How to Easily Switch Between Profiles On Firefox With ProfileSwitcher

One of the best things about Firefox is that it lets you create multiple user profiles on it. This feature might come in handy when you have siblings around working on the same computer. Firefox comes with an excellent profile manager of its own where you can create and manage profiles. The sad part is that there is no way you can quickly switch between the profiles directly from your browser. It’s like giving a five year old a wrapped chocolate bar he can barely open.

To fix the things we already covered an add-on called Switchy, a Firefox add-on that lets you create and switch between profiles quickly. Though the plugin did the task it claimed, there were some issues like there are weird symbols in the toolbar icon options, one can only create a profile and there is no option to remove or rename an existing one which sometimes made working on it difficult and annoying.

So today I would like to introduce another profile switcher for Firefox that does the task effectively yet elegantly.

ProfileSwitcher is a simple add-on for Firefox that lets you easily launch other profiles right from the browser menu. After you install the add-on restart your browser. Now when you click on the file menu you will find two new options. The first one is the Launch another profile and the second one is Open Profile Manager (Normal and Safe Mode).

As the name speaks, the first option lets you switch between profiles easily and the second one opens the default profile manager for Firefox where you can handle all your profile needs.

If you already have the necessary profiles created, just click on the file menu and choose your desired profile from the Launch Another Profile section. If you don’t have the profiles created, you can open the profile manager using the second option and create them.

Note: You will have to install the add-on across all the Firefox profiles you have on your computer manually.

There are some settings about the add-on behavior as well that you can configure from the add-on options page in the add-on manager.

My Verdict

Switchy’s developer has promised that he will come with a better add-on in the next update which will cover all the present shortcomings. Let’s see how well it works out but until then ProfileSwitcher is the best to go with.

What is Pen-Testing? | Pen-Testing vs.Vulnerability Assessment | How Vulnerabilities Are Identified?

What is Pen-Testing?

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, price lists, databases and other protected information.

The main thing that separates a penetration tester from an attacker is permission. The penetration tester will have permission from the owner of the computing resources that are being tested and will be responsible to provide a report. The goal of a penetration test is to increase the security of the computing resources being tested.

In many cases, a penetration tester will be given user-level access and in those cases, the goal would be to elevate the status of the account or user other means to gain access to additional information that a user of that level should not have access to.

Some penetration testers are contracted to find one hole, but in many cases, they are expected to keep looking past the first hole so that additional vulnerabilities can be identified and fixed. It is important for the pen-tester to keep detailed notes about how the tests were done so that the results can be verified and so that any issues that were uncovered can be resolved.

It’s important to understand that it is very unlikely that a pen-tester will find all the security issues. As an example, if a penetration test was done yesterday, the organization may pass the test. However, today is Microsoft’s “patch Tuesday” and now there’s a brand new vulnerability in some Exchange mail servers that were previously considered secure, and next month it will be something else. Maintaining a secure network requires constant vigilance.

Pen-Testing vs.Vulnerability Assessment

There is often some confusion between penetration testing and vulnerability assessment. The two terms are related but penetration testing has more of an emphasis on gaining as much access as possible while vulnerability testing places the emphasis on identifying areas that are vulnerable to a computer attack.

An automated vulnerability scanner will often identify possible vulnerabilities based on service banners or other network responses that are not in fact what they seem. A vulnerability assessor will stop just before compromising a system, whereas a penetration tester will go as far as they can within the scope of the contract.

It is important to keep in mind that you are dealing with a ‘Test.’ A penetration test is like any other test in the sense that it is a sampling of all possible systems and configurations. Unless the contractor is hired to test only a single system, they will be unable to identify and penetrate all possible systems using all possible vulnerabilities. As such, any Penetration Test is a sampling of the environment. Furthermore, most testers will go after the easiest targets first.

How Vulnerabilities Are Identified?

Vulnerabilities need to be identified by both the penetration tester and the vulnerability scanner. The steps are similar for the security tester and an unauthorized attacker. The attacker may choose to proceed more slowly to avoid detection, but some penetration testers will also start slowly so that the target company can learn where their detection threshold is and make improvements.

The first step in either a penetration test or a vulnerability scan is reconnaissance. This is where the tester attempts to learn as much as possible about the target network as possible. This normally starts with identifying publicly accessible services such as mail and web servers from their service banners.

