Information Security

Spoof HTTP Referer URL Using Google Chrome Spoofy Extension Or Using curl

When testing websites it may be beneficial to spoof the referer URL. I have used these methods in the past to locate bugs in code or files that have been infected with forms of search engine click jacking. The two easiest methods that I have found are using the Google Chrome extension called Spoofy or just using curl from the Linux CLI. Typically using curl is the easiest but if you are not familiar with curl then Spoofy also provides similar results. Below I describe both methods in detail.

Details
Technology Insights

What Package Installs more Via Yum On CentOS Linux

Typically you don’t need to install more because it is always already installed. The other night while researching something on a Windows 7 computer that had Cygwin installed we were looking to use more but it wasn’t installed. I am not sure if all default Cygwin installations don’t include more but in this case it didn’t. I typically use YUM to figure out what package provides specific applications if they are bundled with something else and not named by the command itself. Below is the output of yum whatprovides from a CentOS server when searching for the Linux package that installs more.

Details
Technology Insights

Download Location Of DD-WRT Linksys WRT600N BrainSlayer Firmware

I have put together some previous articles on upgrading the firmware on your Linksys WRT600N wireless router using various versions of DD-WRT. One thing I have not included in the articles is the specific DD-WRT download location for the firmware branch that I prefer which is called BrainSlayer. So below is a brief explanation of DD-WRT FTP structure where the WRT600N firmware is located.

Details
Information Security

View Wireless Authentication Type Using Wireshark In Network Capture: PSK, WPA

It is possible to crack WPA/WPA2 wireless network credentials using any number of open source tools available now including oclHashcat+, aircrack-ng, or pyrit to name a few. If you are having trouble cracking a password it is possible that the network uses RADIUS authentication instead of pre-shared keys(PSK). Now you could see this when if you looked at the details of the network you were attempting to capture authentication packets for as it would display as WPA Enterprise versus WPA Personal. It definitely happens though that this is not considered during the capture so you may need to verify that a network is WPA/WPA2 Personal versus WPA/WPA2 Enterprise once you are attempting to crack the authentication. You can do this using Wireshark and the details below.

Details