DSploit

DSploit

After playing with the applications installed on the Pwn Pad, I found that the most important application (at least for me) was missing from the pre-installed apps. Namely, DSploit. Although DSploit has tons of features, I really liked the multiprotocol password sniffing (same as dsniff) and the session hijacking functionality.

The DSploit APK in the Play Store was not working for me, but the latest nightly on http://dsploit.net worked like a charm.

Most features require that you and your target uses the same WiFi network, and that's it. It can be Open, WEP, WPA/WPA2 Personal. On all of these networks, DSploit will sniff the passwords - because of the active attacks. E.g. a lot of email clients still use IMAP with clear text passwords, or some webmails, etc. 

First, DSploit lists the AP and the known devices on the network. In this case, I chose one victim client.


In the following submenu, there are tons of options, but the best features are in the MITM section. 


Stealthiness warning: in some cases, I received the following popup on the victim Windows:


This is what we have under the MITM submenu:


Password sniffing

For example, let's start with the Password Sniffer. It is the same as EvilAP and DSniff in my previous post. With the same results for the popular Hungarian webmail with the default secure login checkbox turned off. Don't forget, this is not an Open WiFi network, but one with WPA2 protection!


Session hijack

Now let's assume that the victim is very security-aware and he checks the secure login checkbox. Another cause can be that the victim already logged in, long before we started to attack. The session hijacking function is similar to the Firesheep tool, but it works with every website where the session cookies are sent in clear text, and there is no need for any additional support.

In a session hijacking attack (also called "sidejacking"), after the victim browser sends the authentication cookies in clear text, DSploit copies these cookies into its own browser, and opens the website with the same cookies, which results in successful login most of the time. Let's see session hijacking in action!

Here, we can see that the session cookies have been sniffed from the air:


Let's select that session, and be amazed that we logged into the user's webmail session.




Redirect traffic

This feature can be used both for fun or profit. For fun, you can redirect all the victim traffic to http://www.kittenwar.com/. For-profit, you can redirect your victim to phishing pages.


Replace images, videos

I think this is just for fun here. Endless Rick Rolling possibilities.


Script injection

This is mostly for profit. client-side injection, drive-by-exploits, endless possibilities.

Custom filter

If you are familiar with ettercap, this has similar functionalities (but dumber), with string or regex replacements. E.g. you can replace the news, stock prices, which pizza the victim ordered, etc. If you know more fun stuff here, please leave a comment (only HTTP scenario - e.g. attacking Facebook won't work).

Additional fun (not in DSploit) - SSLStrip 

From the MITM section of DSploit, I really miss the SSLStrip functionality. Luckily, it is built into the Pwn Pad. With the help of SSLStrip, we can remove the references to HTTPS links in the clear text HTTP traffic, and replace those with HTTP. So even if the user checks the secure login checkbox at freemail.hu, the password will be sent in clear text - thus it can be sniffed with DSniff.

HTML source on the client-side without SSLstrip:


HTML source on the client-side with SSL strip:


With EvilAP, SSLStrip, and DSniff, the password can be stolen. No hacking skillz needed.

Lessons learned here

If you are a website operator where you allow your users to login, always:
  1. Use HTTPS with a trusted certificate, and redirect all unencrypted traffic to HTTPS ASAP
  2. Mark the session cookies with the secure flag
  3. Use HSTS to prevent SSLStrip attacks
If you are a user:
  1. Don't trust sites with your confidential data if the above points are not fixed. Choose a more secure alternative
  2. Use HTTPS everywhere plugin
  3. For improved security, use VPN
Because hacking has never been so easy before.
And last but not least, if you like the DSploit project, don't forget to donate them!

