How to Reset Burp Suite completely

Add Comment
if mistakenly you have done any setting in burp suite and you are not able to revert on the same then you can either reset entire burp suite or you can manually reset particular fields.

=> I will show you both the way 

1) Resetting particular field 

Suppose i have to reset Intercept Client Request field in burp then follow below steps:

Fig 1:- Resetting Intercept Client request 



Fig 2 : Click on the arrow as shown in above 

Similarly you can reset any field on which you have done changes.

2) Resetting entire burp suite

In order to reset entire burp suite setting follow below steps 

Go to help-->  Clear burp from computer



         Fig 3 


Fig -4 

Fig -5 Only select 2 fields

As shown in Fig 5 only select Remove temporary files and Remove saved preferences, after that click on Next .

Just close your burp suite and start again.

After doing this your entire burp setting will be reset to default.



5 C’s to Run An Effective Business

Add Comment



Success has never come to anyone. Leaders went and created it for themselves. Most never
had someone to carefully guide them, or offer mentorship, which is why it’s so important
to learn from their previous choices.
If you want to be one step closer to obtaining that success, here are 5 C’s I’ve learned
to pickup over my course of doing business, and learning from others.

==> Clear 



When you’re leading a team, you expect your team to make proper decisions. However, you
still must be clear on what they need to accomplish. If you’re clear to them about what
needs to be done, and they have the approval from you to make decisions, your product will
turn out a win.

==> Concise 




We’ve all heard the acronym, KISS (Keep It Simple Stupid). The more complicated you try to
make it, the more your customers are going to want to shy away, and the longer your team
will take to understand and produce.

==> Confidence 




Confidence triumphs everything. Whether it’s walking into a meeting to pitch, giving a
demo to a customer, or being out and about in the city, confidence will always put the
icing on the cake. If you have confidence, you will know there is nothing in the world
that can stop you. Confidence allows you to exude being limitless.

==> Courteous 




No matter what you’re doing, it’s important to be courteous to others. There’s no excuse
for disrespect, ever.

==> Complete Understanding 




Don’t just look at one task, or one job. Look at the whole picture. How are you going to
benefit 3 years down the road? How will the rest of the team benefit with this success?

As Churchill once said, “Success is not final, failure is not fatal: it is the courage to
continue that counts.” 

Bypass Captcha Verification in Chrome, Firefox Automatically

Add Comment
We often encounter human verification (CAPTCHA) inside registration pages, comment sections, or any other kinds of submission forms. But, dealing with CAPTCHAs every time we try to fill out any forms, is a frustrating job. Sometimes, we do not recognize some letters in a certain CAPTCHA.

Rumola, a new browser addon, will be helpful in this situation which lets you bypass captcha verification and automatically fills the captcha codes in websites.

How to Bypass Captcha verification using Rumola

Open an account at Rumola. (you’ll get 10 free trials at registration)

Install the addon required for your browser.

For Chrome  : https://chrome.google.com/webstore/detail/rumola-bypass-captcha/bjjgbdlbgjeoankjijbmheneoekbghcg

For Firefox : https://addons.mozilla.org/en-US/firefox/addon/rumola-bypass-captcha/

After installing the addon, restart your browser if required and once the plugin is activated, it will automatically start filling captchas for you.

Demo time :

Fig -1 Showing browser extension for chrome- Rumola




Fig -2 

Fig 3


Fig -4 Automatically CAPTCHA generated 


Conclusion : You can bypass any CAPTCHA but one thing to note is its not free so make sure you are using your trial version on testing some critical application.

Thank you 


17 Comments
Hi. I'm Nilesh Sapariya.
Ethical Hacker | Security Researcher |  Engineer | Info Sec Geek 


Welcome to my blog post!  It is with great excitement that I take my first step into the world of blogging. I will be writing primarily about all the things relevant to IT Security, Bug Bounty, Technology and Lessons Learnt.

This blog is my playground, a place where I pin down my thoughts, opinions and anything that I find worth keeping and sharing with other like minded people.

The learning process never stops, so make sure to pick up new information along the way. So here I am creating this blog.

