Social Icons

Showing posts with label HTTPS. Show all posts
Showing posts with label HTTPS. Show all posts

Thursday, October 01, 2015

Burp Suite : Configuring the browser and redirecting traffic

1.   Vide my last post about installing Burp Suite here ,now I move ahead to configure your browser in order to redirect all HTTP/S requests through Burp Proxy, instead of the actual target website. In my case here I am configuring a Mozilla Browser with proxy host address to 127.0.0.1 and the proxy port to 8080 , for both HTTP and HTTPS.The typical configuring of browsers is more or less common with major browsers with minor differences in interfaces.Here next I place you screen shots as I surfed a redirected traffic both for http and https via Burp Suite.First steps to configure Mozilla followed by screen shots :

Configuring Mozilla Firefox

- Click Firefox menu and then Preferences.
- In the Advanced options, under the Network tab, click on connection Settings.
- Select Manual proxy configuration.
- Enter the proxy host address as 127.0.0.1 and the proxy port as 8080.
- Select Use this proxy server for all protocols.
- Make sure to remove all exceptions from the No Proxy for field.
- Click OK and close.


2.   So now you have a working installation of Burp Suite and your browser is properly configured to intercept all requests.Now to test go to the browser, enter any http://www.****** site in the address bar and press Enter . If all is well, Burp Proxy should intercept this request. In Burp Suite,go to the Proxy and Intercept tab and verify that the web request is waiting for your approval.Ensure tha the Intercept on button is enabled; click on it and allow the request to transit through Burp by pressing Forward in Burp Suite Interface. Now in the browser, you should see the http page you entered in address bar.

Now try a https site and you are bound to see this warning as seen below in the screenshot.You will be presented with a This Connection is Untrusted page.In such a case, you are required to manually approve the connection by clicking on I Understand The Risks, then Add Exceptions... and Confirm Security Exception. To make sure that Burp Proxy is actually causing the warning, you click on the certificate status View... and see that the certificate belongs to PortSwigger CA as seen below in one screenshot.

 PortSwigger CA certificate


This setup means that Burp Suite is now ready for use as the traffic is being redirected as desired as per configuration....

Saturday, April 20, 2013

Self Destructing E Mails : Receiver reads them only Once

1.   It has always remained a question for typical email users like u and me of how to send a self destructing E-Mail...an email that is read once and destroyed that moment like how about your office messages with vendors or love mails with your present Girl Friend/Boy Friend or u can imagine situations for such requirements....

2. Earlier it had been the disposable email solution and now there are many solutions that offer this particular requirement of Self Destructing E Mails.Below are few such sites and solutions :

http://www.self-destructing-email.com/

Offers free trials last for two weeks or 25 emails (whichever comes first) and u need to register with it.It lets you decide what happens to your email after sending.

https://privnote.com/


Privnote is a free web based service that allows you to send top secret notes over the internet. It's fast, easy, and requires no password or user registration at all.

Just write your note, and you'll get a link. Then you copy and paste that link into an email (or instant message) that you send to the person who you want to read the note. When that person clicks the link for the first time, they will see the note in their browser and the note will automatically self-destruct; which means no one (even that very same person) can read the note again. The link won't work anymore.(Courtesy : https://privnote.com/ )


http://www.destructingmessage.com/

DestructingMessage.com is a free service which enables you to send a self-destructing message to someone. This means, once they read the message they will no longer be able to read it again after the timer has reached zero. This ensures your message is read by no one but the reader and all evidence of the message is erased. Messages are also anonymous unless you add any identifiable information to your message.(Courtesy : http://www.destructingmessage.com/)

https://oneshar.es/

-  Uses HTTPS (SSL; Port 443) to encrypt the data from your web browser to our servers.

-  All data is stored encrypted.
-  When someone views the unique URL that you send them; your encrypted message is deleted from our system.
-  The datacenter maintains the latest security updates and patches on our server.
-  Google Analytics is used on our site for web analytics.

Monday, January 23, 2012

SURF SAFE : SURF http'S'

1. In our endeavor to safely surf the web,rest assured ....we will never be safe in recent times to come.But we can always keep improving our surfing habits so that we are not easy victims.

2. Using HTTPS, the computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.

3.  As on date almost all the browsers offer plugins from their respective web stores that include what I am talking about here ie HTTPS ENFORCER.The HTTPS Enforcer extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the sites HTTPS Enforcer supports.

4.  So install HTTPS plugin for ur respective browser...and SURF SAFE.
Powered By Blogger