Many servers will report the Operating System they are running on, the version of software they are running,patches and modules that have been enabled, the current time, and perhaps even some internal information like aninternal server name or IP address.

Once the tester has an idea what software might be running on the target computers, that information needs to be verified. The tester really doesn’t KNOW what is running but he may have a pretty good idea. The information that the tester has can be combined and then compared with known vulnerabilities, and then those vulnerabilities can be tested to see if the results support or contradict the prior information.

In a stealthy penetration test, these first steps may be repeated for some time before the tester decides to launch a specific attack. In the case of a strict vulnerability assessment, the attack may never be launched so the owners of the target computer would never really know if this was an exploitable vulnerability or not.

Local File Inclusion Exploiter Version 1.2 Download Free

Local File Inclusion Exploiter Version 1.2 Download Free by Valentin

Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage./lfi_sploiter.py –exploit-url= –vulnerable-parameter=

Usage example./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file

Usage notes- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.

Known issues- I know there is more about LFI than it is covered in this tool. But this is the first release,
and more features will be implemented in future versions.
- This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones. For example: Some LFI vulnerabilities consist of two URL parameters or require to find a way around filters. In those cases, this tool unfortunately does not work.
- Like most other LFI exploiter / scanner, this tool here also has problems with handling certain server responses. So this tool does not work with every website.

Some notes- Tested with Python 2.6.5.
- Modify, distribute, share and copy the code in any way you like!
- Please note that this tool was created for educational purposes only.
- Do not use this tool in an illegal way. Know and respect your local laws.
- Only use this tool for legal purposes, such as pentesting your own website
- I am not responsible if you cause any damage or break the law.
- Power to teh c0ws!

All are Python scripts

Download Version 1.2

Download Version 1.1

Download Version 1.0

Exploring Google Music, the Amazing Cloud-based Music Player

Most of us, when asked about the default music manager and player we use on our computers, are likely to mention iTunes or Windows Media Player. Both of these, and the other popular desktop media players like Winamp and VLC are useful in their own right but they can only reign over your music as long as you are using your PC.

If you also listen to music on your smartphone or any other such portable device then getting your favorite tracks on them means manually syncing it with the computer, which after a while feels like drudgery.

You need a cloud-based music player that can show up your favorite playlists on any device which can connect to the Internet, be it a smartphone or a public computer in a different continent.

Google Music is an online music manager and streaming service, and also a music store that lets your play your music on the go. When I say that Google Music is an online music streaming service, don’t judge it wrong by comparing it to services like Grooveshark and Earbits. Google music does stream your songs on the clouds, but the songs should come from you. It is also available as an Android app and web based optimized versions for iOS devices.

Let us get started with Google Music and see how it works. Well, firstly, here’s the bad news: Google Music is available only in the US for now. And now the good news: you can easily override your IP using a US proxy and activate Google Music on your account.

Once you get Google Music activated on your Google account, it’s time to upload some music to it. To upload music from your local drive to you can use the Google Music Manager. You can upload as much as 20,000 songs to Google Music Manager for free and the music can be uploaded from iTunes, Windows Media Player or local folders.

Wait!! Don’t upload your whole collection just yet. Just upload few of them as there’s a lot more to it.

Once you have some of your albums uploaded on Google Music, you can play them right away. Just like iTunes, Google also has some auto-playlists with room to create them manually as well. Don’t worry if your music collection is huge. It’s a Google product and thus talking about its searching powers will be a waste of time. Stay rest assured that you’ll be able to find any track in seconds.

Google Music not only serves as an online music manager, but it’s a music store as well. You can buy, listen and download lots of paid and free tracks, and listen to them across all the devices you have Google Music installed on.

My Verdict

Of course, one question that came to my mind was, “Why should I waste my bandwidth to upload the music on the clouds and then again, spend the same bandwidth to stream them?” Well, I realized that’s a small price to pay for the universal access to my favorite songs irrespective of the device I am on (provided it can connect to the world wide web).

Have you tried out Google Music yet? Do you like it?

3 Awesome Add-ons to Watch and Manage YouTube Videos From Chrome Toolbar

Whenever I get some free time online, I resort to 2 of my favorite pastimes: scouring through Wikipedia or devouring videos on YouTube. I have already talked about two extensions I use in Chrome to enhance my Wikipedia browsing, and today I will reveal the extensions that help me manage YouTube videos in Chrome.

If you are like me who watches videos on YouTube quite often and uses Chrome to do that then these 3 add-ons should get you excited.

Video Controller

As the name speaks, Video Controller extension for Chrome lets you control your YouTube video right from the extension bar. You can play/pause, change tracks, adjust volume and replay the tracks. Though the plugin is not useful when you are viewing videos on YouTube one after another, it works as a great music controller for YouTube music videos. Don’t want to hear a track? Just skip it and replay the one you love without leaving the tab you are working on.

If you have two or more YouTube tabs running videos, all of them can be controlled simultaneously using this extension. You can click on the title text of the video to open the respective tab too. Overall, a very nifty YouTube tool for sure.

YouTube Feed

You probably know what YouTube channels are. You can think of channels as some user created category which is updated by an individual or an organization in a regular basis. You can subscribe to many available channels, and YouTube will notify you via an email regarding the addition of the new content.

YouTube Feeds is a simple add-on that notifies you right in your browser whenever new videos are available in your YouTube subscribed channels and friends. In simple words, you can think of this add-on as an RSS aggregator for your YouTube channels.

All you need to do is authenticate your YouTube account. The extension icon will notify you whenever a new video is available. You can control things like Number of feed items to retrieve, Polling interval, Number of feed items to show, etc. from the option page.

Lyrics for Google Chrome

Do you love to sing along with your favorite artists on YouTube, but don’t remember the lyrics well enough? Don’t worry, Lyrics for Google Chrome is a simple extension which will help you with that. After you install the extension, just click on the extension icon in the omnibar to show the lyrics next to the playing video. If the extension is not able to recognize the song, you can manually provide the name and search again.

Note: All the lyrics are fetched from LyricsWiki.

The extension not only works for YouTube but also for Grooveshark, Last.fm and Google Music.

Conclusion

I am sure these three add-ons will definitely enhance your YouTube experience. Do you have a personal favorite extension for YouTube, we have not mentioned above? Do let us know.

2 Ways to Arrange Firefox Tabs Vertically

The use of tabs has made browsing so much more efficient. A power user knows that browser tab management is a productivity boost. Firefox came late on the tabbed browsing scene, but it was a fast learner. The Tab Groups feature is a default way to manage your Firefox tabs if you have quite a few open. Thanks to Firefox add-ons, what’s not there by default gets covered adroitly by these add-ons.

Here are two add-ons which will give you a way to arrange your Firefox tabs vertically. Whether that gives your browsing an added edge depends on personal experience, but try it out and see for yourself.

Side Tabs

Side Tabs is a restart-less Firefox add-on that has been preliminary reviewed by Mozilla. It’s quite nice if you have a widescreen monitor as you can take advantage of all that screen estate by moving your tabs to the side. It gives you a few options to configure. For instance, you can set the width you want the vertical Side Tab to occupy (just drag with the double headed arrow on the edge). You can place it on the right or left of the screen. You can open a new tab by clicking on the ‘+’ sign or by double-clicking on the side tab.

Side Tabs is very simple in looks and function. No extra colors or themes for eye candy. A bit of a run with it found me getting used to side–tabbed browsing quite swiftly.

Tab Sidebar Reloaded

This is another Firefox add-on which takes the horizontally arranged tabs and places them vertically. Compared to the plain Jane looks of Side Tabs, Tab Sidebar Reloaded is like a rockstar. After installing the add-on, click on View –>Tab Sidebar to bring up the vertical tabs on the left. You can see that the open tabs are loaded on the side with thumbnails which give you active previews of their content. By default the top tab is rendered invisible when the vertical tab opens in its place. You can set these in the options:

You can drag the vertical tab area with the crosshairs to change their width. You can drag ‘n drop the tabs to change their order. Close the tabs with a click on the cross or open a new one with a double-click. The little thumbnails come with their own navigation buttons (history, stop and reload). But if you are a power user, then you will appreciate that this extension also works with other tab managers seamlessly.

