Categories
Security Tools

Using Wireshark and tcpdump

Wireshark and tcpdump is a free and open-source network packet analyzer. Where Wireshark is a desktop application that can be installed on multiple Operating Systems while tcpdump is a commandline utility mainly seen in Linux/Unix based Operating Systems.

In this post we are using tcpdump to capture packets from a remote machine and analyse it using Wireshark.

Before we begin we need the following

  • A remote computer linux server with SSH enabled and tcpdump installed.
  • Root access to the server.
  • Any service which can be used to generate network traffic, like Apache Webserver or a node server.
  • A local computer with Wireshark installed.

The goal here is to capture the network traffic on a remote computer using tcpdump , download and analyse using wireshark.

Capturing packet remotely

In order to capture packets remotely connect using SSH, Connect to the remote server and start tcpdump like below.

[root@technix ~]#  tcpdump -s 0 -i ens192 -w tcpdump_Capture.pcap

In short, the above command will capture all traffic on the specified interface with -i option and write it to a file tcpdump_capture.pcap in a format compatible with Wireshark. Once you’ve finished capturing traffic, end the tcpdump session by pressing Ctrl+C

Note:

Make sure you use the proper network interface to capture the traffic, In this case, it was a Redhat Linux box and the interface name was ens192, In the case of certain other machines it might be eth0.

Analyzing the tcpdump file using Wireshark

we can download the tcpdump file from the remote server using any of the file transfer utilities like WinScp, Filezilla, or pscp.exe.

Once downloaded you can open the file in Wireshark. Open Wireshark, then import the tcpdump captured session using File –> Open and browse for your file. You can also double-click the tcpdump capture file to open it in Wireshark, as long as it has the *.pcap file extension.

This blog gives a basic introduction for using Wireshark and tcpdump, more details can be obtained from their respective websites.

Categories
Security Tools

OWASP Dependency-Check: what does it do?

The Open Web Application Security Project (OWASP), is an online community where we get free articles, methodologies, documentation tools, and other content related to Web Application Security.

Open source components have become an integral part of software development. The increasingly widespread use of open source components requires that developers take a more proactive approach to open source security management. They need to make sure throughout the development process that the software products that they are creating and maintaining don’t contain vulnerable components.

The OWASP Top 10 2013 contains a new entry: A9-Using Components with Known Vulnerabilities. Dependency-Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.

Supported Programming Languages and Integrations

The OWASP Dependency-Check currently supports five different programming languages. Java and .NET are fully supported and additional experimental support is provided for Ruby, Node.js, and Python.

The OWASP’s tool also supports the Jenkins plugin, and can fail the build process, allowing you to make sure only approved code with no open source vulnerabilities is deployed to production.

Vulnerability Scanning

Scanning is the process of running the tool on the user’s code, to identify any vulnerable open source component. This is usually done by conducting a comparison between the user’s code and known open source vulnerabilities in the vulnerabilities database.  

The OWASP Dependency-Check uses a variety of analyzers to build a list of Common Platform Enumeration (CPE) entries. CPE is a structured naming scheme, which includes a method for checking names against a system.

Reporting is extremely important when dealing with vulnerability management, since it provides all security and development teams with actionable insights, as well as giving stakeholders the metrics that they need. The OWASP Dependency-Check can support these needs and can generate reports and exports in a variety of formats: XML, CSV, JSON, and HTML.  

OWASP Dependency-Check: Pros & Cons

proscons
It’s freeNo Dashboard
Multi reporting and export optionsNo overview report or report comparison
Easy to deploy and runNo vulnerability remediation
Lightweight
Categories
Linux

Changing TimeZone in RHEL 6/7/8 and Centos

First, check the current timezone in your system by using the date command.

[root@technix~]# date
Thu Oct 29 11:28:27 PST 2020

Here the timezone is set to PST.

Change Timezone in Centos/RHEL 7/8

We can use the timedatectl command to change the current timezone. First, let’s list all timezones.

[root@technix ~]# timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
.....

Now use the following command to change the timezone to

[root@technix ~]# timedatectl set-timezone Asia/Kolkata

Change Timezone in Centos/RHEL 5/6

To change timezone in Centos/RHEL 5/6 versions we just need to link /etc/localtime file to the correct timezone configuration file.

[root@technix ~]# mv /etc/localtime /root/localtime.bak
[root@technix ~]# ln -s /usr/share/zoneinfo/Asia/Calcutta /etc/localtime

With this timezone will be changed and can be verified by issue date command

Categories
Performance Testing

why jmeter for performance testing?

