Youtuber Giochiamo ha Fortnite e siamo i migliori. Sign in to like videos, comment, and subscribe. Cyber Hunter is an open-world battle royale game featuring an unique combination of gaming elements, including survival, shooting and exploring. Any vertical surface in the Cyber Hunter world is climbable and players can glide down from high up.
Introduction
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pentesting framework capable of performing static, dynamic and malware analysis, as well as web API testing.
MobSF: All-in-one Mobile (Android/iOS) Pentesting Framework
MobSF is an open source and intelligent tool which you can use to perform both static and dynamic analyses on Android/iOS/Windows platforms. It support both binaries (APK, IPA & APPX ) and zipped source code. It also has specific Web API fuzzing capabilities powered by specific web api security scanner – CapFuzz. So, if you are a developer, pentester or security analyst you can identify vulnerabilities in mobile apps at all stages of development.
Features:
- Information Gathering & Security Headers Analyze
- Dynamic and static analysis (Dinamic SSL Testing, Dynamic analysis on custom VM/rooted android devices, Static analysis and stats)
- Fuzzing web APIs for security vulnerabilities (Web API Fuzzer: API rate limiting and session related vulnerabilities.)
- Free and open-source automated security assessment for both Android/iOS apps
- Identify Mobile API vulnerabilities (XXE, SSRF, Path Traversal, IDOR)
- Built-in evasion modules (Android Blue Pill, RootCloak,JustTrustMe, etc.)
Requirements
Static Analysis:
Python 3.6+
- Oracle
JDK 1.7
or above - Mac OS Users must install Command-line tools
- iOS IPA Analysis works only on Mac and Linux
- Windows App Static analysis requires a Windows Host or Windows VM for Mac and Linux.
Dynamic Analysis:
- MobSF x86 Android VM requires Oracle VirtualBox
- MobSF Android AVD (ARM Emulator), It requires Android Studio and a configured AVD
- Hardware Requirements: Min 4GB RAM, 5GB HDD/SSD and Virtualization Support for running MobSF VM and Intel HAXM if you are running MobSF ARM Emulator.
Note (Static Analysis):
- Linux & Mac: install Oracle
Java 1.7+
(make it the default one). - Linux: enable 32bit execution support
Install
MobSF Docker image
In case you don’t want to setup Static analysis, use automated prebuilt docker image. Run the following:
Static Analyzer Configuration
MobSF comes bundled with BlackArch Linux. Installation is tested on the following platforms:
Windows
(7, 8, 8.1, 10),Kali Linux
(2016.2),Ubuntu
(14.04, 16.04) ,OSX
(Mavericks, Yosemite, El Capitan),OS
(Sierra, High Sierra)
Clone it from the github repo:
Then navigate to the MobSF nad run (Linux/Mac):
On Windows run:
Dynamic Analyzer Configuration
MobSF Dynamic Analysis currently supports Android:
- Android 4.4.2 x86 VirtualBox VM: fast, not all apps work
- Rooted Andorid 4.03 – 4.4 Device: very fast, all apps work
- Rooted Android 4.03 – 4.4 VM: not tested
Update
First you need to migrate your db or you’ll encounter some errors:
Run the following to migrate your db:
This will remove all previoisly saved scan results. If migration didn’t work, run the following and try commands above again:
Then install requirements:
Usage
To start it, just run:
In case you want to run it on a specific port, try:
MobSF Mass Static Analysis
Start server:
Then run the following:
Example:
Introduction
We already talked about Bettercap – MITM Attack Framework, but we decided to separate examples from the general tool info. Here, we’ll go over some Bettercap Usage Examples. There is a lot to cover, and things might not work as expected depending on the situation and network architecture, but we’ll try to cover as much as we can, updating this post as time goes by.
Jump to:
Transparent HTTP(S) Proxy
For HTTPS, enable http.proxy.sslstrip
.We need to arp spoof victims address:
Chrome will cause problems with HSTS preloaded sites, with message “Your connection is not private”. For non HSTS domains, it will allow you to proceed with “Proceed to <domain> (unsafe)” message. Internet Explorer will show similar message “There is a problem witt the website’s security ceritificate”. We’ll fight with HSTS (Hijacking) and SSL sites some other time.
DNS Spoofing
We need to define which domains we’re going to spoof, and to which ip to redirect them:
To spoof entire subnet, set:
Run it with:
You should probably also arp.spoof the subnet or the target.
ARP Spoofing
As before adjust the module:
All traffic from/to 192.168.1.6 will be redirected to you (bettercap). That’s going to cause connection issues on the target.
