How Unique Is Your Browser?

A web browser does not simply just download and serve html anymore. Browsers have many features additional features that can be detected such as which version of flash your running, java and all add-ons you have installed which is can act as a very good fingerprint that be used to track people.

From the data collected 1 in 286,777 browers are unique, so from a legal point it would not stand in court.

You can test your brower uniqueness below

https://panopticlick.eff.org/index.php

The electronic froniter foundation has an excellant paper on browser uniqueness

https://panopticlick.eff.org/browser-uniqueness.pdf

 

Configuring sqlmap

Sqlmap is a great opensource Sqlinjection tool that I use to aide my learning using it’s -v switch that sets the output verbosity so you can see and learn the sql payload sqlmap is sending. I usally set it to -v3

By default sqlmap tests for blind SQL injection first which is more often successful but is very slow at extracting data and is hard to follow.

The full default order is blind,error,union,stacked,time. “BEUST”

I prefer to use union,error,stacked,blind,time. “UESBT”

To change the default in sqlmap open up sqlmap.conf

On line 236 tech = BEUST to tech = UESBT

Sqlmap by default does not try all the diffrent types of sql injections as some are too noisy/risky.

This can mean that exploitable injections are missed. To avoid this sqlmap can be configured to test for all types of injection by changing level and risk settings.

On line 195 you can change the level = 1 to level = 5

On line 202 you can change the risk = 1 to risk = 3

By deafult sqlmap will only test for 10 colunmns when using UNION sql inection, this is to low in most cases. I change the default to 50.

You can change this on line 246 uCols = 50

There are loads of other options you can change in sqlmap these are just a few 🙂

 

Running foremost on windows

Foremost is a Linux fornensics tool but can be run under windows using cygwin.

First install Cygwin , Install to the default location.

Then download a cygwin compiled version of foremost from a mirror here

Extract  foremost.exe and it’s config file to C:\cygwin\home\~your pc username

Then go to C:\cygwin and run Cygwin.bat#

Then you can run formost via the cygwin CLI

./foremost.exe -t all -i somecase.dd -T

😀

Sources used  : http://www.dcheeseman.com/blog/post/foremost-windows