Google Chrome a new hacking tool.. !!!!
hello friends some of you may be stunned by what I am saying here.
"Google Chrome A new hacking tool...!!!" But how ??
Install google chrome. now open any webpage like orkut.com
Now right click on the page and select option that says
Inspect element
by default it will be the last option in right click context menu.
Now you can see magic of that option. Now what this option does is it provides you a lot of information regarding element that you are inspecting on webpage. There is deep information provided. Basically this option is the functionality that a tool Instant Source provides. Now you wont need to install any separate software to do so.
This information can be used by developers to know how stuff work and how page is designed.
Attackers can use this features to dig vulnerabilities in the webpages. Then this vulnerabilities can be then used to initiate an attack against that website. ;-)
Try to self study on this topic.
My experiments are still going on. ;-)
"Google Chrome A new hacking tool...!!!" But how ??
Install google chrome. now open any webpage like orkut.com
Now right click on the page and select option that says
Inspect element
by default it will be the last option in right click context menu.
Now you can see magic of that option. Now what this option does is it provides you a lot of information regarding element that you are inspecting on webpage. There is deep information provided. Basically this option is the functionality that a tool Instant Source provides. Now you wont need to install any separate software to do so.
This information can be used by developers to know how stuff work and how page is designed.
Attackers can use this features to dig vulnerabilities in the webpages. Then this vulnerabilities can be then used to initiate an attack against that website. ;-)
Try to self study on this topic.
My experiments are still going on. ;-)
i find this option more better than view source code option because it saves a lot of time.
you can inspect a particular element in google chrome by doing that u get code of that particular element that can be textbox, link etc. but if u use view source code option then u get code of whole page that is sometimes very large and take lot of time to know the code of that particular element.
There are many other options that can come handy in chrome like script option.
for instance: right click on a link then select inspect option now select script option u can see how the script is working related to that link.
moreover u can easily navigate to body, head, table, center, of the webpage using the option at below bar.
U can also directly view the table and forms that are used in that page., by using options line below bar.
I think i should not call it a hacking tool but I found that it saves lot of time for attacker to inspect a webpage so it can be used as hacking tool to discover vulnerabilities.
It is like old wine in new bottle. ;-)
you can inspect a particular element in google chrome by doing that u get code of that particular element that can be textbox, link etc. but if u use view source code option then u get code of whole page that is sometimes very large and take lot of time to know the code of that particular element.
There are many other options that can come handy in chrome like script option.
for instance: right click on a link then select inspect option now select script option u can see how the script is working related to that link.
moreover u can easily navigate to body, head, table, center, of the webpage using the option at below bar.
U can also directly view the table and forms that are used in that page., by using options line below bar.
I think i should not call it a hacking tool but I found that it saves lot of time for attacker to inspect a webpage so it can be used as hacking tool to discover vulnerabilities.
It is like old wine in new bottle. ;-)
try this too. Most of you may know about it I assume.
It is basically banner grabbing technique. but u can even get part of source code of the webpage that is not shown in source code when u use option view source code.
u need netcat installed on ur system.
now goto the folder of netcat and there you have to create a notepad, type the following code exactly in it:
Get / HTTP/1.0
hit enter
hit enter
where I typed hit enter means u have to create new line by just hitting enter twice.
Now save the notepad with any name like crypto.txt or whatever u want.
now run the netcat. type the following command:
nc -v 10.0.0.1 80 < crypto.txt
Where I have types 10.0.0.1 you should enter valid ip address of some website. now hit enter
You can see the output. You will see that output contains actually the source coe of the home page of that site. most of times this source code contains many hidden values and fields that are not shown in View source code option output.
Websites like google.com are not vulnerable to this technique because u know they have intelligent people(we can give credit to them too ;-) )
but many other sites that are not so much popular are vulnerable.
This technique works for homepage of website. I don't think it can work for any specific page of an website :(
It is basically banner grabbing technique. but u can even get part of source code of the webpage that is not shown in source code when u use option view source code.
u need netcat installed on ur system.
now goto the folder of netcat and there you have to create a notepad, type the following code exactly in it:
Get / HTTP/1.0
hit enter
hit enter
where I typed hit enter means u have to create new line by just hitting enter twice.
Now save the notepad with any name like crypto.txt or whatever u want.
now run the netcat. type the following command:
nc -v 10.0.0.1 80 < crypto.txt
Where I have types 10.0.0.1 you should enter valid ip address of some website. now hit enter
You can see the output. You will see that output contains actually the source coe of the home page of that site. most of times this source code contains many hidden values and fields that are not shown in View source code option output.
Websites like google.com are not vulnerable to this technique because u know they have intelligent people(we can give credit to them too ;-) )
but many other sites that are not so much popular are vulnerable.
This technique works for homepage of website. I don't think it can work for any specific page of an website :(
No comments:
Post a Comment
if you are facing any problem comment here