My blog section is divided into 5 parts. For your easy convenience, each blog section comprises of contents that I have covered. 

1. IT Security 
2. Bug Bounty 
3. Honors And Awards
    3.1 Hall Of Fame
    3.2 Conference Talks
4. About
5. My Blogs 
    5.1 Technology
    5.2 Lessons Learnt

This will help you to select topics which you would be further interested in reading.


IT Security :- 



I am a Web Security Researcher from India, in IT Security domain my area of interest is Application Security Testing (Web & Mobile),API Testing, Vulnerability Assessment & Penetration Testing,Wireless Security Audit and hacking the planet. 

Apart from this I am an active speaker at Null Mumbai chapter and has been invited in many security conference talks.

So here I will update all the Information security related posts

Content covered:- Click here to see the contents of IT Security


Bug Bounty :- 





I am actively involved in Bug Hunting and have been acknowledged by Google, Microsoft, Yahoo, Adobe, RedHat, OWASP, AT&T(10Times), Blackberry, Sony and other companies. 

This is my favorite section and the reason why I started this blog in the first place. In this section I will be writing about Vulnerabilities/bugs that I found under various web sites.


Content covered:- Click here to see the contents of Bug Bounty


Honors And Awards :- 

Hall of fame :-  
In this section, I have mentioned the acknowledgements which I had received from many companies by detecting vulnerabilities in their Platform. 

Hall of fame:- Reference Link


Conference Talks:- 



Being an active speaker, I have conducted many Security Talks at different colleges and events which I will be listing in this section.

If you want to conduct Security Conference Talks at your colleges, then drop an email. I would love to share the knowledge. 


Conference Talks:- Reference Link

Technology :-   



Here I will update all the basic and simple tricks related to computer which any one can refer, including #NON IT people as well.

Content covered:-  Click here to see the contents of Technology


Lessons Learnt :- 




I like motivational quotes that inspire me, so I will be posting a few of them here.

Content covered:- Click here to see the contents of Lessons Learnt



I hope this blog will help you to learn something new.

I always follow one "MANTRA" ==> " NEVER GIVE UP" and  “DON’T LOSE HOPE"  and keep trying as much as you can..keep learning as much as you can.

Thank you.



John the Ripper password cracking tool - How to use Step by step guide

Add Comment
I will give 1min theory lec on this first :P

John the Ripper is free open source password cracking tool for Linux , Unix and Mac OS X .
A windows version is also available.
This tool can detect weak password .

Refer this link: http://www.openwall.com/john//

Note: If you are downloading the windows version then make sure your Antivirus software is off other wise it will block it .

So lets start practical how to use john the ripper .

First of all you all know it is password cracking tool i will take one example here to demonstrate how it crack the password :
I am using bWAPP ;)
http://www.itsecgames.com/


                                                                         Fig -1

Soon i will be uploading all bWAPP solution ;)
Urhh where we are ?? okk so we have password hash
The user name is bee and password is in hash ..

NOTE: Now this is hash so how to check which hashing type its using  So we will first identifie the  Hash type

How to do that ..well i have alredy made a blog for that pls refer this link below :
https://nileshsapariya.blogspot.in/2014/10/how-to-identifies-hash-type-if-password.html


I am using John the ripper in kali :

1) where it is in kali ?



Now copy the hash value as shown in fig -1 and save it in the notepad.



==> Time to crack this hash

root@Shield:~# john /root/Desktop/john.txt --format=raw-sha1

Note: /root/Desktop/john.txt is my directory where i have save this file

As we came to know the hash is basically sha1, so i we will use --format=raw-sha1


So here we got the password ;)

Happy hacking ;)

How to identifies Hash type if password is hashed - Step by step entire process for beginner .

Add Comment
Many a time password are in hash format to crack the hash we prefer password cracking tool such as john the ripper , cain and abel and many more .

But here our scope is how to identify the hash type so we will deep dive into it lets start .

