloading Wireshark here. Unlike TCP flow, Wireshark is not console based, the whole thing has a GUI and it's fairly straightforward to use.

Warning:
I suggest changing your exit policies, so you're running as an exit node ONLY when you want to sniff unencrypted traffic and gather data. Your ISP may not be too happy if people are viewing illegal content, using your connection as an exit node.

Use this knowledge wisely, and know that I don't advocate, nor should I be held responsible for misuse of this knowledge.

Monday, March 28, 2011

See The Passwords Behind Asterisk Using Javascript!

This short tutorial will show how to read out a saved password of a web browser using Javascript.

First visit the website
Example: http://www.gmail.com
Username: example@gmail.com
Password: ********

Copy and then paste the following code in the Address Bar of your browser and press Enter in order to find the password behind the Asterisk signs.


CODE:
javascript: var p=r(); function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}if (!x) alert('Password not found in ' + g + ' forms');}function z(f){var b=false;for(var i=0;i<f.length;i++) {var e=f[i].elements;for(var j=0;j<e.length;j++) {if (h(e[j])) {b=true}}}return b;}function h(ej){var s='';if (ej.type=='password'){s=ej.value;if (s!=''){prompt('Password found ', s)}else{alert('Password is blank')}return true;}}

A message will be displayed showing the saved password.



Saturday, March 26, 2011

Make Single Gmail account act as millions of gmail accounts

You can make your single Gmail Account work as millions of Gmail account by various combinations of symbols.


Here's how it can be done:
Lets say your gmail id is : YourGmailID@gmail.com
now any mail sent to following will go in your
inbox.
You.r.g.m.ailid@gmail.com (you can use as much
DOTS as you wish to and at any location within this
id before @ sign) YourGmailID+321@gmail.com (any number can be
used between + and @) Means your one Gmail account acts as millions of
gmail accounts.
People creating account on twitter, FB or any other
forum can register using these ids and verification
email will hit one gmail inbox. by the way you can also replace @gmail.com with
@googlemail.com
and with this one the dots and the numbers will still
work and all emails will hit to your real gmail
account.

Enjoy!!