ghost-phisher - GUI suite for phishing and penetration attacks

Ghost Phisher is a computer security application that comes inbuilt
with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has
an integrated area for automatic capture and logging of HTTP form method
credentials to a database. The program could be used as an honey pot ,
could be used to service DHCP request , DNS requests or phishing attacks


New Version 1.3

Ghost Phisher

fbpwn [A cross-platform Java based Facebook profile dumpe]

A cross-platform Java based Facebook profile dumper, sends friend requests to a list of Facebook profiles, and polls for the acceptance notification. Once the victim accepts the invitation, it dumps all their information,photos and friend list to a local folder.
UsageA typical scenario is to gather the information from a user profile. The plugins are just a series of normal operations on FB

'Like' Button Follows Web Users

Internet users tap Facebook Inc.'s "Like" and Twitter Inc.'s "Tweet" buttons to share content with friends. But these tools also let their makers collect data about the websites people are visiting. 


Facebook and other sites say they don't use the tools to track users.
These so-called social widgets, which appear atop stories on news sites or alongside products on retail sites, notify

Android found vulnerable to sidejacking!

Last Friday, a vulnerability in Google’s ClientLogin Protocol was disclosed that makes most Android users vulnerable to ”sidejacking.” All services (Calender, Contacts, Picasa, Stock Quotes, etc.) that use the Google’s ClientLogin API for “Auto Sync” are vulnerable.

Sidejacking (aka session hijacking) is not new to Wi-Fi. Firesheep that caused a stir last October is a recent example of a tool

BackTrack 5 ARM (with GUI via TightVNCServer)

Here is a guide to getting ARM Backtrack Running on the Xoom (tested on Wifi Only Version, running 3.1)

After much frustration I have gotten the GUI part of the backtrack 5 arm release working with the Motorola Xoom.

Pre-requisites:
- Rooted Motorola Xoom (this may work with other phones, but it's untested at the moment)
- androidVNC from the Android Market
- Terminal Emulator from the

New Facebook worm propagating : ==VERIFY MY ACCOUNT==

 In the past hour a new application has begun spreading on Facebook which has found an exploit in the existing sharing system. Whatever you do, don’t click the link described below.

The system is pretty straight forward. It suggests that you click “VERIFY MY ACCOUNT” within a link which ultimately results in the user posting the same message to all their friends’ walls. The message

Osama Bin Laden Facebook Worm [Sourcecode]

After the news of Osama Bin Laden was released, hacker take this chance to spread malicious Facebook application with Osama Bin Laden's video.

This post want to warn you do not click it 'cause it just fake message to get your privilege in Facebook.And I got the source code of this app. from twitter.

If you want to see the source code what it's look like, please go to the link.

Link: http://

Credential Harvesting With Facebook and the Social Engineering Toolkit

if you want to see full article, please go to the Source.
My goal here was to create an attack that would allow me to trick someone into sending me their login and password for Facebook. The general idea behind this attack is that SET will clone the target website (in this case, http://www.facebook.com) and host it on your personal computer. The trick then is to convince someone to visit

SecurityTube Boxee Support

I received this message from my twitter and I want to share it to you guys if you want to support it, please vote yes.Securitytube.net is the big portal of information security video.I emailed support@boxee.com asking them to enable support for securitytube.net, their reply was the following:
Quote:
Please promote this great idea at http://forums.boxee.tv/forumdisplay.php?f=12 the

How to Disable Geolocation in Specific Programs

Geolocation is a rather secret feature of some browsers and toolbars. It allows the creator of that program to get a fix on the location of your computer to within a few meters of where you actually live.


If you want to see how to disable geolocation on Twitter, Thunderbird,Internet ExplorerX, Apple Safari , GMAIL , etc. Please go to the Source. 

- Facebook (initially just for the iPhone

Facebook Bully Video Actually a XSS Exploit

 
A security researcher discovered a new cross-site-scripting vulnerability on Facebook, days after the social networking giant patched a different XSS flaw in its mobile API. At least one active scam is exploiting the new bug at this time.

Do not click links involving a video of a bully,” Joey Tyson, a security engineer at Gemini Security Solutions, posted on Twitter. Tyson writes about