Now in order to find out which hash type is, you need to download hash-identifier :-

https://code.google.com/p/hash-identifier/downloads/list


Note :- hash-identifier is basically written in python so after downloading to use this file make sure you have installed python on your machine, if you have installed then it will work if not then download python as follow :-
Go to this link and download the setup file
https://www.python.org/downloads/


You can download either of the version as require by you .

So where we are ? 

We have to find out hash type ==> So we first need to download hash-identifier ==> As its written in python we downloaded python software .

now open the python file hash-identifier :-



So we need to put hash value here..

To give real time example i have used bWAPP password hash which i will put here .
If you dont know bWAPP ==> refer this http://www.itsecgames.com/


We have hash now so we will put this hash in Hash-identifier 



So the password hash is basically SHA-1 :) 

ummm you have a password hash well wana crack tht ??

I will use john the ripper Now you dont know how to use john the ripper no worries i have you can refer my this blog :) 

http://shield4you.blogspot.in/2014/10/john-ripper-password-cracking-tool-how.html

=> 

Password is bug .

Moral of the story :-

In order to crack the password if it is in hash format then make sure you know the type of hash it is .

After finding the hash type you can crack with any password cracking tool .
Here we have used john the ripper .

Happy hacking ;) N

Basic commands to check your system information and user details

Add Comment
Here i will be showing you basic commands to know about your computer details or any machine details.

1)Easy way to know when you have reset your last windows password and when you have login last time

=> First  you need to open command prompt, you can do directly if its there in windows start or you can go to run and open it,i have shown you both the ways below :-


Fig 1 : Go to start and click on command prompt 

OR 


Fig 2 : click on start and type run then press enter 


Fig 3 : type cmd and press enter so you can see the command prompt window open 

now in command prompt type : net user user_name_of_your_machine 
in my case my machine name is Nile$h


Fig 4 : command to check login user details 

You can see when you change the password,when your password will be expire, when you last time login in your machine etc.

Well you can try it out on your friends machine ;) OR

If you are auditor and you doing audit checks of windows machine then you can see in particular organisation how they are changing password frequently or not any many more details you can use .


2) In order to check your machine entire details all in one go.

just type this command : systeminfo

Well you can see your machine OS version , date when you installed OS , when your machine got started , your system model number , etc..etc.




Fig 5: command to check system information 


How to download video from Securitytube.net

Add Comment
So you want to collect the video from security tube OR you facing issue while downloading video from security tube so here i will be sharing easy steps to do that :-

Note : If you visiting and watching security tube video than most of videos will be played on vimeo

1) Select the video which you want to download from securitytube.net



2) Now you need to click on vimeo

Note : Inst-ed of vimeo if you can see youtube then click on that and refer my blog (how to download youtube video )


3) Once you will click on vimeo as shown in step 2 you will redirect to vimeo site as below :-




4) Now you need to open another tab and go to save video

5) Now Copy the URL from vimeo site and paste it on http://savevideo.me/ru/  .

Now in my case vimeo URL will be http://vimeo.com/22886467 copy this URL and paste it on savevideo.me
i.e




6) Once you will click on download option below page will appear. Click on download this video file     and you have your video 



Note :  After clicking on download the video file if you are redirecting to some another page then on that right click and save as :-

    

    enjoy ;) 


Top 37 Life Lessons

Add Comment


Top 37 Life Lessons So Far...

1. Happiness comes from within. We spend way too much of our lives looking for outside validation and approval that eludes us. Turns out, it's been an inside job all along. Go inward.

2. Be grateful for everything. The good, the bad, the ugly. Our entire life is a precious gift. The pleasure, the pain -- it's all part of our path.

3. Subtle shifts in perception will transform your entire life. When feeling fearful, angry, hurt, simply choose to see a situation differently.

4. In being true to yourself, you can't possibly make everybody else happy. Still, it's better to risk being disliked for living your truth than to be loved for what you are pretending to be.

5. The world is our mirror. What we love in others is a reflection of what we love about ourselves. What upsets us about others is a strong indication of what we need to look at more closely within ourselves.