Here’s is the top 30 reason for using Jmeter as a performance  testing tool.

  1. Jmeter is an open source tool.
  2. There seem to be more cost saving for MQ ,SOAP,FTP protocols when considering other proprietary tools in the market.
  3. Customized/Specialized reports are given in proprietary tools to attract the end users. Jmeter has simple reports and it will be helpful to analyse the server logs and get into the root cause of the performance issue. So if you do not want Grand UI reports , Jmeter will save more money from you pocket
  4. User friendly UI.
  5. All the components are pre-built and readily available for use. Even the person who is not much comfortable with coding can understand and script in jmeter.
  6. Test can be executed in NON-GUI mode to save the machine resources.
  7. You can extend or write the new samplers in java and it can be included in jmeter.
  8. You can send the files with the request using simple configuration.
  9. It is easy to run multiple users (1000 User logins in ~2GB system) without worrying license cost.
  10. Simple and effective session correlation for a web application.
  11. You can run multiple scripts consecutively(One at a time) , also all at a time (concurrently)
  12. Response time results can be exported to CSV.
  13. Assertions will help to validate the response from the server easily.
  14. You can send JSON string and test JSON response for HTTP request.
  15. Various timers are there to introduce the delay concept
  16. Using SSH Sampler , Jmeter can connect to Linux Shell.
  17. Jmeter Can Execute Perl Script from Shell.
  18. Jmeter Supports functional testing.
  19. Jmeter has Perfmon for monitoring the entire system.
  20. Jmeter has Jmxmon for monitoring JVM.
  21. Jmeter can be integrated with ant jar to generate HTML Reports.
  22. Jmeter supports SOAP testing.
  23. Jmeter supports JDBC Testing.
  24. Easy to add new properties in Jmeter’s property file.
  25. Jmeter’s Beanshell processor supports Beanshell language.
  26. Jmeter’s JSR223 Preprocessor supports JAVA language,bsh.
  27. Easy to use Jmeter’s Function Helper.
  28. Jmeter’s Test Action Sampler helps to pause the test.
  29. Junit sampler is available in Jmeter.
  30. Jmeter can Test MongoDB.
  31. Jmeter Supports Distributed Testing.

Watch out for more updates.

Categories
General Uncategorized

How to access a blocked website?

How to access a blocked website? Well, a direct answer to that question is switch to Tor.

What is Tor?

Tor Browser is your choice if you need an extra layer of anonymity. It’s a modified version of Firefox, it comes with pre-installed privacy add-ons, encryption and an advanced proxy. The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

Tor Browser

it’s currently available for  Windows, macOS, Linux, iOSAndroidOpenBSD.

 

https://youtu.be/8LNLB4xXrCQ

Categories
Android General

How to go Incognito with Youtube in Android

Sometimes we don’t want all the videos we watch to show up in our browsing history, yes for this youtube has a new feature added, an Incognito mode that makes it easier to watch videos without adding to your view history.

This feature is currently only available for Android.

Note: This helps only in not listing the videos in your history, your traffic can be still monitored by service providers.

To turn on Incognito mode, launch the YouTube app and tap on your profile picture. From there, select “Turn on Incognito” from the menu that appears.

Categories
technews

How to change Google Drive folder location?

By default Google Drive installer creates a folder here C:\Users\<USERNAME>\AppData\Local\Google (Replace ‘USERNAME’ with your computer username), considering the storage option available with google drives this might end-up in utilizing filling your default drive space if all folders is allowed to sync.

We can change the Gdrive  installation location in two ways.

During installation we can change as mentioned BELOW
  • Download the latest drive installer
  • Begin the installation, then click “Get started”
  • Log in using your account
  • Click next 3 times after logging in, you should see a window that says “You’re all set” –>There should now be an Advanced Setup button
  • Click that button and choose your installation location.
After Installation
  • Click on the Google Drive icon in your system tray
  • Choose Disconnect account… in Preferences
  • Sign in again. You can change the folder when you click Advanced setup button.

 

Categories
technews

PETYA Crypto-ransomware

Till now we have heard of ransomware’s targeted computers files will be encrypted, in this scenario users are allowed to login to the Operating System but won’t be able to open encrypted files. The newly discovered PETYA Crypto-Ransomware has crossed one more step and it overwrites the MBR itself to lock users out of their computers.

