Showing posts with label Security-Tools. Show all posts
Showing posts with label Security-Tools. Show all posts

Saturday, 19 July 2014

Check your Public IP address Geo Location using the command line on Linux




If you are using VPN connections it can be important and useful to be able to check your current public IP. For me going to one of the many web sites that offer such a service is slow. As always on Linux the command line is the fastest way. Searching around I found geoiplookup which did exactly what I wanted. It uses the GeoIP library and database to find the Country that an IP address or hostname originates from.

Example

$ geoiplookup 80.60.233.195

Displays the country that 80.60.233.195 originates from e.g.

NL, Netherlands

You can have a simple bash script like :

#!/bin/bash
clear
echo "Current Public IP is :"
curl -s checkip.dyndns.org | sed 's/.*IP Address: \([0-9\.]*\).*/\1/g'
sleep 1
PUBLICIP=$(curl -s checkip.dyndns.org | sed 's/.*IP Address: \([0-9\.]*\).*/\1/g')
geoiplookup $PUBLICIP

To install on Arch :

$ sudo pacman -S geoip

To install on Ubuntu, Linux Mint or Debian

$ sudo apt-get install geoip-bin

By default the IP to country database is located at /usr/share/GeoIP/GeoIP.dat
Posted by at 1 comment:
Labels: ,

Monday, 14 July 2014

How to stop embedded images tracking your location on Gmail


You may think that the only way people can tell if you opened an email is the good old 'read receipt' but there is another more subtle method. That method is by using embedded images to track individuals. Currently this method is used by phishers, marketers and spammers to track where people open emails and to track other useful information.

The most common method used for email tracking is embedded images. The process is relatively simple :

- Email is created in HTML

- Included is a reference on a remote server that the sender owns or has access to

- Each email can be given a unique URL to track what individual opens emails

- Contained within the HTTP request from your email client to obtain the referenced image will be your IP address (which can track your location unless you are on a VPN) to at least to your city, your browser and Operating System.

All very useful information that can be used to draw a number of conclusions about the reader :

- Where was the email opened

- What time was the email opened

- How long from when the email was sent was it opened

- What type of device was the email opened on

- Prove that it made it past any spam filters in place

- Show that the email is valid and in active use

Gmail Solution


With Gmail like most privacy features from Google you must opt-out which can be done as follows :

Browser Client


- Select Gear icon then Settings

- Under the General tab look for Images (Fourth down currently in the list)

- Select 'Ask before displaying external images'

- Scroll to bottom of screen

- Select Save Changes

Android


- Within the Gmail App on Android

- Select menu on left and scroll down to the bottom (may take a while if you have lots of labels) until you see Settings   

- Select each email address in turn (if your have multiple) and scroll to bottom and select Images

- Change to Ask before showing
Posted by at 1 comment:
Labels: , , ,

Sunday, 6 July 2014

OpenWRT : Use Google Public DNS


By default you will be using the DNS servers supplied by the ISP you subscribe with. With OpenWRT its easy to change the DNS service that you use to an alternative option. A popular option is the Google Public DNS service.

Advantages of using Google's DNS are :

  • Faster web browsing
  • Improved security
  • No redirection
Note - depending on your location it could be slower. Your geographic location will determine the closest Google DNS server you will be directed to.

In OpenWRT to change is a simple process

  • Open Luci web interface
  • Select 'Network' -> 'DHCP and DNS'
  • Locate 'DNS forwardings'
  • Enter '8.8.8.8'
  • Press '+' button to enable a second entry
  • Enter '8.8.4.4'
  • Select 'Save & Apply'
It should look similar to the following :


Posted by at No comments:
Labels: ,

Saturday, 21 June 2014

Using Wireshark to evaluate a packet capture



The tool Wireshark is a fantastic tool for both capturing traffic and evaluating traffic. I typically capture traffic using the Linux command line tool 'tcpdump' but like to use Wireshark for evaluation. In this post I will be focusing on evaluation of packet captures.

If you can quickly view packets of interest e.g. insecure http connections you can right click on the packet and select 'Follow TCP Stream' which can quickly show you the traffic flow.

With a packet capture you have open in Wireshark there is a Filter box along the top which you can use to find packets of interest. I find the filter 'frame contains <search term>' can yield interesting results e.g.

frame contains Password
frame contains password
frame contains login
frame contains test.com

Another method for example to ensure a password is not being sent over clear text is to in Wireshark select Edit -> Find Packet and in the resulting window :

  • Select String under Find
  • In the Filter field enter a password of interest e.g. secret
  • Under 'Search In' select 'Packet bytes'
  • Select Find


At the very bottom of the screen if you see 'No packet contained that string' all is good and your password was encrypted before being sent over the network :)


Note : this tool should not be used in a malicious way. It should only be used to ensure your own environment is safe where you have permission to run it e.g. your local network. 
Posted by at No comments:
Labels:

OpenWrt tcpdump packet captures for traffic evaluation





Its really useful to be able to capture traffic on your local network. One common use case would be capturing traffic from a mobile application that you believe may _not be secure. With OpenWrt as our router we can install and use tcpdump to capture the traffic.

I have created a non root account as is best practise to many commands will require 'sudo' to enable the correct privileges.

First we need to update the package manager then install tcpdump :

 $ sudo opkg update
$ sudo opkg install tcpdump

Now we can run tcpdump and capture the traffic in a file for evaluation.

Run ifconfig to identify the bridge on your network which typically will have teh IP address 192.168.1.1 :

$ ifconfig

In my case the adaptor is  'br-lan ' which the devices being provisioned by OpenWRT route through.

Check the amount of free disk space you have before writing to file. In this example I have sufficient free space in /tmp.

$ df -h

We can now run a packet capture as the sudo user with the following example syntax changing  'Host IP address' to the IP of your device e.g. phone and 'nameof capture' as an appropriate name.

$ sudo tcpdump -i br-lan -vvv host <Host IP address> -w <nameof capture>.pcap

Generate some network traffic on your device and when complete  press 'Ctrl + C'.

You can then scp the file to your PC for evaluation using a tool like wireshark. Example syntax :

 $ scp <nameof capture>.pcap user@<PC IP>:~/tmp

On Arch Linux you can install wireshark with

$ pacman -S wireshark-gtk








Posted by at No comments:
Labels:

Sunday, 13 April 2014

How to install execstack on Ubuntu and Arch Linux



Execstack is a great tool for learning and training on Linux. It is  a program which sets, clears, or queries the executable stack flag of ELF binaries and shared libraries. When I was looking to install it I took me a bit to find which package to install it in. You can install with :

Ubuntu

$ sudo apt-get install prelink

Arch Linux

$ sudo pacman -S prelink


Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)