Firefox Imp. Addons

FOX TAB:
3D in your browser! FoxTab brings innovative 3D functionality to your Firefox.



New! Top Sites for FoxTab (aka Speed Dial).
Now you can access your most favorite sites from the familiar FoxTab interface.

FoxTab is a popular 3D tab management extension.
FoxTab powers Firefox with the following main features:
✔ Top Sites (aka Speed Dial) for quickly accessing your favorite web sites.
✔ Tab Flipper – to easily flip between opened tabs using mouse or keyboard gestures.
✔ Recently Closed Tabs – for reopening a tab that was recently closed.

Choose between 6 attractive 3D layouts.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/8879/


2.ALEXA SPARKY:

Sparky is Alexa Internet's free Firefox status bar plugin. Sparky accompanies you as you surf, providing you with Alexa data about the sites you visit without interrupting your browsing.

Discover website traffic trends -- Is this site getting more popular, or less?

Get detailed traffic information including Reach and Rank -- How does this site's traffic compare to other sites on the Web?

Surf more efficiently with Related Links for each page -- If I like this site, are there others that I might want to visit?

Gracefully navigate past dead end error pages -- Enable Sparky's optional custom error handling to get relevant alternative links when your browser encounters a network error.
Plus, as you browse with Sparky, you're helping to make the Web a better place for everybody by contributing to the traffic information that Alexa provides.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/5362/

3.GREASE MONKEY:



Allows you to customize the way a webpage displays using small bits of JavaScript. ...!!

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/748/


4.SQL INJECT ME:
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.
The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/7597/

5.TAMPER DATA:

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters...

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.

Trace and time http response/requests.

Security test web applications by modifying POST parameters.

FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/966/

6.HACKBAR:
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, a lot of Google and a brain :)

# The advantages are:
- Even the most complicated urls will be readable
- The focus will stay on the textarea, so after executing the url (Ctrl+Enter) you can just go on typing / testing
- The url in textarea is not affected by redirects.
- I tend to use it as a notepad :)
- Useful tools like on the fly uu/url decoding etc.
- All functions work on the currently selected text.
- MD5/SHA1/SHA256 hashing
- MySQL/MS SQL Server/Oracle shortcuts
- XSS useful functions
- And lots more ;) Go test it!

# Shortcuts
- Load url ( Alt + A )
- Split url ( Alt + S )
- Execute ( Alt + X, Ctrl + Enter )
- INT -1 ( Alt - )
- INT +1 ( Alt + )
- HEX -1 ( Ctrl Alt - )
- HEX +1 ( Ctrl + Alt + )
- MD5 Hash ( Alt + M )
- MySQL CHAR() ( Alt + Y )
- MS SQL Server CHAR() ( Alt + Q )

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/3899/

7.XSS ME:
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.

Download Link:
https://addons.mozilla.org/en-US/firefox/addon/7598/

Chat with Friends through Command Prompt

1) All you need is your friend's IP Address and your Command Prompt.

2) Open Notepad and write this code as it is.....!

@echo off
:A
Cls
echo MESSENGER
set /p n=User:
set /p m=Message:
net send %n% %m%
Pause
Goto A


3) Now save this as "Messenger.Bat".

4) Open Command Prompt.

5) Drag this file (.bat file) over to Command Prompt and press Enter.

6) You would then see something like this:



7) Now, type the IP Address of the computer you want to contact and press enter
You will see something like this:


8) Now all you need to do is type your message and press Enter.
Start Chatting.......!

DONE....ENJOY.~!!

Botnets


A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.

Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander.

A botnet may be small or large depending on the complexity and sophistication of the bots used. A large botnet may be composed of ten thousand individual zombies. A small botnet, on the other hand may be composed of only a thousand drones. Usually, the owners of the zombie computers do not know that their computers and their computers’ resources are being remotely controlled and exploited by an individual or a group of malware runners through Internet Relay Chat (IRC)

There are various types of malicious bots that have already infected and are continuing to infect the internet. Some bots have their own spreaders – the script that lets them infect other computers (this is the reason why some people dub botnets as computer viruses) – while some smaller types of bots do not have such capabilities.

Different Types of Bots

Here is a list of the most used bots in the internet today, their features and command set.

XtremBot, Agobot, Forbot, Phatbot

These are currently the best known bots with more than 500 versions in the internet today. The bot is written using C++ with cross platform capabilities as a compiler and GPL as the source code. These bots can range from the fairly simple to highly abstract module-based designs. Because of its modular approach, adding commands or scanners to increase its efficiency in taking advantage of vulnerabilities is fairly easy. It can use libpcap packet sniffing library, NTFS ADS and PCRE. Agobot is quite distinct in that it is the only bot that makes use of other control protocols besides IRC.

