HTTP session reconstruction

Been wanting to attempt to reconstruct HTTP sessions captured in Pcap files. Stumbled across this tool called "PyFlag". They have this amazing script to automatically download, install and set up "PyFlag" on Ubuntu. It was painless to get up and running. I managed to load Pcap files to "PyFlag" for analysis but wasn't able to reconstruct the HTTP sessions.
I researched for other tools and found "Unsniff". Worked like a charm!!!
at No comments:
Labels: ,

Latency

Antivir is a powerful AV with its heuristic detection of malware. I gave up on it because of the ridiculous time it took to update. I replaced it with Microsoft's "Security Essentials".
at No comments:
Labels:

Network forensics puzzle #3

New network forensics puzzle is out. Inline with contest rules, I can't post my answers till the deadline is over.
at No comments:
Labels:

Cookie manipulation

I demonstrated cookie hijacking previously but never elaborated about how the stolen cookie can be used.
To make use of stolen cookie information, the session must still be active for cookie manipulation to be successful. Here I manually add cookies using the "Web Developer" Firefox addon to successfully access an active Gmail session.

The high res version of this demo can be downloaded here.
at No comments:
Labels: , ,
Subscribe to: Posts (Atom)

VMware Workstation Pro is now free for personal use!!!

VMware Workstation Pro is now free for personal use!!!  However, it was not straight forward to install on Ubuntu as I encountered error mes...

  • "An error occured in avast! engine: Invalid argument"
    This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
  • Encrypted mails
    I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...