Posts Tagged ‘Proxy’

tv crime2

Here is a list of my favorite old & new school information security & hacking tools: 


Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an applications attack surface, through to finding and exploiting security vulnerabilities.

Cain & Abel

Cain & Abel is a password-cracking juggernaut that runs on Windows. This amazing software, created by Mass-imiliano Montoro, features more than a dozen different useful capabilities for cracking passwords and various encryption keys. For starters, Cain can dump and reveal various encrypted or hashed passwords cached on a local Windows machine, including the standard Windows LANMAN and NTLM password representations, as well as application-specific passwords for Microsoft’s Outlook, Internet Explorer and MSN Explorer. Organizations can use Cain to test individual passwords and the effectiveness of their password policies. Cain & Abel can crack passwords for over a dozen different OS and protocol types. Just for the Windows operating system alone, Cain handles the LANMAN and NTLM password representations in the SAM database, as well as Windows network authentication protocols such as LANMAN Challenge and Response, NTLMv1, NTLMv2 and Micro-soft Kerberos. Its integrated sniffer monitors the LAN, grabbing challenge-and- response packets and cracking passwords using a built-in dictionary of more than 306,000 words. Beyond Windows passwords, Cain also cracks various Cisco passwords, routing proto-col hashes, VNC passwords, RADIUS Shared Secrets, Win95/98 Password List (PWL) files, and Micro-soft SQL Server 2000 and MySQL passwords. It can also crack IKE pre-shared keys in order to penetrate IPSec VPNs that use IKE to exchange and to update their cryptography keys. Beyond password cracking, Cain includes a wireless LAN discovery tool, a hash calculator and an ARP cache-poisoning tool (which can be used to redirect traffic on a LAN so that an attacker can more easily sniff in a switched environment)–all bound together in a sophisticated GUI.


DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).


Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN.


Fast-track is an open source security tool aimed at helping penetration testers conduct highly advanced and time consuming attacks in a more methodical and automated way. Fast-Track is now included in Backtrack version 3 onwards under the Backtrack –> Penetration category. In this talk given at Shmoocon 2009, the author of Fast-Track Dave Kennedy runs us through a primer on the tool and demonstrates 7 different scenarios in which he breaks into systems using the Fast-Track tool. These scenarios include automated SQL injection, MSSQL brute forcing, Query string pwnage, Exploit rewrite, Destroying the Client and Autopwnage.


fport identifies all open TCP/IP and UDP ports and maps them to the owning application.

GFI LANguard

GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.


hping is a command-line oriented TCP/IP packet assembler/analyser. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. Kind of like the ping program (but with a lot of extensions).

IP Filter

IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

John the Ripper

John the Ripper is a fast password cracker, currently available for many flavours of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.


Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.  It separates and identifies different wireless networks in the area.

Metasploit Community Edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only.


Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses.


The Nessus Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavours of Unix.


Netcat has been dubbed the network Swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol


NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packet mangling.

NexPose Community edition 

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features.


Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.


Nmap (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.


OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.


OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

Paros Proxy

Many custom Web apps are vulnerable to SQL injection, cross-site scripting, session cloning and other attacks. Attackers often rely on a specialized Web proxy tool designed to manipulate Web applications to reveal and exploit such flaws–and so must you. A Web app manipulation proxy sits between the attacker’s browser and the target Web server. All HTTP and HTTPS requests and responses are channelled through the proxy, which gives the attacker a window to view and alter all of the information passed in the browsing session, including any variables passed by the Web app in cookies, hidden form elements and URLs. Paros Proxy, which runs on Windows or Linux (with a Java Run-time Environment), is the best of these proxies, chock-full of Web app assessment widgets that make it a versatile and powerful hacking tool:

  1. Recorder. Paros goes be-yond similar tools by maintaining a thorough history of all HTTP requests and responses. Later, the attacker can review all of the actions, with every page, variable and other element re-corded for detailed analysis.
  2. Web spider. An automated Web spider surfs every linked page on a target site, storing its HTML locally for later inspection, and harvests URLs, cookies and hidden form elements for later attack.
  3. Hash calculator. Attackers sometimes have a hunch about the encoding or hashing of specific data elements that are returned. Using the Paros calculator, a hacker can quickly and easily test such hunches. Paros Proxy has a GUI tool for calculating the SHA-1, MD5 and Base64 value of any arbitrary text typed in by its user or pasted from an application.
  4. SSL-buster. While most other Web app attack and assessment proxies handle server-side SSL certificates, Paros can also probe apps that require client-side SSL certificates.

Paros also includes automated vulnerability scanning and detection capabilities for some of the most common Web application attacks, including SQL injection and cross-site scripting. Paros even scans for unsafe Web content, such as unsigned ActiveX controls and browser ex-ploits sent by the target Web server.


OpenBSD Packet Filter


SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.


Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.


sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


TCPdump is the most used network sniffer/analyser for UNIX.


analyses the dump file format generated by TCPdump and other applications.


A very fast network logon cracker which support many different services.


Tripwire is a tool that can be used for data and program integrity assurance.


w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.


WebScarabhas a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned.


A Passive WLAN detector. While numerous tools detect wireless LANs, one of the very best is Wellenreiter. Traditional war driving tools, such as the popular NetStumbler, send a barrage of probe request packets to find wireless access points. But, NetStumbler can’t locate an access point that’s configured to ignore probe requests from clients that don’t know the WLAN SSID. Max Moser’s Wellenreiter can. Wellenreiter is completely passive; instead of sending probe requests, it puts a wireless card into so-called “rfmon mode,” so that it sniffs wireless traffic, capturing all data sent, including the entire wireless frames of all packets with their associated SSIDs, displaying the discovered access points in its GUI. It then listens for ARP or DHCP traffic to determine the MAC and IP addresses of each discovered wireless device. Wellenreiter can store wireless packets in a tcpdump or Wireshark packet capture file for later detailed analysis. An attacker or wireless penetration tester can fire up Wellenreiter, let the tool run passively for an hour or so, and return to find a nifty inventory of nearby wireless devices. It can also interface with GPS devices; storing the physical location of each war-driving computer when wireless LANs are detected. Wellenreiter runs on Linux and supports Prism2, Lucent and Cisco wireless cards.


You need a solid Web server vulnerability scanner if you’re going to find flaws before attackers do. Internet-facing Web apps open enormous business opportunities–and dangerous holes for malicious and criminal hackers. In the last year, thousands of sites running vulnerable phpBB Web forum scripts, and countless others hosting the AWStats CGI script for gathering access statistics from log files, have fallen victim to attackers. Beyond those notable examples, vulnerabilities in various Web scripts are discovered on a regular basis. To help find such flaws in your network, turn to Wikto, an impressive Web server scanning tool. Written by Sensepost, a security services firm based in South Africa, Wikto builds on the popular command-line Nikto Web scanner Perl script with an easy-to-use Windows GUI and extended capabilities. Like Nikto, Wikto searches for thousands of flawed scripts, common server misconfigurations and unpatched systems. Wikto adds HTTP fingerprinting technology to identify Web server types based on their protocol behaviour’s, even if administrators purposely disguise Web server banner information to deceive attackers. For white hats, it’s a powerful inventory feature. What’s more, attackers are increasingly turning to well-crafted Google searches to look for vulnerable sites. Security researcher Johnny Long maintains the Google Hacking Database (GHDB) list of more than 1,000 Google searches that can locate vulnerable systems. Wikto can import the latest GHDB vulnerability list, and then query Google for such holes in your domain.


A Windows configuration harvester. Windows systems contain a treasure trove of sensitive configuration information that’s accessible in a variety of ways. Attackers and assessment teams typically extract as much information as possible from Windows systems to help refine and augment their vulnerability scans. Winfingerprint, written by Vacuum, is an invaluable tool for harvesting Windows configuration information, using a variety of mechanisms, including Windows domain access, Active Directory and Windows Manage-ment Instrumentation (WMI), Microsoft’s comprehensive framework for analysing system configurations. Winfingerprint pulls lists of users, groups and security settings from a single Windows machine or a network range. The tool also grabs information about the local hard drives of target machines, local system time and date, registry settings, and event logs. Rounding out its features, this handy tool includes a Simple Network Management Protocol (SNMP) scanner, as well as a TCP and UDP port scanner, all accessible from a single GUI


Wireshark is a network protocol analyser. It lets you capture and interactively browse the traffic running on a computer network.

Back in July 15, 2010 I posted an article about called Top 10 Free online Proxy Websites to access facebook and Youtube. Now this was in 2010 and some if not all of these sites are now not in existence.

I have had so many emails asking for me to update this list, so here you are:

What is a Proxy?

A proxy or proxy server is basically another computer which serves as a hub through which internet requests are processed. By connecting through one of these servers, your computer sends your requests to the proxy server which then processes your request and returns what you were wanting. In this way it serves as an intermediary between your home machine and the rest of the computers on the internet. Proxies are used for a number of reasons such as to filter web content, to go around restrictions such as parental blocks, to screen downloads and uploads and to provide anonymity when surfing the internet.

Why use a Proxy?

If you are wanting to surf the web anonymously then proxies can provide you with a means to hide your home IP address from the rest of the world. By connecting to the internet through proxies, the home IP address of your machine will not be shown but rather the IP of the proxy server will be shown. This can provide you with more privacy then if you were simply connecting directly to the internet. There are number of proxies that can provide you with service. You can find a list of these simply by typing “Proxy List” into any search engine. There are some proxies which are free and some which charge money, the choice is up to you but we have found that the paid proxies are more reliable, faster and more secure.

All sites live on 25/05/2012

What a Proxy websites does? – Proxy websites are web page which allows you to browse your favorite websites — even though your access to those websites might be blocked by a content filter. If you find that you are blocked from your favorite websites, use one of these web proxy websites to get around the block.

How Proxy Websites Work?

Proxy websites enable you to bypass your own Internet provider and browse through the proxy websites. All that you have to do is type the websites address you would like to visit in the form they provide, and start browsing. Once you keep browsing using that form, you are protected and your real IP address is not being logged.

Facebook Proxy Websites

Finding the best Facebook proxy sites for safe social networking is important for those who frequent the site. It is also a preferred method to avoid third party advertising offers, spam or unwelcome friend’s invites.

Organizations such as schools and certain businesses use firewalls to block Facebook’s social networking site. Firewalls protect the organization’s computers from viruses and potential crashes. Firewalls also protect the computer user’s IP information and location, and can keep anyone from “accidentally” accessing certain sites. The use of a Facebook proxy site lets the user access the site by bypassing the firewall, all without compromising their privacy or safety. Here are some top Facebook proxy sites that offer users the features they seek:

Facebook Oxy

This proxy site issues you a new IP address and allows you to view Facebook without leaving any traces of your computer information. Minimal advertising on the site is limited to pertinent software and Facebook ads. The ability to connect with friends or other interests is done privately and securely using this site.


The Faceoxy site is clean and easy to navigate. They issue you a new IP address to surf Facebook safely and anonymously. Other chat users will only be able to view the IP address of Faceoxy and not yours, which gives the site a high recommendation among Facebook proxy searchers. The site also features pop-up blockers and anti-spam ware that will keep any malicious data from being downloaded to your computer.

Orkut Proxy Websites

Orkut is the most popular social community in some countries like India, Brazil, etc. But in some colleges and offices, orkut is banned in their internet administrator and you cannot access orkut through the internet connection of colleges and offices. But new proxy servers of orkut to surf orkut anonymously.

New Proxy Sites

is the proxy server provider of orkut and there is a list of working orkut proxy servers in this database.

YouTube Proxy Websites


Bypass sites with ease. Easily unblock orkut, bebo, myspace, xanga, youtube, dailymotion, facebook, Hi5, nexopia, netlog and many others. Browse your favorite sites in an anonymous and secure way. Network security need never be a problem.


Proxy Websites for schools and colleges

Tntproxy is a free anonymizer proxy service that lets you visit myspace from school. With this service you can surf the web freely and acces any website anonymously, private and safely.


Surf anonymously, mask your IP address, access blocked websites, remove ads from websites and much more using our free proxy! Using our free proxy service you can access websites through our server instead of your computer, allowing you to bypass network


MegaProxy is a web-based anonymous proxy service which allows anyone to surf the Web privately and securely. Unlike other proxies, there is no software to install or complicated instructions to follow.


SpySurfing is a FREE anonymous web based proxy service. You can browse your favorite web sites anonymously even from behind firewalls and access filters. Whether you’re at work, school, or college, you can use SpySurfing to visit your favorite web sites!


AlienProxy is a FREE anonymous web based proxy service running on high performance dedicated servers. Browse your favorite web sites even from behind a firewall with blocked ports. Whether you’re on the job at work, at school or college. You can always use AlienProxy to visit your favorite web sites!

Proxybin offers a free, safe, anonymous way to surf the sites you want to see. Bypass those annoying filters at school and work – with the help of


ProxyForFun is a free anonymous web proxy that can be used to bypass school and work filters to access myspace, hotmail, and others. Unblock Myspace through our anonymous Myspace proxy to hide all your personal information and get around those pesky internet filters.


The internet was created for the sharing of information around the world – unfortunately many places like schools, businesses, and even some entire governments do not want the you having uncensored access. This is the best site to unblock such sites.

Proxy Websites for Office or Workplace

Proxy 108

Are sites that you frequent being blocked by network administrators without your consent? Do you want to bypass these filters and surf where you want, when you want? Has a couple of partner websites where you can browse under a proxy.

Proxy 24

Proxy24 is a free web proxy list that allows anonymous surfing and online privacy. This site lists their proxy partners. Choose one to browse.


It is fast, it is easy, and it is free!.

Maximum Proxy

Browse the internet securely. You can unblock popular sites such as Orkut, Gmail, Yahoo, MySpace, Bebo, Facebook, YouTube, Friendster and many other sites. Feel free to browse 24/7.


Free web-based proxy sites let you to bypass work and school security by fetching the website’s data themselves, and then sending it to you through the proxy site.


SurfAgain is a website which allows you to visit your favourite sites at work or school, where your school or work might not allow you to visit them. There are many other uses for this site as well, but to get started, enter your URL in the box above where it says http:// and then click Browse.


Dtunnel is here to protect your anonymity online!


The best and fastest free anonymous proxy. Surf and browse the web anonymously at school and work. Has a couple of partner websites in their proxy network.