Contact Davey in confidence by email at davey@happygeek.com, or Twitter DM, if you have a story relating to cybersecurity, hacking, privacy or espionage (the more technical the better) to reveal or research to share.
How To Use Google Chrome For Hacking
xfce4 will allow us to access the foundational operating system on your chromebook, which is called Linux and the version we will be using is called Ubuntu Linux! This is an operating system like Mac OSX or Microsoft Windows that will allow us to install and run programs. The Chrome OS is based on Linux too.
The first was released in February 2022. Open the Chrome browser and select Menu > Help > About Google Chrome to download the patch. Or else you can type and load chrome://settings/help directly in the address bar.
North Korean hackers have been caught in the past targeting security researchers and using a fake penetration testing company in social engineering campaigns. Threat hunters have also documented North Korean hacking activities targeting cryptocurrency platforms.
Tamper Data extension is a hacking extension for Chrome that enables Chrome users to monitor or modify HTTPS, HTTP, or other browser responses and requests not visible to the user. Most ethical hacking techniques are based on fuzzing, which requires professionals to modify or change requests and inputs.
The information-gathering process is also known as banner grabbing. It assists in leveraging the advantages of the Common Vulnerabilities and Exposures (CVE) database.The Wappalyzer chrome extension extracts essential information regarding a web application to facilitate a penetration testing exercise. It is available for use in Google Chrome browsers. Other similar extensions include IP Address and Domain Info, and Firebug.3. Proxy SwitchySharpAll ethical hackers appreciate the essence of a reliable proxy. Proxy SwitchySharp Chrome extension is useful as it provides the proxy and other advanced features for technical users and ethical hackers.
D3coder Chrome-based extension uses various encryption standards to decrypt and encrypt hashes and texts instantly. The extension utilizes a dictionary to crack some of the common hashes.Also, D3coder extension supports decoding and encoding, with an example being base64 encoding. It is a useful tool for ethical hacking since hackers always require to decode and encode hashes and keys instantly.5. HackBarHackBar provides web pen testers with an intuitive interface and ease of access. The extension offers a user-friendly space for fuzzing URLs and inputs and is therefore used for ease in XSS, SQL, and other types of attacks.The HackBar extension assists in hash generation, XSS queries, decoding, encoding, and SQL functions other than an interface. Moreover, the extension helps users easily copy, read, and request URLs, such that the users can quickly test or pen test a web application.
As the name indicates, the Open Port Check Tool is one of the hacking extensions for Chrome that helps hackers detect if a computer has any open ports. The extension alerts users to turn off all unused ports to reduce the possibility of an intrusion.
A similar extension is HPP Finder, often used to scan for HTTP Parameter Poisoning (HPP) exploits.8. Penetration Testing KitThe Chrome-based Penetration Testing Kit contains a bundle of useful pen testing exercises for professional, ethical hackers. The extension provides an interface through which users can view and send responses and request information.Furthermore, it allows ethical hackers to build their requests and use them for XSS, SQL injection, and other similar vulnerability types. Hackers accomplish this by using the tool as a request builder and viewing the resulting responses.9. Note AnywhereThe first step in most ethical hacking exercises is gathering advanced and essential information about the targeted website or web application. Ethical hackers often use various word processors to collect and save data and quickly load when necessary.
Although Cache Killer is not used for any hacking activities, it is an essential Chrome extension for ethical hackers. White-hat hackers tend to open numerous tabs when performing an ethical hacking exercise. Subsequently, the tabs may rapidly fill up the browser cache, resulting in various issues when users attempt to view a web page.
I have a Windows 2012 Server hosting virtual machines, but yesterday I just wanted to do a quick search on mortar types and didn't log into a VM. Symantec is installed (12.1.5 - yes I know it is old) and only visit green WOT sites. I opened a few of the search results in tabs and starting going through them. Then, all of a sudden, Chrome starting flipping pages and I had a message that Chrome was downloading and installing something. Then I noticed that it was logged into a Google account. it was the account for my property manager's assistant (I live in a condo). I used task manager to kill chrome immediately and it all stopped. I have Chrome 59.0.3071.115 on my server, but it looks like it just downloaded an update.
I could not figure out how the heck the property manager's assistant could have logged onto my server and then why he would log into chrome. I checked and Symantec was running. I checked my firewall router and RDP was still disabled to the server, plus this was the admin console and why would a hacker do something so obvious? I always lock my screen (old habit) when i leave my desk, even though only my wife and I live here - and one of us is almost always home. [Plus the session locks after a 15 minute timeout.] There is no way anyone had physical access unless they took the master key and came in while we were asleep, but that would have been really dumb. [And it would be next to impossible for anyone else to know my password.] Even so, why log into Google?
The only thing I can think of is that one of the sites I clicked on ran code that automatically logged into Chrome using the property manager's assistant account. Why? Since we are both in the same building, both our IPs would be in a similar IP range. Perhaps the assistant's computer is being hacked regularly and they were trying to get back in. Before killing chrome, I peaked at the user account settings, and the assistant's password had not been changed since January this year.
You can check whether it's been installed by going to chrome://extensions/ and looking at the Chrome Apps section. If it has been installed, you can either remove it or run it and disable remote access.
Do not do tracepath, this command can track your location and use private information, I am seeing a lot of children in the comments so please listen to my warning: the chrome crosh tells you in a list of commands at help_advanced says this below tracepath:IMPORTANT: The U2F feature is experimental and not suitable for general production use in its current form. The current implementation is still in flux and some features (including security-relevant ones) are still missing. You are welcome to play with this, but use at your own risk. You have been warned.
This reminds me so much of the old dos i have another way to communicate with my computer I wish I could run diagnostics on my vehicle and just plug this chromebook into the vehicle that would be cool. 2ff7e9595c
Comments