UrXBot, SDBot, UrBot and RBot

Like the previous type of bot, these bots are published under GPL, but unlike the above mentioned bots these bots are less abstract in design and written in rudimentary C compiler language. Although its implementation is less varied and its design less sohisticated, these type of bots are well known and widely used in the internet.

GT-Bots and mIRC based bots
These bots have many versions in the internet mainly because mIRC is one of the most used IRC client for windows. GT stands for global threat and is the common name for bots scripted using mIRC. GT-bots make use of the mIRC chat client to launch a set of binaries (mainly DLLs) and scripts; their scripts often have the file extensions .mrc.
Malicious Uses of Botnets

Types Of Botnet Attack

Denial of Service Attacks
A botnet can be used as a distributed denial of service weapon. A botnet attacks a network or a computer system for the purpose of disrupting service through the loss of connectivity or consumption of the victim network’s bandwidth and overloading of the resources of the victim’s computer system. Botnet attacks are also used to damage or take down a competitor’s website.

Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.
Any Internet service can be a target by botnets. This can be done through flooding the website with recursive HTTP or bulletin-board search queries. This mode of attack in which higher level protocols are utilized to increase the effects of an attack is also termed as spidering.

Spyware
Its a software which sends information to its creators about a user's activities – typically passwords, credit card numbers and other information that can be sold on the black market. Compromised machines that are located within a corporate network can be worth more to the bot herder, as they can often gain access to confidential information held within that company. There have been several targeted attacks on large corporations with the aim of stealing sensitive information, one such example is the Aurora botnet.

Adware
Its exists to advertise some commercial entity actively and without the user's permission or awareness, for example by replacing banner ads on web pages with those of another content provider.

Spamming and Traffic Monitoring
A botnet can also be used to take advantage of an infected computer’s TCP/IP’s SOCKS proxy protocol for networking appications. After compromising a computer, the botnet commander can use the infected unit (a zombie) in conjunction with other zombies in his botnet (robot network) to harvest email addresses or to send massive amounts of spam or phishing mails.

Moreover, a bot can also function as a packet sniffer to find and intercept sensitive data passing through an infected machine. Typical data that these bots look out for are usernames and passwords which the botnet commander can use for his personal gain. Data about a competitor botnet installed in the same unit is also mined so the botnet commander can hijack this other botnet.

Access number replacements are where the botnet operator replaces the access numbers of a group of dial-up bots to that of a victim's phone number. Given enough bots partake in this attack, the victim is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers (land line, cell phone, etc.).

Keylogging and Mass Identity Theft
An encryption software within the victims’ units can deter most bots from harvesting any real information. Unfortunately, some bots have adapted to this by installing a keylogger program in the infected machines. With a keylogger program, the bot owner can use a filtering program to gather only the key sequence typed before or after interesting keywords like PayPal or Yahoo mail. This is one of the reasons behind the massive PayPal accounts theft for the past several years.

Bots can also be used as agents for mass identity theft. It does this through phishing or pretending to be a legitimate company in order to convince the user to submit personal information and passwords. A link in these phishing mails can also lead to fake PayPal, eBay or other websites to trick the user into typing in the username and password.

Botnet Spread
Botnets can also be used to spread other botnets in the network. It does this by convincing the user to download after which the program is executed through FTP, HTTP or email.

Pay-Per-Click Systems Abuse
Botnets can be used for financial gain by automating clicks on a pay-per-click system. Compromised units can be used to click automatically on a site upon activation of a browser. For this reason, botnets are also used to earn money from Google’s Adsense and other affiliate programs by using zombies to artificially increase the click counter of an advertisement.

How to Write Protect a USB Flash Drive


If you want to write protect your USB drive, you can do it with the given registry trick or batch script. Protecting USB drive depends on Registry, and you can do it manually or by the script. Read below. Mannual way is also given along with batch script


Manually:
1- Start > Run > type “regedit” to open regisry editor
2- Navigate to this: HKey_LOCAL_MACHINESystemCurrentControlSetControl
3- Create a new key with the name “StorageDevicePolicies”
4- On the right side, Create a new “DWORD Value” with thr name “WriteProtect” and give it “1" as Data
5- Then put the USB Flash Drive.
6- Try to Delete a file Or Copy something to it, You will not be able to do that.
7- To disable this feature, just change the data from 1 To 0
Download guidance on Windows Firewall with Advanced Security Deployment
Microsoft has launched a deployment guide yesterday to simplify the work of users that need to leverage Windows Firewall with Advanced Security in order to secure network communication to a Domain Controller.

Windows Firewall with Advanced Security (WFAS) combines a host-based firewall and an Internet Engineering Task Force (IETF)-compliant implementation of Internet Protocol security (IPsec),” Microsoft explains.