6. Everybody comes into our life for a reason. It is up to us to be open to the lesson they are meant to teach. The more someone rubs us the wrong way, the greater the lesson. Take notes.

7. Trust. In troubled times, just know that the Universe has your back and everything is going to be alright. If you're not there yet, trust in hindsight you will understand. Your higher good is being supported, always.

8. Never take things personally. What others do is a reflection of what's going on in their own life and probably has little or nothing to do with you.

9. A walk in nature cures a lot. Taking in some fresh air and the beautiful landscape of this earth is amazingly head-clearing, grounding, and mood-lifting. Bonus: You can learn a whole lot about life in your observation of the awesomeness which is nature.

10. Hurt people hurt people. Love them anyway. Although, it's totally okay to love them from a distance.

11. You have to feel it to heal it. Bring your fears and weaknesses front and center and shine a blazing spotlight on them because the only way out is through. The hurt of facing the truth is SO worth it in the long run, I swear.

12. Perfectionism is an illusion. A painful one at that. Ease up. Strive for excellence, sure, but allow yourself room to make mistakes and permission to be happy regardless of outcome.

13. Take the blinders off. Don't become so laser-focused on your own goals and desires that you miss out on the beauty in life and the people around you. The world is stunningly beautiful when you walk around with eyes wide open.

14. Celebrate the journey. It's not all about the destination. Savor all of your successes, even the small ones.

15. Forgiveness is not so much about the other person. It's about you and for you so that you can gain the peace and freedom you deserve. Forgive quickly and often.

16. We are all incredibly intuitive. When we learn to become still and listen, we can tap into some pretty amazing primal wisdom. Listen to the quiet whisper of your heart. It knows the way.

17. Let your soul shine! Be authentic. There is nobody else on this earth just like you. Step into your truth wholeheartedly and live and breathe your purpose.

18. We are powerful creators. Seriously, bad-asses. With intention, focus, and persistence -- anything is possible. Know this.

19. I am full of light. You are full of light. We are all full of light. Some cast shadows on their own brightness. Be a beacon of light to others and show them the way.

20. Don't take life too seriously! Nobody gets out alive anyway. Smile. Be goofy. Take chances. Have fun.

21. Surround yourself with people who love and support you. And, love and support them right back! Life is too short for anything less.

22. Learn the delicate dance. Have big beautiful dreams and vision. Chase them with much passion. But, also hold on to them all ever so lightly. Be flexible and willing to flow as life comes at you.

23. Giving is the secret to receiving. Share your wisdom, your love, your talents. Share freely and be amazed at how much beauty in life flows back to you.

24. On that note, be careful not to give too much. If you empty out your own cup completely, you will have nothing left to give. Balance is key.

25. Say "YES!" to everything that lights you up. Say "no", unapologetically, to anything that doesn't excite you or you don't have the bandwidth for. Time is one of our most precious resources that we can never get back. Manage it wisely.

26. Sometimes we outgrow friendships. It doesn't mean they're bad or you're bad. It just means you're on different paths. Hold them in your heart, but when they start to hurt or hold you back, it's time to give space or let go.

27. Fear is often a very good indicator of what we really want and need in our life. Let it be your compass and enjoy the exciting adventure it leads you on.

28. Overcoming your fears is one of the most empowering things you can ever do for yourself. You'll prove to yourself you can truly accomplish anything! Major self-confidence booster.

29. Our bodies are our vehicle to our dreams. Treat them with love and fuel them with the best health to feel vibrant and energized. But, never obsess over image. Looks are subjective and will fade in time, anyway. Feeling good, healthy, and comfortable in our own skin is what matters most.

30. Let those that you love know it often and enthusiastically. You can never say it or show it too much. Your time, total presence, love, and genuine concern for their wellness is the greatest gift of all.

31. The present moment is where it's at. It's the only one promised to any of us. Learn from your past & enjoy the beautiful memories, but don't cling or let them haunt you. And, dream big and be excited about the future, but don't become obsessed. Love this moment, always.

32. Life is full of highs and lows. We need them both to grow to our fullest potential. Just hang on tight and enjoy the ride.