Related news


  1. Hacker Tool Kit
  2. Hacker Tool Kit
  3. Hacking Apps
  4. Pentest Tools For Ubuntu
  5. How To Hack
  6. Hacker Tools Online
  7. Hacker Tools 2019
  8. Hacking Tools For Windows
  9. Hacking Tools For Windows
  10. Ethical Hacker Tools
  11. Hacking Tools Online
  12. Pentest Tools Online
  13. Hack Tools Online
  14. Hacker Tools 2020
  15. Easy Hack Tools
  16. Github Hacking Tools
  17. Hacking Tools Free Download
  18. Pentest Tools Find Subdomains
  19. Hack Tools Pc
  20. Pentest Tools Linux
  21. Pentest Tools Website
  22. Github Hacking Tools
  23. Physical Pentest Tools
  24. Hacker Tools Github
  25. What Are Hacking Tools
  26. Best Pentesting Tools 2018
  27. Hack App
  28. Hacker Tools Windows
  29. Pentest Tools Tcp Port Scanner
  30. Pentest Tools Review
  31. Pentest Tools Open Source
  32. Hacking Tools Windows
  33. Kik Hack Tools
  34. Hacker Tools For Mac
  35. What Are Hacking Tools
  36. Hack Website Online Tool
  37. Hacker Tools Online
  38. Hack Tools Mac
  39. Hacking Tools For Windows 7
  40. Hacking Tools Pc
  41. Pentest Tools Framework
  42. Install Pentest Tools Ubuntu
  43. Android Hack Tools Github
  44. Game Hacking
  45. Black Hat Hacker Tools
  46. Hack Tools
  47. Hacking Tools Hardware
  48. Tools Used For Hacking
  49. Hack Tools
  50. Pentest Tools For Mac
  51. Hak5 Tools
  52. Hacker Tools Linux
  53. Hacking Tools For Mac
  54. Pentest Tools Windows
  55. Pentest Tools For Mac
  56. Hack Tools
  57. Hacker Tools
  58. Hacker Techniques Tools And Incident Handling
  59. Pentest Tools Alternative
  60. New Hack Tools
  61. Hack Website Online Tool
  62. Hacker Tools Free
  63. Pentest Tools For Ubuntu
  64. Hacker Tools Apk Download
  65. Hacking Tools Kit
  66. Hacker
  67. Pentest Tools For Windows
  68. Nsa Hack Tools Download
  69. Hacking Tools Software
  70. Underground Hacker Sites
  71. What Is Hacking Tools
  72. Physical Pentest Tools
  73. Pentest Tools Framework
  74. Best Pentesting Tools 2018
  75. Pentest Recon Tools
  76. Hacker Tools Free Download
  77. Nsa Hack Tools
  78. Hack Tools For Games
  79. Hacking Tools Hardware
  80. Pentest Tools Subdomain
  81. World No 1 Hacker Software
  82. Hacker Tools Free Download
  83. Install Pentest Tools Ubuntu
  84. Hack Tools 2019
  85. Hack Tools Github
  86. Hacking Tools For Mac
  87. Hacker Tools 2019
  88. Pentest Tools Tcp Port Scanner
  89. Hacking Tools For Beginners
  90. Pentest Tools Online
  91. Hack Tools For Mac
  92. Top Pentest Tools
  93. Hack Tools
  94. Hack Tools 2019
  95. Pentest Tools For Ubuntu
  96. Pentest Tools Tcp Port Scanner
  97. Hacker Tools 2020
  98. Hak5 Tools
  99. Hacking Tools For Pc
  100. Hacking Tools And Software
  101. Hacker Tools Github
  102. Pentest Tools Free
  103. Pentest Tools List
  104. Hacking Tools Software
  105. Pentest Tools Port Scanner
  106. Hacking Tools Download
  107. Hackers Toolbox
  108. What Is Hacking Tools
  109. Growth Hacker Tools
  110. World No 1 Hacker Software
  111. Pentest Tools Nmap
  112. New Hack Tools
  113. Kik Hack Tools
  114. Nsa Hacker Tools
  115. Pentest Recon Tools
  116. Hacks And Tools
  117. Hacking Tools Hardware
  118. Top Pentest Tools
  119. Hacking Tools Github
  120. Hacking Tools Software
  121. Hacking Tools Kit
  122. Hacker Tools For Windows
  123. Game Hacking
  124. Hacker Tools For Windows
  125. Hack Tools For Games
  126. Hacker Tool Kit
  127. Pentest Tools Tcp Port Scanner
  128. Growth Hacker Tools
  129. Hacking Tools Pc
  130. Pentest Tools For Windows
  131. Hacker Tools For Mac
  132. Computer Hacker
  133. Pentest Tools List
  134. Hacking Tools For Beginners
  135. Hacking Tools Name
  136. Hacker Tools Apk
  137. Pentest Tools For Ubuntu
  138. Hack And Tools
  139. Hack Tool Apk
  140. Hacker Tools Software
  141. Best Pentesting Tools 2018
  142. Pentest Tools Free
  143. Pentest Tools Framework
  144. Pentest Tools Alternative
  145. Hacker Tools For Mac
  146. Hacker Tools 2020
  147. Pentest Tools Bluekeep
  148. Pentest Tools List
  149. Hacker Tools Software
  150. Hacker Tools Software
  151. What Are Hacking Tools
  152. Hacker Hardware Tools
  153. Hacks And Tools
  154. Pentest Tools List
  155. Top Pentest Tools

