HTTP Headers

Posted by Shashank Krishna Tuesday, June 29, 2010


In HTTP protocol, client(also referred as a user agent) submits HTTP requests to the server by sending messages to it. The server sends messages back to the client in HTTP response. Both HTTP requests and HTTP responses use headers to send information about the HTTP message. A header is a series of lines, with each line containing a name followed by a colon and a space, and then a value. The fields can be arranged in any order. Some header fields are used in both request and response headers, while others are appropriate only for either a request or a response.
Many request header fields will allow the client to specify several acceptable options in the value part and, in some cases, even rank each option’s preference. Multiple items are separated using a comma. For example, a client could send a request header that includes “Content-Encoding: gzip, compress,” indicating it would accept either type of compression. If the server uses gzip encoding for the response body, its response header would include “Content-Encoding: gzip“. One can add his own field in HTTP headers so that it contains some value specified by user. Some fields can occur more than once in a single header. For example, a header can have multiple “Warning” fields.
In most the the hacking contest you will find atleast one question on HTTP headers. Information can be hidden in them. To clear that level you have to see and edit the HTTP headers fields. There are lots of softwares/addons available on the net that make it possible to see and edit HTTP header.
Some firefox addon: Firebug, Add and Modify Headers, Live HTTP headers
For more information regarding HTTP headers fields and their values please visit http://en.wikipedia.org/wiki/HTTP

BackTrack : The hacker's haven

Posted by Shashank Krishna

Whether you are hacking wireless, exploiting servers, learning, performing a web application assessment, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs. BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

The evolution of BackTrack spans many years of development, penetration tests, and unprecedented help from the security community. BackTrack originally started with earlier versions of live Linux distributions called Whoppix, IWHAX, and Auditor. When BackTrack was developed, it was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.

Offensive Security has announced the release of BackTrack 4, an Ubuntu-based live DVD containing a large collection of tools for security audits, computer forensics and penetration testing: “BackTrack 4 final is out and along with this release come some exciting news, updates, and developments. BackTrack 4 has been a long and steady road, with the release of a beta last year, we decided to hold off on releasing BackTrack 4 final until it was perfected in every way, shape and form. This release includes a new kernel, a larger and expanded toolset repository, custom tools that you can only find on BackTrack, and more importantly, fixes to all major bugs that we knew of. This release has received an overwhelming support from the community and we are grateful to everyone who has contributed to the success of this release.”

Name of some tools that are included in BackTrack
1. Metasploit integration
2. RFMON Injection capable wireless drivers
3. Kismet
4. AutoScan-Network
5. Nmap
6. Ettercap
7. Wireshark (formerly known as Ethereal)
8. BeEF (Browser Exploitation Framework)

Download BackTrack
For more information about BackTrack visit their website.

I think all of us are regular user of Rapidshare and Megauplaod ,famous file sharing websites. Everytime when we want to download we have to wait for certain amount of time untill the download link appears. In case of Rapidshare, if your ip is already downloading some files from their server then you have to wait for the time period untill that download finished. Thus you might want to get yourself a premium account to avoid waiting every time you download files from it. Unfortunately, we don’t have money or don’t have will to buy premium account. Specially kids and teenagers who don’t own credit cards are not able to purchase a premium account.
Thus here are some link that genrate premium account for you so that you can download files easily.
To see how Rapidshare, Megaupload Premium Link Generator works visit link
If you have a Rapidshare premium account, you can also set up a generator for others using the source code provided on internet. I’m not sure if it’s legal though, so use at your own risk.

How to operate torrents behind a firewall

Posted by Shashank Krishna Monday, June 28, 2010

Use of BitTorrent is not possible on some networks (e.g. institute or office lan). By using a secure connection (SSH), you can bypass almost every firewall. Linux or a UNIX-based OS terminal supports SSH. For Windows, you have to download SSH clients. There are may SSH clients, but PuTTY is (probably) the best and certainly the most popular. For this hack you need a SSH account. You can try one of these free shell providers from this list . So here it goes….
Steps:
1. Run putty and In the address box, put the hostname or IP address of the server you have an SSH account on. Make sure the SSH radio button or check-box is ticked, and be sure you’re using port 22.
2. In the menu, click on Proxy tab under Connections and put your proxy settings there.
3. In the menu, click on SSH and select enable compression. this will compress the traffic thru your SSH tunnel, which not only provides a modest improvement in transfer rates, but has some minor security benefits as well. Set your preferred protocol to “2″, or “2 only”.
4. Click on the tunnels menu under SSH. At the bottom, select the dynamic button, and enter a source port. Use any port (greater than 1024 like 4567). Click the “add” button.
5. Go back to the session tab in the menu, enter in a title for this proxy, and click save.
6. Now Configure your BitTorrent client. In uTorrent go to Options > Preferences > Connection. Enter your port number (which u use earlier like 4567), socks 4 or 5 as type, and localhost in the proxy field. Socks5 is preferable to version four, and supported by our SSH tunnel, so select it. Click OK, and you should now be proxying thru the server with the SSH account.
You’re done, restart your BitTorrent client and you’re ready to go. BitTorrent over SSH tends to be a bit slower than your normal connection, but it’s a great solution when BitTorrent connections are blocked.

Are You Planning on Quitting Facebook? Why?

@Flickr

www.flickr.com

About Me

My Photo
Shashank Krishna
Bangalore, up, India
nothin much to say.........doin B.tech in IIIT allahabad loves bloggingn hacking.... :) and loooves blogging
View my complete profile

ads2

topads