Saturday, May 24, 2014

dSploit - " The most complete and advanced IT security professional toolkit on Android "


" In order for you to know your ENEMY, 
you must become your ENEMY. "
-Sun Tzu ( Art of War )

         
          For every IT Professionals, experts/geeks,  it's one of the handy and probably most handy tools in terms of Network Analysis, Penetration Tools and Network Security Assessments on a mobile device. Since I've been in Computer - Network industry, I've came across at this tools and test some functions of how this tools behave and perform in terms of capabilities to penetrate Network Security. This tool is for educational purpose only , it can be use for further studies of how network security can be exploited and take some necessary measures to secure them. This is for beginners and  experts / geeks who wish to have advance knowledge dealing with Network Analysis and Security, and also notify the readers, Internet-Computer users that there are advance tools that can be use against them for whatever purpose. 

       This tool is very easy to use, you don't need to memorize some commands as other Penetration tools does. In order for you to install this and function properly, your device must  have an ARM CPU and must be rooted and you must install another Android Apps named BusyBox (full installation needed for Busybox), also your device version must be 2.3 up. 


     
  The tools have several functions as listed below, source : ( dSploit.net )
  • WiFi Scanning and Key Cracking
  • Deep Inspection
  • Vulnerability Search
  • Multi Protocol Login Cracker
  • Packet Forging with Wake On Lan Support
  • HTTPS/SSL Support ( SSL Stripping + HTTPS Redirection )
  • MITM Realtime Network Stats
  • MITM Multi Protocol Password Sniffing
  • MITM HTTP/HTTPS Session Hijacking
  • MITM HTTP/HTTPS Hijacked Session File Persistence
  • MITM HTTP/HTTPS Realtime Manipulation

       It performs in a way that if your device is able to log-in, in a network, you can start the test. First it launch a Man in the Middle Attack ( MITM ) to the router so that every connections handled by the router  will be redirected to you as if now " your device is now the router " and all the traffic must first pass to you before it can be handle by the router and route it to its destination. It is commonly called ARP Poisoning. Now that you have the control you can do several functions like, terminating the connections preventing the user to reach any website, replace the images, videos, text of the user webpage that are loaded in a browser,  redirecting the user webpage to other page, session hijacking meaning you may able to see whatever the user are browsing but only limitation is, it can only hijack session in HTTP but not HTTPS.

      I made some experiment regarding session hijacking, using my laptop as a target, I launch the attack using tablet device of my daughter, and it break my router firewall security coz my router is too old, so better have good one router. In short I have the control, then I log-in to my Facebook account and wait for several minutes to see if I can able to hi-jack it and able to appear at the android device, but  it never. So what's the good idea. Facebook is using HTTPS format, it is a secured connection like the one used also by Google, Twitter, Youtube and other big companies. Although the tool listed that it can perform HTTPS session hi-jacking but it's not. So better check the HTTPS in your browser when you log-in to your social account, you will see it at the top of the browser page where you type the address, with the green padlock icon.


       When it comes to WiFi cracking, the models listed below are vulnerable to password cracking, so when your device is not listed, your safe to this tool.

Thomson, DLink, Pirelli Discus, Eircom,Verizon FiOS, Alice AGPF, FASTWEB Pirelli and Telsey, Huawei, WlanXXXX, JazztelXXXX, Wlan_XX, Ono ( P1XXXXXX0000X ), WlanXXXXXX, YacomXXXXXX, WifiXXXXXX, Sky V1, Clubinternet.box v1 and v2, InfostradaWifi.

        It can also be able to sniff password of many protocols such as http, ftp, imap, imaps, irc, msn etc...It can scan quickly open port/s and traceroute on a single target. All other functions performed well when it comes to Network analysis, it collects detailed data, so you have the picture of what certain area of your Network needs proper attention.

      To ordinary users, beware when using HTTP only, the tool can hi-jack any session, so never log-in to whatever sensitive account you have when using only HTTP, in a public place, like WiFi hotspot, restaurant, and the like. You never know someone is sniffing to you. That's the danger of using Public Wifi hotspot. I came to think that sometime I was able to log-in to my Humanatic account using only Public Wi-fi hotspot, Humanatic only use HTTP not HTTPS. Until then that I discover this advance tool I refrain myself for doing that  again. So reminders to all Humanatic Reviewers and all who uses only HTTP when logging in with their account.


       Nothing in this world are safe when dealing with Network Security, but there are things and possible ways that  need to be done in order to prevent any problems, may it be ordinary user or expert in this field. Awareness is one example, research, continues study and experiment before it happened.

  "A false sense of security is worse than being unsure."
Anonymous

"A false sense of security is worse than being insecure, as you may not be prepared to face the eventuality of being hacked." 
( quote from Backtrack 5 Wireless Penetration Tools by Vivek Ramachandran )
      

_________________________________________________________________________________


2 comments: