**** BEGIN LOGGING AT Thu Feb 19 02:59:58 2015
Feb 19 05:34:30 <Luke-Jr> FWIW, http://www.newegg.com/Product/Product.aspx?Item=0SC-001P-001D7 seems to be N900-compatible, although makes an annoying high-pitch noise.
Feb 19 05:34:48 <Luke-Jr> posted a review on NewEgg (hasn't shown up yet) if more details are desired
Feb 19 05:53:20 <robbiethe1st> I've used one of these, myself: http://www.ebay.com/itm/5V-1A-Mobile-Power-Supply-USB-Battery-Charger-18650-Box-for-Cell-Phone-MP3-MP4-/301529810728?pt=LH_DefaultDomain_0&hash=item463493c728 it charged my N950 with no problems, though I haven't tried my N900... IIRC, though, all you need is shorted D+ and D- for a full-current charge, right?
Feb 19 05:57:38 <Luke-Jr> robbiethe1st: I think so. Many USB chargers don't have that.
Feb 19 05:58:02 <robbiethe1st> One little blob of solder is all it takes... or a sharp knife and spare USB cable
Feb 19 05:58:12 <Luke-Jr> ☺
Feb 19 05:58:36 <Luke-Jr> my N900's internal battery lasts like 5-15 min now :<
Feb 19 05:59:06 <Luke-Jr> hope the Pyra makes a good replacement soon
Feb 19 06:02:00 <robbiethe1st> Just get a replacement cheapy?
Feb 19 06:02:08 <robbiethe1st> They tend to work decently, depending
Feb 19 06:03:42 <Luke-Jr> yeah, just hate to buy a new battery if I'm going to drop the N900 soon anyway
Feb 19 06:03:52 <Luke-Jr> hence the external battery pack
Feb 19 06:08:31 <KotCzarny> original nokia batteries are worth their price
Feb 19 06:09:05 <KotCzarny> cheapo chinese ones are good only when you want to sell the device claiming 'new battery onboard'
Feb 19 06:09:23 <Luke-Jr> KotCzarny: yeah, the hard part would be identifying the originals :P
Feb 19 06:09:59 <robbiethe1st> By now, I'm not sure about the original nokia batteries; they're years old by now
Feb 19 06:10:01 <KotCzarny> luke: price? ;)
Feb 19 06:10:08 <robbiethe1st> Unless they've been in the freezer for a few years...
Feb 19 06:10:18 <KotCzarny> well, good point
Feb 19 06:10:56 <KotCzarny> still, anything less than 10eur isnt gonna last long
Feb 19 06:11:50 <KotCzarny> you might want mugen cover or similar and dual battery (or double capacity one)
Feb 19 06:13:15 <Luke-Jr> wait, Nokia doesn't use the same batteries in new phones? :/
Feb 19 06:13:30 <robbiethe1st> I don't know. it depends on the size
Feb 19 06:14:12 <robbiethe1st> N950 had a different battery than N900(wider, but a N900 one would fit with a little plastic trimming), and I'm not sure what new dumbphones nokia is selling
Feb 19 06:14:16 <KotCzarny> nokia 520 uses bl-5j
Feb 19 06:14:18 <KotCzarny> for example
Feb 19 06:15:53 <KotCzarny> http://www.cpkb.org/wiki/Nokia_BL-5J_battery
Feb 19 06:16:00 <KotCzarny> and nokia asha 200/201/302
Feb 19 06:16:47 <KotCzarny> but as i said, if you dont mind bulky device and want extended capacity, grab extended cover and extended battery
Feb 19 06:18:27 <KotCzarny> http://talk.maemo.org/showthread.php?t=46987
Feb 19 06:18:30 <KotCzarny> :)
Feb 19 06:24:52 <KotCzarny> as for charger argument tho, my battery stil has ~1329mAh even after continuous use for 6 years by now
Feb 19 06:37:33 <Luke-Jr> eh, mine reports 1221mAh at full
Feb 19 06:37:41 <Luke-Jr> but once it gets to like 900, it just dis
Feb 19 06:37:42 <Luke-Jr> des
Feb 19 06:37:44 <Luke-Jr> dies*
Feb 19 06:37:58 <Luke-Jr> (and gets there pretty quick)
Feb 19 06:53:40 <KotCzarny> luke: is it original one?
Feb 19 07:03:25 <Luke-Jr> KotCzarny: I presume so, I got it in an unused N900 I bought off some guy on craigslist
Feb 19 07:03:35 <Luke-Jr> my original original inflated like a balloon
Feb 19 07:03:42 <KotCzarny> might have physical damage inside
Feb 19 07:04:07 <KotCzarny> i suggest replacing because it has higher danger of fatal failure
Feb 19 07:04:20 <Luke-Jr> fatal to what?