DNS/ARP Spoofing
One issue I experienced trying to spoof DNS/ARP are conflicts. By arp-ing the target and setting dns spoof, I was seeing nslookup returns conflicting data on the target side, as if my ARP poison and router argue with the target on who is right. I can clearly see address switching from second to second. Although on WiFi clients it seems to work, for targets on Ethernet (line):
and in the next second:
When I try to load the page, one moment it fails to load, in the next moment it’s fully loaded. One thing that manged to solve it permanently is to use:
» arp.ban on
Cyber Punk Vs. Leviathan Mac Os X
Password Sniffing
For the purpose of example we’ll check some requests from the localhost. Start bettercap (maybe in –debug mode) and set:
You could setup an output file:
» set net.sniff.output ‘passwords.pcap’
so you can inspect packet dump later on with some tool like WireShark. Alternatively you can use some from the terminal:
By going to a domain and doing a couple of requests, we can see some captured traffic:
In the example above we have one form login and few GET password requests. GET requests are clearly visible inline. Form POST request visible in WireShark is also nicely formated within Bettercap:
You could use predefined caplet http-req-dump.cap:
Proxy JS Injection (XSS)
Within caplets repository we have beef-pasive.cap
and beef-active.cap
. I was unable to get any info with pasive one, but the active one works just fine. If we look at the caplet:
It sets the script, http proxy and it spoofs entire subnet. The beef-inject.js
content:
It simply Logs the info in Bettercap console and injects the BeEF (The Browser Exploitation Framework Project) hook. Although BeEF is a great tool, you can also create your own script. Alter the line and set your own script instead of the hook.js (src=”http://<YOUR_SERVER>/my_hook.js”>). For e.g. set the content:
and run bettercap with eval (targeting specific computer in my LAN):
When user opens HTTP website, for instance time.com, hook will be executed and we’ll end up with:
XSS in the making.
Terminate Target Connectivity – Ban (LAN)
Start ARP spoofer in ban mode, meaning the target(s) connectivity will not work.
MAC Changer
Before you continue, check your current interface:
shut it down:
Then in bettercap, hit:
turn it on:
Now if you check ifconfig:
WiFi Network Monitoring (Playground)
New wifi.recon
covers both 2.4 Ghz and 5Ghz frequencies. It’s doing everything you need. Deauth, Sniff, Handshake captures. To start, add -iface
option:
Note: In case of an error: Can’t restore interface wlan0 wireless mode (SIOCSIWMODE failed: Bad file descriptor). Please adjust manually. Quit bettercap and manually set the wireless interface to monitor mode. For example, as follows:
Turn on recon:
You can manage channels with:
» wifi.recon.channel 10,11
To clear them:
» wifi.recon.channel clear
Results can be seen with:
To capture handshakes, we should define a sniffer, filter specific frames (0x888e), set the output file for processing later on, maybe select the channel and or target:
Then we should hit it with the Deauth. You can deauth all clients with:
or just specific one:
When you capture the handshake, you can start breaking them. We’ll not cover that here.
BLE (Bluetooth Low Energy device discovery)
The ble.recon
will discovery every BLE device you want to inspect with ble.enum
or playaround with ble.write
.
To connect, enumerate and read characteristics from the BLE device 04:ff:de:ff:be:ff:
Write the bytes ff ff ff ff ff ff ff ff
to the BLE device 04:ff:de:ff:be:ff
on its characteristics with UUID 234afbd5e3b34536a3fe72f630d4278d
:
Issues:
- ble.enum only works one time per execution
- incomplete support for macOS
- not supported on Windows
Caplets
Cyber Punk Vs. Leviathan Mac Os Update
Bettercap caplets, or .cap files are a powerful way to script bettercap’s interactive sessions, think about them as the .rc files of Metasploit. Check this repository for available caplets and modules. Some of them we already mentioned above, other we’ll leave for you to play with. From the names below you can see what’s already available:
- airodump.cap
- ap.cap
- ap-config.cap
- beef-active.cap
- beef-passive.cap
- crypto-miner.cap
- download-autopwn
- download-autopwn.cap
- fb-phish.cap
- gps.cap
- hstshijack
- http-req-dump.cap
- local-sniffer.cap
- login-man-abuse.cap
- massdeauth.cap
- mitm6.cap
- netmon.cap
- pita.cap
- proxy-script-test.cap
- recon-active.cap
- recon-passive.cap
- rest-api.cap
- rogue-mysql-server.cap
- rtfm.cap
- simple-passwords-sniffer.cap
- stsoy.cap
- tcp-req-dump.cap
- test-prompt-stats.cap
- web-override.cap
- wpa_handshake.cap
Conclusion
WiFi games, Redirection, Phishing, Sniffing, Injections, .. These Bettercap Usage Examples provide just a basic insight in how things work and what you can do, which is a lot (relatively). It can (and probably will) cause some headache while trying to do some specific attack, DNS issues, HSTS problems, SSLSplit issues, etc. Deal with it, explore. If nothing else, it will make you research things, understand how things work or don’t work. A tool you should maybe have in mind for some Pentesting, Neighbor exploring or cyberwarfare activities.