Petya is still distributed via email. Victims would receive an email tailored to look and read like an applicant applying for a job in a company. It would present users with a hyperlink to Dropbox storage location, which would let users download the above said user’s CV.

The file downloaded is actually a self-extracting executable which will unleash the trojan into the system.

Once executed, Petya overwrites the MBR of the entire hard drive, causing windows to crash and display a blue screen. When the user tries to reboot the system the modified MBR will stop him to boot into the operating system, and will be greeted with an ASCII skull and an ultimatum: pay up with a certain amount of bitcoins or lose access to your files and computer.

Fig1: Petya’s red skulls-and-crossbones warning

 

This modified MBR even disable booting to safe mode also. The user is then given explicit instructions on how to do this, just like any crypto-ransomware currently making the rounds: a list of demands, a link to the Tor Project and how to get to the payment page using it, and a personal decryption code.

Fig 2: Petya’s decryption and ransom payment instructions

Categories
technews

Drown vulnerabilty

Drown stands for Decrypting RSA using Obsolete and Weakened eNcryption, and it provides a way for attackers to decrypt HTTPS communications from servers that are still supporting SSLv2. Most of us think supporting SSLv2 protocol on server is not a problem because most of the modern client software’s just don’t use it.

But looks like the mere existence of SSLv2 help attackers to crack a connection’s encryption, and initiate what is effectively a MITM attack.

According to the researchers, a server is vulnerable to the DROWN vulnerability (also known as CVE-2016-0800) if:

It allows SSLv2 connections. This is surprisingly common, due to misconfiguration and inappropriate default settings. Our measurements show that 17% of HTTPS servers still allow SSLv2 connections.

or:

Its private key is used on any other server that allows SSLv2 connections, even for another protocol. Many companies reuse the same certificate and key on their web and email servers, for instance. In this case, if the email server supports SSLv2 and the web server does not, an attacker can take advantage of the email server to break TLS connections to the web server. When taking key reuse into account, an additional 16% of HTTPS servers are vulnerable, putting 33% of HTTPS servers at risk.

If you want to check whether a particular site is vulnerable, the researchers have helpfully provided an online tool.

Categories
Gatling

Introduction to Gatling

We are living in the world of technologies, it changes the way we work, the way we look at the things. We search queries in google, do shopping online, share a moment in Facebook, chat with our childhood friends irrespective of where they live. Everyone likes if the tasks are simplified or automated by online solutions and gives more sophistication on our needs. Hence it is more important to design the web application by considering the performance factors such as concurrency, response time, fault tolerance, scalability. Though there are so many load testing tools available in the market, JMeter and Gatling are considered as widely used performance testing tools. Both JMeter and Galing are open source tools , Gatling also has enterprise version ‘Gatling Frontline’ “https://gatling.io/gatling-frontline/

We had seen already about JMeter and how it helps QA to identify performance bottlenecks without worrying much on coding part as JMeter offers built-in components like Logical controllers, Samplers for protocols like http,ftp,Soap,Jms etc…, listeners for reports, Config elements like CSVDatasetConfig for customizing user data, Pre-Processors , Post-Processors such as Regex-Extractor, JMXMon for Monitoring the heap parameters of the Web application. Indeed JMeter is easy to use and it servers the purpose of finding the performance bottleneck, we have to agree on the fact that it has JMX format which makes script changes challenging.

Introduction on Gatling
Gatling is developed and maintained by Stephene Landelle. Gatling is well known for its speed and performance as it is built on AKKA Engine, Scala language based. Gatling works on asynchronous model. Gatling does not lock the thread at the jvm level, so there is no one user per thread concept. After thread completes it tasks , it will be released and takes the next task. Currently Gatling supports more on HTTP protocol , also they support JMS protocol.

As per https://gatling.io/performancetesting ,it has code-like scripting  which can help in continuous delivery pipeline. Gatling Domain Specific Language (DSL) helps easy-to-read for everyone.

Download Gatling from the following location, Latest version is Gatling 2.1.7
http://gatling.io/#/download

When you open Gatling you can see the following folders

bin
It has gatling recorder and gatling to run simulations for both windows and linux

conf
Gatling configuration files are placed here

lib
lib folder has Gatling Jar files , Scala libararies, netty libraries

results
results folder basically consists of simulation results, html files

target
where simulation class files can be found

user-files
user files are placed under data folder of this user-files directory.
simulation files are inside /user-files/simulation folder.