This Test Lab Guide contains an introduction to Windows Firewall with Advanced Security (WFAS) and step-by-step instructions for extending the Base Configuration test lab. You will configure WFAS connection security rules to protect network communication between a domain controller and domain member computers using Internet Protocol security (IPsec).The connection security rules are configured to allow new computers to join the domain and then subsequently the communication between the domain controller and the domain member is protected using IPsec.



According to Microsoft, this guide is designed to streamline the deployment of a test lab involving two server computers and one client machine. The instructions are based on a Base Configuration test lab set up for deploying WFAS connection security rules.



System Requirements


Operating Systems:Windows Server 2008 R2


Download here:
http://www.microsoft.com/download/en/details.aspx?id=20453

Hide your file in a jpg image using cmd.

This is a simple command prompt ( cmd ) trick. You can hide your files behind jpeg image. You will only need winrar and a little knowledge of dos commands.
just follow these steps



step 1- create a folder and copy all files in the folder you wanted to hide in a image file.(EX- c:\hidden)
step 2- create a rar archive of these files.(EX- secret.rar)
step 3- copy a image file in the same folder. (EX: image.jpeg)
step 4- open cmd and go to the directory of the folder.(c:\hidden> )
step 5- run this command. copy /b image.jpeg+secret.rar output.jpeg


here image.jpeg is the image in which you want to hide you files. secret.rar is the archive of those files which you want to hide in the image. output.jpeg is name of the output image file.

Now you can open output.jpeg by double click. It will open as a image file and will show the preview of the image. If you want to see the files hidden inside the image, open this image output.jpeg using winrar.

Process Hacker 2.11


Process Hacker is a nice software which helps users to view and manage the processes and their threads, modules and memory from their computers. Process Hacker is a feature-packed tool for manipulating processes and services on your computer.


features of Process Hacker:

Processes

  • View processes in a tree view with highlighting
  • View detailed process statistics and performance graphs
  • Process tooltips are detailed and show context-specific information
  • Select multiple processes and terminate, suspend or resume them
  • (32-bit only) Bypass almost all forms of process protection
  • Restart processes
  • Empty the working set of processes
  • Set affinity, priority and virtualization
  • Create process dumps
  • Use over a dozen methods to terminate processes
  • Detach processes from debuggers
  • View process heaps
  • View GDI handles
  • Inject DLLs
  • View DEP status, and even enable/disable DEP
  • View environment variables
  • View and edit process security descriptors
  • View image properties such as imports and exports

Threads

  • View thread start addresses and stacks with symbols
  • Threads are highlighted if suspended, or are GUI threads
  • Select multiple threads and terminate, suspend or resume them
  • Force terminate threads
  • View TEB addresses and view TEB contents
  • (32-bit only) Find out what a thread is doing, and what objects it is waiting on
  • View and edit thread security descriptors

Tokens

  • View full token details, including user, owner, primary group, session ID, elevation status, and more
  • View token groups
  • View privileges and even enable, disable or remove them
  • View and edit token security descriptors

Modules

  • View modules and mapped files in one list
  • Unload DLLs
  • View file properties and open them in Windows Explorer

Memory

  • View a virtual memory list
  • Read and modify memory using a hex editor
  • Dump memory to a file
  • Free or decommit memory
  • Scan for strings

Handles

  • View process handles, complete with highlighting for attributes
  • Search for handles (and DLLs and mapped files)
  • Close handles
  • (32-bit only) Set handle attributes - Protected and Inherit
  • Granted access of handles can be viewed symbolically instead of plain hex numbers
  • View detailed object properties when supported
  • View and edit object security descriptors

Services

  • View a list of all services
  • Create services
  • Start, stop, pause, continue or delete services
  • Edit service properties
  • View and edit service security descriptors

Network

  • View a list of network connections
  • Close network connections
Download Link:

How to access blocked website to school, colleges and office with ultrasurf


Ultrasurf is a nice tool to enable users to visit any public website in the world safely and freely. You can also use it your internet privacy and security.


Download this software:
http://www.ultrareach.com/downloads/ultrasurf/u995.zip

Settings:
  • Run software
  • Click on option at top of the tool
  • In new windows, click on proxy settings in the bottom
  • Click on Auto-Detect Proxy Option as shown above
  • Click OK and close all windows.
  • Reopen the software by clicking in the .exe
  • Wait for few seconds to connecting the server.
  • Once the ultrasurf connected to server, it will show- Successfully connected to server
  • The right side speed bar will auto generated after connected to server.
  • IE will open automatically. Close this IE.
  • Download GOOGLE CHROME INTERNET BROWSER. This is my recommendation because this software is best compatible with google chrome.
  • PLS DNT TRY ULTRASURF WITH MOZILLA FIREFOX.

Ethical Hacker

Meaning
Most people thinks that hackers are computer criminals. They fail to recognise the fact that criminals and hackers are two totally different things. Media is responsible for this. Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organisations, companies, goverment, etc. to secure documents and secret information on the internet.


Subscribe to: Posts (Atom)