Sign in to follow this
Followers
0

Exploits Tor Browser 7.x NoScript Bypass
By
1337day-Exploits, in Updated Exploits
-
Similar Content
-
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Bypass 4xx HTTP response status codes.
Script uses multithreading, and is based on brute-forcing so might have some false positives. Script uses colored output.
Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending.
Extend this script to your liking.
Tested on Kali Linux v2021.4 (64-bit).
Made for educational purposes. I hope it will help!
Tests:
various HTTP methods,
various HTTP methods with ‘Content-Length: 0’ header,
cross-site tracing (XST) with HTTP TRACE and TRACK methods,
file upload with HTTP PUT method,
various HTTP method overrides,
various HTTP headers,
various URL overrides,
URL override with two ‘Host’ headers,
various URL path bypasses,
basic-authentication/authorization including null session,
broken URL parser check.
Changelog v5.8
Added port overrides, and added more HTTP request headers.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. What is tornado?
Tornado is implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without portforwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.
tornado can do
create hidden service with tor network
generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things
hidden service becomes available outside tor network and ready to reverse shell connection
be careful with tor2web even onion network, the only suicide mission is wearing blinders. tornado not secure from victim's point of view: the point of tor is that users can connect without being eavesdropped on and going through the clearnet with tor2web, even with https seriously cripples the efforts made to protect users.
Disclaimer
This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool and software.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Decrypt passwords/cookies/history/bookmarks from the browser.
HackBrowserData is an open-source tool that could help you decrypt data ( password|bookmark|cookie|history|credit card|download|localStorage|extension ) from the browser. It supports the most popular browsers on the market and runs on Windows, macOS and Linux.
Disclaimer: This tool is limited to security research only, and the user assumes all legal and related responsibilities arising from its use! The author assumes no legal responsibility!
hack-browser-data-v0.4.2 Latest
Changes
feat: support export extension @moonD4rk (#129)
feat: enhance cmd color log output @moonD4rk (#129)
docs: add logo for HackBrowserData @moonD4rk (#128)
Supported Browser
Windows
Browser Password Cookie Bookmark History Google Chrome ✅ ✅ ✅ ✅ Google Chrome Beta ✅ ✅ ✅ ✅ Chromium ✅ ✅ ✅ ✅ Microsoft Edge ✅ ✅ ✅ ✅ 360 Speed ✅ ✅ ✅ ✅ QQ ✅ ✅ ✅ ✅ Brave ✅ ✅ ✅ ✅ Opera ✅ ✅ ✅ ✅ OperaGX ✅ ✅ ✅ ✅ Vivaldi ✅ ✅ ✅ ✅ Yandex ✅ ✅ ✅ ✅ CocCoc ✅ ✅ ✅ ✅ Firefox ✅ ✅ ✅ ✅ Firefox Beta ✅ ✅ ✅ ✅ Firefox Dev ✅ ✅ ✅ ✅ Firefox ESR ✅ ✅ ✅ ✅ Firefox Nightly ✅ ✅ ✅ ✅ Internet Explorer ❌ ❌ ❌ ❌
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. Anonymously Reverse shell over Tor Network using Hidden Services without port forwarding.
This project implements the tor network with the metasploit-framework tool and msfvenom module. You can easily create hidden services for your LHOST .onion domain without portforwarding. If you have experienced different remote administration tools, probably you know you need a forward port with VPN or NGROK but in this sense, the Tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed.
Currently, this project has that features.
Create a hidden service
Generate msfvenom payload with fully undetectable
Hidden service becomes available outside tor network
Disclaimer
This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool and software.
Hidden Content
Give reaction to this post to see the hidden content. -
By itsMe
Hidden Content
Give reaction to this post to see the hidden content. This article explores a phishing technique that simulates a browser window within the browser to spoof a legitimate domain.
Introduction
For security professionals, the URL is usually the most trusted aspect of a domain. Yes there’s attacks like IDN Homograph and DNS Hijacking that may degrade the reliability of URLs but not to an extent that makes URLs unreliable.
All of this eventually lead me to think, is it possible to make the “Check the URL” advice less reliable? After a week of brainstorming I decided that the answer is yes.
Disclaimer
Usage of these templates for attacking targets without prior consent is illegal. It's the end user's responsibility to obey all applicable laws. The developer is not responsible for any misuse of these templates.
Hidden Content
Give reaction to this post to see the hidden content.
-