Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

 

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Sign in to follow this  
      1337day-Exploits

      Tor Browser 7.x NoScript Bypass

      Recommended Posts

      Guest
      This topic is now closed to further replies.
      Sign in to follow this  

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Bypass 4xx HTTP response status codes.
          Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output.
          Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending.
          Extend this script to your liking.
          Tested on Kali Linux v2021.4 (64-bit).
          Made for educational purposes. I hope it will help!
          Tests:
              various HTTP methods,
              various HTTP methods with ‘Content-Length: 0’ header,
              cross-site tracing (XST) with HTTP TRACE and TRACK methods,
              file upload with HTTP PUT method,
              various HTTP method overrides,
              various HTTP headers,
              various URL overrides,
              URL override with two ‘Host’ headers,
              various URL path bypasses,
              basic-authentication/authorization including null session,
              broken URL parser check.
          Changelog v5.8
              Added port overrides, and added more HTTP request headers.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. What is tornado?
          Tornado is implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without portforwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.
          tornado can do
              create hidden service with tor network
              generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things
              hidden service becomes available outside tor network and ready to reverse shell connection
          be careful with tor2web even onion network, the only suicide mission is wearing blinders. tornado not secure from victim's point of view: the point of tor is that users can connect without being eavesdropped on and going through the clearnet with tor2web, even with https seriously cripples the efforts made to protect users.
          Disclaimer
          This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool and software.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Decrypt passwords/cookies/history/bookmarks from the browser.
          HackBrowserData is an open-source tool that could help you decrypt data ( password|bookmark|cookie|history|credit card|download|localStorage|extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.
          Disclaimer: This tool is limited to security research only, and the user assumes all legal and related responsibilities arising from its use! The author assumes no legal responsibility!
          hack-browser-data-v0.4.2 Latest
          Changes
              feat: support export extension @moonD4rk (#129)
              feat: enhance cmd color log output @moonD4rk (#129)
              docs: add logo for HackBrowserData @moonD4rk (#128)
          Supported Browser
          Windows
          Browser Password Cookie Bookmark History Google Chrome ✅ ✅ ✅ ✅ Google Chrome Beta ✅ ✅ ✅ ✅ Chromium ✅ ✅ ✅ ✅ Microsoft Edge ✅ ✅ ✅ ✅ 360 Speed ✅ ✅ ✅ ✅ QQ ✅ ✅ ✅ ✅ Brave ✅ ✅ ✅ ✅ Opera ✅ ✅ ✅ ✅ OperaGX ✅ ✅ ✅ ✅ Vivaldi ✅ ✅ ✅ ✅ Yandex ✅ ✅ ✅ ✅ CocCoc ✅ ✅ ✅ ✅ Firefox ✅ ✅ ✅ ✅ Firefox Beta ✅ ✅ ✅ ✅ Firefox Dev ✅ ✅ ✅ ✅ Firefox ESR ✅ ✅ ✅ ✅ Firefox Nightly ✅ ✅ ✅ ✅ Internet Explorer ❌ ❌ ❌ ❌
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Anonymously Reverse shell over Tor Network using Hidden Services without port forwarding.
          This project implements the tor network with the metasploit-framework tool and msfvenom module. You can easily create hidden services for your LHOST .onion domain without portforwarding. If you have experienced different remote administration tools, probably you know you need a forward port with VPN or NGROK but in this sense, the Tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.
          Currently, this project has that features.
              Create a hidden service
              Generate msfvenom payload with fully undetectable
              Hidden service becomes available outside tor network
          Disclaimer
          This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool and software.

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain.
          Introduction
          For security professionals, the URL is usually the most trusted aspect of a domain. Yes there’s attacks like IDN Homograph and DNS Hijacking that may degrade the reliability of URLs but not to an extent that makes URLs unreliable.
          All of this eventually lead me to think, is it possible to make the “Check the URL” advice less reliable? After a week of brainstorming I decided that the answer is yes.
          Disclaimer
          Usage of these templates for attacking targets without prior consent is illegal. It's the end user's responsibility to obey all applicable laws. The developer is not responsible for any misuse of these templates.

          Hidden Content
          Give reaction to this post to see the hidden content.