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Labels

14.6.2014 draw 297/14 19 Mei 2013 23 Jun 2013 24.04.2013 25 Jun 2013 4 mei 2014 - draw 278/14 6 mei 2014 Adakah anda bersetuju dengan pernyataan tentang zakar ini? BERIKUT MERUPAKAN NOMBOR RAMALAN UNTUK MAGNUM 4D PADA 30 OGOS 2014 draw 143/13 draw 279/14 DRAW ID 098/13. DRAW ID 099/13: NOMBOR RAMALAN UNTUK MAGNUM 4D PADA 4 MEI 2013 DRAW ID 139/13. DRAW ID 141/13. DRAW ID 142/13 DRAW ID 142/13 / PREDICTION FOR MAGNUM 4D COUNTER ON 3 AUGUST 2013 ID CABUTAN 098/13 / PREDICTION FOR MAGNUM 4D COUNTER ON 1 MAY 2013 ID CABUTAN 099/13 / ID CABUTAN 139/13 / PREDICTION FOR MAGNUM 4D COUNTER ON 27 JULY 2013 ID CABUTAN 141/13 / PREDICTION FOR MAGNUM 4D COUNTER ON 31 JULY 2013 Keputusan dan perbandingan antara nombor ramalan dan result Magnum 4D pada 31 Julai 2013 Keputusan Magnum 4D Kerja part time/ sambilan : Peluang tambah pendapatan Magnum 4d result 1 May 2013 Draw 098/13 Magnum draw 094/13 nombor 4d 6.7.2014 308/14 Nombor 4d untuk hari ini : 21/04/2013 nombor magnum 4d draw 107/13 ; Ahad nombor magnum 4d untuk draw 101/13: 7 mei 2013 ( magnum 4d prediction number for draw 101/13 : 7 may 2013 Nombor ramalan 4d : 24.04.2013 Nombor ramalan dan keputusan Magnum 4D draw 119/13 pada 15 Jun 2013 Nombor ramalan Magnum 4D 4 Ogos 2013 draw 143/13 Nombor ramalan Magnum 4D 7 Ogos 2013 draw 144/13 nombor ramalan Magnum 4D dan result pada 4 Ogos 2013 Nombor ramalan magnum 4d draw 112/13 29 Mei 2013 Nombor ramalan Magnum 4D pada 1 Jun 2013 draw 113/13 nombor ramalan magnum 4d pada 14.6.2014 draw 297/14 Nombor ramalan Magnum 4D pada 2 Jun 2013 Draw 114/13 nombor ramalan magnum 4d pada 23 ogos 2014 draw 329/14 Nombor ramalan magnum 4d pada 26.05.2015 draw 467/15 - special draw Nombor Ramalan Magnum 4D pada 30 April 2014 draw 276/14 nombor ramalan magnum 4d pada 30 ogos 2014 draw 333/14 nombor ramalan magnum 4d pada 4 mei 2014 - draw 278/14 Nombor ramalan magnum 4d pada 5 julai 2014 hari sabtu draw 307/14 nombor ramalan magnum 4d pada 7 september 2014 draw 338/14 ( 7.9.2014/338/14) nombor ramalan magnum 4d pada 8 Februari 2014 (8/2/2014) draw 235/14 nombor ramalan magnum 4d pada hari ahad nombor ramalan magnum 4d pada hari ahad 6 julai 2014 draw 308/14 nombor ramalan magnum 4d pada hari rabu 25 september 2013 draw 168/13 nombor ramalan magnum 4d pada hari rabu 9 julai 2014 draw 309/14 nombor ramalan magnum 4d pada hari sabtu nombor ramalan magnum 4d pada hari sabtu 13.9.2014 draw 340/14 nombor ramalan magnum 4d pada hari sabtu 26 oktober 2013 draw 182/13 nombor ramalan magnum 4d pada hari selasa Nombor ramalan Magnum 4D untuk draw 118/13 pada hari Rabu 12 Jun 2013 Nombor ramalan Magnum 4D untuk draw 119/13 pada hari Sabtu 16 Jun 2013 Nombor ramalan Magnum 4D untuk draw 120/13 pada hari Ahad 16 Jun 2013 Nombor ramalan Magnum 4D untuk draw 121/13 pada hari Rabu 19 Jun 2013. Nombor ramalan Magnum 4D untuk draw 123/13 pada hari Ahad Nombor ramalan Magnum 4D untuk draw 124/13 pada hari Selasa (special draw) Nombor ramalan Magnum 4D untuk draw 231/14 pada hari Sabtu 1 Februari 2014 Nombor ramalan Magnum 4D untuk hari Sabtu 7 Ogos 2013 draw 149/13 Nombor ramalan Magnum 4D untuk hari Selasa 3 September 2013 draw 158/13 | SPECIAL DRAW Nombor ramalan MAGNUM 4D untuk special draw 111/13 28 Mei 2013 Nombor ramalan untuk hari Rabu nombor ramalan untuk MAGNUM 4D Nombor ramalan untuk magnum 4d draw 105/13: 15 Mei 2013 Nombor ramalan untuk magnum 4d draw 120/13 dan keputusan/result magnum 4d pada 16 Jun 2013 NOMBOR RAMALAN UNTUK MAGNUM 4D PADA 1 MEI 2013 NOMBOR RAMALAN UNTUK MAGNUM 4D PADA 27 JULAI 2013 NOMBOR RAMALAN UNTUK MAGNUM 4D PADA 3 OGOS 2013 NOMBOR RAMALAN UNTUK MAGNUM 4D PADA 31 JULAI 2013 nombor ramalan untuk magnun 4d pada 3 mei 2014-277/14 nombor untuk magnum 4d draw 095/13 : 27 April 2013 PREDICTION FOR MAGNUM 4D ON 4 MAY 2013 ramalan magnum 4d 9.7.14 309/14 Ramalan pada 12 Jun 2013 dan keputusan Magnum 4D Result 21.4.2013 Cash Sweep Result 21.4.2013 DaMaCai Result 21.4.2013 Magnum Result 21.4.2013 Toto special draw 28 Mei 2013 special draw pada 28 MEI 2013. TERKINI| TERBARU: nombor magnum 4d 7 mei 2013; 101/13 ; special draw Toto draw 3871/13

**Penafian**

Nombor ramalan hanyalah sebagai panduan dan dicadangkan untuk MAGNUM SAHAJA (atau kaunter lain sekiranya sesuai) . Segala pertaruhan adalah atas risiko anda sendiri.