Hackersidea

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. Description CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf. Fo

     Supplying multiple HTTP parameters with the same name may cause an application to interpret values in unanticipated ways. By exploiting these effects, an attacker may be able to bypass input validation, trigger application errors or modify internal variables values. As HTTP Parameter Pollution (in short HPP ) affects a building block of all web technologies, server and client side attacks exist. Current HTTP standards do not include guidance on how to interpret multiple input parameters with the same name. For instance, RFC 3986 simply defines the term Query String as a series of field-value pairs and RFC 2396 defines classes of reversed and unreserved query string characters. Without a standard in place, web application components handle this edge case in a variety of ways (see the table below for details). By itself, this is not necessarily an indication of vulnerability. However, if the developer is not aware of the problem, the presence of du

          Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs), over 47,000 in total (as of June 2016). All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).     Architecture Overview The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateles

                    CUPP is powerful tool that creates a wordlist, specifically for a person. CUPP is cross platform and written in Python. CUPP asks you questions about the target (name, wife’s name, pet’s name, phone number…) and then creates a password based on the keywords you entered. How to install CUPP in Kali linux 1) Out first step is to start Kali, our beloved hacking system. Once we have Kali up and running, we need to make a directory to store our CUPP files in our home directory. Enter this command:                           mkdir CUPP 2) Then, navigate to that directory                           cd CUPP 3) Once inside the CUPP directory, go ahead and enter the following line into your terminal:                          git clone https://github.com/Mebus/cupp.git 4) If git doesn’t work, you probably don’t have it installed. if so, enter this command:                         apt-get update &&

Virtual Private Network, or VPN for short, is a secure network connection through which you can safely connect your device to public networks. It is widely used by large corporations, educational institutions and government agencies. It is also used by individuals who care about staying anonymous on the internet for various reasons. In countries where governments are blocking access to certain websites, people use a VPN to get around these walls of censorship. Another reason people use VPN’s is to gain access to web content restricted to certain countries; this is particularly the case with some YouTube channels, like Vevo and similar. In countries where downloading torrents is heavily monitored, like the USA for example, people use VPN to hide their internet activity and IP address from ISPs and from the torrent source. This is similarly the case for streaming, the use of streaming services like Kodi is exploding lately and the movie studios are