Go for simplicity or opt for a more complete feature-set. These two add-ons give you the choice. Which one would you pick? Let us know.

How OSI 7 Layer Model Works? Understanding OSI Layers by Anuj Tyagi

This article aims to study the 7 layers of OSI model used by Computer system, when communicating with any other system in same/ different network.
Note: This article is not about understanding OSI layers. It is a practical approach for how OSI layers works & used by our computer system.

Application Layer: Application Layer provides user interface i.e. user directly interacts with this layer. The most common examples of applications which enable us to communicate through different protocols are :

• FTP (Eg. Filezilla Server Application)
• http/https (Eg. Firefox or any other Web-browser)
• SMTP ( via any email client like IBM LOTUS or Microsoft Outlook or WebBrowser)
• Telnet ( shell interpretaors like Command Prompt in windows/ terminal in linux distro)

As all of these applications accessed through computer .

Presentation Layer: This layer gets name from it’s purpose . This layer responsibility includes :

• Presents data to application layer and responsible for data translation and formatting. Eg. Translation of data we enter into browser to be converted into web language codes with different tags . Also it takes care of data which has been sent should be understood by browser to present it on user-interface .
• Compression and encryption of data .

I tried to capture a packet for PING REQUEST to www.google.com and on capturing packets got this in packets.
For compression, take an example of browser which uses HTTP Compression to save transfer data volume and speeds ups Web page load time. Firefox uses Gzip encoding to send data .

• We proved that presentation layer also used by & within computer system .

Session Layer : Session layer establish, maintain and terminates sessions between end devices. We can check current sessions in the system using netstat command and output will look like this :

This command is common for windows/Linux OS.

Transport Layer : This layer is concerned with reliability of data transfer .
It is of two types :

1. Connection Oriented (TCP)
2. Connectionless (UDP)

It is easy to find if connection is establish is in TCP/UDP state. Look at the above figure in which first column defines whether connection is established as TCP/UDP. This process is Protocol dependent .

It also take care of other responsibilities like :
Flow Control (windows) : Which find how much data should be send in one packet during transfer to minimize the data loss due to buffer overflow. It doesn’t send data but Segment into smaller pieces and size of which is defined through windowing feature. To show this in practical manner, I started to upload a file on mediafire.com .

By ping , we got ip address of mediafire.com .it’s 205.196.120.8 .
And Now I started to sniff the packets using wireshark on my pc. So, it’s easy to confirm that below captured packets are those during transfer from mediafire. .

So, what do we learn from above image ?
Source address: 205.196.120.8
Destination address: 192.168.1.3
Protocol type: TCP (connection oriented )
Win (window size ): 66240 bytes = 65 KB approx .
Source address is mediafire server as we are uploading data.
So, what conclusion it makes ? Data is being split up into 66240 bytes each and after reaching destination it being re-ordered.
The segments which are delivered are acknowledged back to the sender upon their reception.
Network Layer: Network layer works on Logical address which is IP addresses. A computer system understand IP addresses and communication and identification also takes place in computer system.

Any device which use ip-address for communication
Data Link Layer : The main focus of data link layer on use of MAC address. Whenever data flows through the LAN , communication takes place through MAC address .
So, to find if MAC address is being used during data transfer in lan or not ?
I start capturing again using wireshark .

Which shows Destination MAC address : 00:26:5e:ff:c5:fc for 192.168.1.3
Source MAC address: 00:26:5e:fc:10:Se for 192.168.1.2 .







Physical Layer :
This layer conveys the bit stream through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier.
The Physical Layer defines electrical and physical specifications for devices. In particular, it defines the relationship between a device and a transmission medium, such as a copper or optical cable.
The major functions and services performed by the Physical Layer are:

• Establishment and termination of a connection to a communications medium.
• Participation in the process whereby the communication resources are effectively shared among multiple users. For example, contention resolution and flow control.
• Modulation, or conversion between the representation of digital data in user equipment and the corresponding signals transmitted over a communications channel.

In short, Computer translates the signal and instructions into Binary language (0 or 1). Hardware devices understand Binary language (including computer device components , connecting cables)


So, during transfer of data, various instructions and signals executed whichch converted into binary language . Similarly, when we transfer data from our system to any other then transfer takes place through various components and leave through cable.