Hi.

Just launched a preview of my new tool: Photon Suite, it's an extension for Firefox with some useful tools such as a port-scanner, reconnaissance tools, a DNS tool, directory miner, application tester, source code analyzer, cryptographic tools, converters and a full blown console.

I've demoed it on some idiot who tried to attack a client of mine last night, and now I pretty much own all his boxes. To see the video check it here:

http://www.youtube.com/watch?v=BCeAigdixTM

I will not release it at the Mozilla add-on website, because I don't think they will accept such extension, it's pretty wicked stuff. It's release will be next month, since I need to work on it a bit more. I'll post it here when I'm ready. Hope you'll enjoy it.

Cheers,

Sasha.

Looking forward to it!

Just added a new tab, a real time network tracer, it doesn't intercept yet. But later on it will be possible to tamper with requests too from the command line :)

Couple of screenshots:

Looks nice!

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Thanks Gaz. You know we talked about this a long time ago :) have been running it ever since, but with less tabs actually. Was about time to finish this thing. XD

your demo video was nice. interception would be cool too. keep us posted :)

Nice

I know this is probably too much, but it would be pretty awesome if it could connect with hackvertor and use all of its different functions.

If it's HV is one large .js file, I could simply include it and make a new tab with a bunch of interactive buttons. Not sure if Gareth would like that though :D

@Skyphire

That's not a problem, I would be happy to include it this extension appears to rock :)

I have a export option in HV but I could provide you with a full export which extracts the tag conversion too, the only problem you might have is when tags use an external Yahoo pipe or ideone API such as the assembler compile.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Yeah the general un-sandboxed xmlhttprequest might be an issue. I do it like so:

	xhr: function(method, uri, progress) {
		try {
			var xml = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Components.interfaces.nsIXMLHttpRequest);
			if (progress) {
				xml.onprogress = gui.onprog(progress);
			}
			xml.open(method, uri, false);
			xml.overrideMimeType("text/plain");
			xml.channel.loadFlags |= Components.interfaces.nsIRequest.LOAD_BYPASS_CACHE;
			xml.send(null);
			return xml;
			} catch(e) {
			return false;
		}
	}

It's a bit different. Then you have to build new functions for it to work. Or we simply could bind our own xml object to:

var req = window.Hackvertor.createXHR();

And leave the original object out?

But we also have eval instances which are quite security prone in extensions, not sure how to tackle those then.

We could do this:

Components.utils.evalInSandbox

Or simply:

eval("(function() { return " + js + " })");

Any suggestions?

All the code in HV is original javascript before it's sandboxed so you could include it in your extension without having to sandbox the code provided you look for backdoors in any of the files.

The Yahoo pipes and Ideone stuff uses a very simple php api to send the request, you could use change the functionality to be js based since you will have x-domain access in your extension. For yahoo pipes you just need to provide a "getPipe" server side call that returns the JSON of the pipe output, I make a request to http://pipes.yahoo.com/pipes/pipe.run? and the query string comes from the tag code.

The ideone API uses SOAP in PHP to create a submission that executes the code, the only problem you'll have here is exposing the creds used to create a entry as you're making the call with extension code, to be honest it might not even be worth using it as most of the useful stuff doesn't work like extensions in perl or php are not enabled. It's nice to execute code in different languages but it isn't really ideal and they have limits on the "free" API.

Whatever you wanna do I'll help just let me know what you need, I can provide the tags with or without the external calls.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

For simple requests I use a xmlhttprequest, but for portscanning for example I use sockets. I can use both. So that's really neat. :) Yeah, we might consider only some parts from HV, instead of an exact copy. I try to limit remote requests to a bare minimum.

If I'm correct, you only use remote calls on the "web" tab right? I could port the encode, decode & xss tabs, those provide most HV functionalities correct? We could make another tab in the extension and provide those functions readily, and maybe through the console as well.

Yeah so "Web" uses Yahoo pipes and "Execute" uses ideone, there are some tags which use HTML/JS sandboxing such as execjs in "Encode" which you might want to restrict or exclude

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]