SSL Vulnerabilities Analyzer 1.1 published

Hi people

After a few months of work and research we have updated the SSL Analyzer tool to version 1.1. So, here is a description about the SSL Analyzer and who should use it.

SSL Vulnerabilities Analyzer

What is it?

This tool was created for penetration testers and for site administrations who want to check if their server allows usage of insecure SSL algorithms.

SSL did not allow attackers to read/change the traffic between the client (computer/mobile browser) and the server, if the server allows insecure algorithms, the attacker can force the browser to use them and break the encryption (as they are named, they are insecure algorithms…).

Easy to use

SSL Vulnerabilities Analyzer has a nice interactive tool that makes it easy to run and check if the server contains insecure algorithms also for non-technical people.

Source code

SSL vulnerabilities analyzer shared with his source code under GPL v3 license, as a gift back to the open source community.

Download

You can download the current version (1.1) from here: SSL Analyzer version 1.1 zip

For more details, source code and versions, please visit the dedicated area in our website: https://appsec-labs.com/SSL_Analyzer

Read more

Wardriving? Apple? Really ??

Advanced iPhone Hacking with iNalyzer

The slides from my OWASP Israel 2012 talk “Advanced iPhone Hacking with iNalyzer” have been uploaded and are available here.

iNalyzer iPhone testing tool that was presented in the talk can be downloaded directly from Here (You will need Graphviz Dot and Doxygen installed on your PC/Laptop )
Here is an Installation Video (currently no Sound..)
iNalyzer Installation and usage

Here is a small demo of iNalyzer Vs. iSafePlay
iNalyzer Vs. iSafePlay
Enjoy,
Chilik

Domain hijacking & Range attack by cPanel

cPanel navigates the requests that are sent to the server to the correct account according to domain. Of course, the account owner must declare that the domain belongs to him. In order to ensure that the domain does, in fact, belong to him, cPanel offers two options (without EPP code):

1. To refer the domain DNS to the DNS storage server.

2. To create a randomly-named file on the domain, created by cPanel, which is unique per-user.

cPanel assign domain options

I will go into some detail regarding the first option.

Read more

Tampering 101 – Automated binary protocol analysis of web applications (Chilik’s talk @ OWASP Israel 2011)

The slides from my OWASP Israel 2011 talk “Tampering 101 – Automated binary protocol analysis of web applications” have been uploaded and are available here Tampering101_slides.

Belch automation tool that was presented in the talk can be downloaded directly from sourceforge in the following link Belch – Burp ExternaL CHannel v1.0.12

Enjoy,
Chilik

When Crypto Goes Wrong – Presentation

OWASP-Moves-RSA-Conference-Training-Class-Across-the-Street-421783-2

Slides from erez’s “When Crypto Goes Wrong” presentation at yesterday’s OWASP Israel 2011 conference.

When Crypto Goes Wrong – Presentation

EvilQR – When QRCode goes bad

Security assessment of mobile QR readers – Updated (30-Nov-2011)

Abstract:
Quick Response code, also known as QRCode has been around for several years, but in the last months there has been an incline in adoption of QRcodes as a marketing channel. A QRcode can encode a variety of information into a 2-dimentional barcode that is presented to the costumer. Customers are often referred by vendors into scanning QRCodes in order to receive coupons, discounts or other marketing media such as website, flash movie etc. The QRCode is parsed by QR-reader software on a mobile phone equipped with a camera. The true nature of QRcode content is an enigma until it is scanned; there is no possibility for the customer to authenticate the content of a QRcode without scanning it first. Because of the latter fact, an attacker with evil intent could craft a malicious QRCode (or evilQR) and lure an innocent customer to scan it. Once scanned the evilQR would be parsed by the customer mobile phone software and would initiate its’ attack. Attack vectors could vary from browser-based such as Cross-Site-Scripting (XSS) to specific buffer-overflow and command injection. The key for a successful attack lays in the default behavior of the mobile QRCode reader software. If as an example, a QRCode reader parses a link from a evilQR and preforms a URL redirection without proper confirmation of the customer – the attack would succeed. In this assessment we have compared the default behavior of several QR-readers for and noted their behavior upon the parsing of two evilQRs. Best practices for mobile users are also discussed.

The problem:

 An innocent customer can be easily tricked into scanning a malicious-crafted QRCode (evilQR) by an attacker, upon scanning the customer mobile would be attacked by the encoded payload.

Motivation:

The motive for executing such attack is very clear – the mobile phone is a gold mine for an attacker, because today’s phone contains very sensitive information such that can be abused by an attacker in several ways:

Read more

Order my lecture in DefCon group

ScreenShot301

DC9723 is an Israeli DefCon group (currently the only one), which meets once monthly on the third Tuesday of each month. Each meeting consists of two lectures about Hacking \ Information security. I will be giving the first lecture in the next meeting, the subject being HTML5 security.

The lecture in fact deals with HTML5 & hacking, I’m not really know why they wrote HTML5 security there. But anyway, and more importantly, it is going to be very interesting.

 

So, open your diaries:

08/16/2011 19:30 to 20:30

Tel-Aviv University (Rosenblat Auditorium)

Free admission

Lecture: HTML5 Security (by Israel Chorzevski)

Link: https://dc9723.org/Main_Page

 

Looking forward to seeing you there,

Israel