33. We are all connected as one human family. Nobody is better or worse than anyone else -- just at different stages of our journeys and dealing with life the best way we know how. Recognize that the other person is you.

34. Practice daily gratitude for all the blessings in your life, large and small. Not only is this a high vibe practice that feels amazing, in practicing regularly you are creating space for even more abundance -- of joy, love, health, and prosperity.

35. We are not the center of the universe, although our ego can make us feel that way at times. Step outside of that way of thinking and see the world and other people's perspective in a whole new beautiful light.

36. The world needs more love, light, and laughter. Go be love.

37. You are the guru. For much of our lives, we have been told what do, how to think, what looks good, what "success" is. You don't have to buy into any of it. Feel free to peel back the layers. Think for yourself. Break the mold. When you stop doing what everybody else wants you to do and start following your own intuition, you will be ridiculously happy.
In looking back at your own life, realize that every high and low is all part of your amazing story. Own it! Take cues and guidance from the universe and you will continue to go on an incredible ride as you fully step into your truth and power.

How to download youtube video without downloading any software

Add Comment


Hi all ,today i will demonstrate you how to download you tube video without downloading any kind of software .

Follow the below steps :-

1) Select the video which you want to download
  In my case i have selected video



2) Now you can see the video URL in step-1 

Replace the https://www.   ===> with ss and press enter i.e 

Video URL :- https://www.youtube.com/watch?v=6acRHWnfZAE

Replace https://www. with ss 

New URL :- ssyoutube.com/watch?v=6acRHWnfZAE


3) Press enter and you can see this page 





4) Now here you will get the best quality video to download
   Select the either MP4360p or MP4 720P, as 720 pixel will give better video quality so ill click on         that. Once you click there you can able to download the video .:)




Note :

1) If you are at a school or job that is blocking YouTube, these steps may not work 

2)What about a private video?
You cannot download private videos because the YouTube download service will not have the necessary rights to access the video.

3)Caution: These services can be used to save any flash videos online and can be used to save adult related videos, which means when viewing these pages, you may be subjected to adult related content.



How to combine all .vcf files to single .vcf files manually

Add Comment
Vcard and Vcf :

In general to back up our phone contacts/or to import our contact from one device to another device we generally use “VCARD” feature.By using this feature we can back up our phones contacts.

vCards(.vcf files) are very important part of our life because we all are using some kind of mobiles, smart cellphones, PDA devices, iPhones, Tabbing Devices plus our online email accounts In general after Vcard conversion all contacts are converted into individual (vcf) files .

If we want import over 200 contacts from Outlook/Exchange/mobile vcard  into Google Contacts, with their photos we can convert multiple .vcf files into single vcf files by using COMMAND prompt.Now a days so many mobiles having vcardas inbuilt feature.

I have made this post because the people who are migrating from normal phone to smart phone this thing is necessary.

Steps to Bulk Import (Merge/combine) vCards into One Contact List(Single .vcf file)
Here is my setup

Step 1:-  First Copy all your .vcf  contacts into one Folder/directory.
(In my case I have moved all contact to c drive under Nilesh_Data_C => Test DATA) 

=>Fig 1

=> Fig-2




Note : if you can observe my all contact size is maximum up to 1 KB , once I will combine all contact to one that will be our main combined vcf file



Step 2:- Open Windows command prompt (Windows + R),and then type “CMD” to open command prompt and navigate to the destination folder where all your contact files are stored (you can type CD YOUR PATH command to reach to your destination).





Note : in CMD to move from one directory to another follow this
=> cd.. -> press enter you will move to one step down to directory
=> cd space the directory name to move to that particular directory

=> d: --> press enter to come in to your respective drive in my case its d drive


Step 3 :- Once you are in the directory where you have saved your all the .vcf files follow this command
=>copy *.vcf  all_contact.vcf
=> And press enter  
Once you press enter you can see all_contact.vcf file will be generated with size more than the size of your all contact and you have your file with all contacts in it.
Now you can upload this file on your mobile phone or on Google account (Gmail and import it )
Enjoy ;)