Feb 19 07:05:33 <KotCzarny> http://www.techlicious.com/blog/the-risk-of-exploding-lithium-ion-batteries/
Feb 19 07:07:44 <KotCzarny> http://electronics.howstuffworks.com/everyday-tech/lithium-ion-battery2.htm
Feb 19 07:08:08 <KotCzarny> here is more detailed process why do they explode
Feb 19 07:08:20 <Luke-Jr> firefox sucks too much, can you summarise? :x
Feb 19 07:08:50 <KotCzarny> the battery inside has insulator
Feb 19 07:09:14 <KotCzarny> when crystals grow or there happens physical damage to it, it can cause short
Feb 19 07:09:46 <KotCzarny> short means high discharge => high temperature => when it gets ignited, BOOM
Feb 19 07:17:20 <Luke-Jr> so where's a reliable source for a cheap battery that won't explode? :p
Feb 19 07:17:46 <KotCzarny> well, fatal failures are rare
Feb 19 07:18:03 <KotCzarny> but you've said your battery is inflated already
Feb 19 07:18:09 <Luke-Jr> I'd prefer not to get hospitalised even if I live
Feb 19 07:18:14 <Luke-Jr> that's my old battery
Feb 19 07:18:17 <Luke-Jr> not the current one
Feb 19 07:18:23 <KotCzarny> then it's ok
Feb 19 07:18:28 <Luke-Jr> ok
Feb 19 09:19:57 <bencoh> Luke-Jr: I bought a polarcell from amazon (Europe)
Feb 19 09:20:14 <bencoh> (a few weeks ago)
Feb 19 09:20:49 <kerio> orange chinese battery > polarcell
Feb 19 09:21:37 <bencoh> really ?
Feb 19 09:29:06 <KotCzarny> great
Feb 19 09:29:22 <KotCzarny> zziplib fails when i close(0,1,2) ehehe
Feb 19 09:29:53 <KotCzarny> maybe i should just open /dev/null as a dummy fd-0 and keep it that way
Feb 19 09:30:19 <bencoh> read nohup
Feb 19 09:30:46 <KotCzarny> nah, i'll just take fd-0 out of the available pool
Feb 19 09:31:00 <KotCzarny> i dont want to rely on some external util
Feb 19 09:31:06 <KotCzarny> if i can code workaround
Feb 19 09:31:31 <kerio> yeah i think you can't expect to close stdio and have everything working
Feb 19 09:31:43 <kerio> open /dev/null on all three i guess
Feb 19 09:32:02 <kerio> EOF when reading stdin is to be expected, and output will always work
Feb 19 09:32:04 <KotCzarny> kerio: i could, but there are code which checks for fd being >0 instead of >=
Feb 19 09:32:22 <KotCzarny> kerio: im not using stdin when my app is daemonized
Feb 19 09:32:30 <kerio> yeah but
Feb 19 09:32:41 <KotCzarny> and it works, but some libs aren't bug free apparently
Feb 19 09:32:49 <kerio> EOF is better than reading some other file
Feb 19 09:32:54 <kerio> :)
Feb 19 09:33:06 <KotCzarny> and no, zziplib doesn't need stdin in my use case
Feb 19 09:33:12 <kerio> and yet
Feb 19 09:33:39 <KotCzarny> i think you arent' understanding  situation
Feb 19 09:34:03 <kerio> oic, it refuses to work because it thinks some other file is stdin
Feb 19 09:34:14 <kerio> or doesn't work properly i guess
Feb 19 09:35:06 <KotCzarny> no, it fails because it has internal check for fd being >0, but when stdin is unneeded and closed, lib can assing fd-0 to anything (socket, file)
Feb 19 09:35:32 <KotCzarny> only fd<0 guarantees that open failed
Feb 19 09:35:55 <kerio> yeah yeah i understood that
Feb 19 09:36:13 <kerio> meh, i'd still keep some dummy file descriptors on 0, 1 and 2
Feb 19 09:36:21 <KotCzarny> that's what im going to do
Feb 19 09:46:39 <erlehmann> naba kumar is alive
Feb 19 09:46:46 <KotCzarny> and kicking?
Feb 19 09:54:12 <KotCzarny> the heck
Feb 19 09:54:17 <KotCzarny> it's something else
Feb 19 09:54:43 <erlehmann> what
Feb 19 09:54:55 <erlehmann> naba kumar wrote:
Feb 19 09:55:04 <KotCzarny> just wtfing the bug i stumbled upon in code
Feb 19 09:55:05 <erlehmann>  It's been long since I left Nokia. It's likely the code won't be open
Feb 19 09:55:05 <erlehmann>  sourced (and I don't have access now). The logging may still be happening
Feb 19 09:55:05 <erlehmann>  and could be accessed, for which I believe you could look at (IIRC)
Feb 19 09:55:05 <erlehmann>  telepathy logging library. Hope it helps.
Feb 19 10:15:43 <Sicelo> logging what?
Feb 19 10:24:31 <KotCzarny> hrm, it's definitely about closing fd-0
Feb 19 10:24:49 <KotCzarny> but fake-file-with-fd0 doesnt work as expected
Feb 19 10:27:08 <KotCzarny> lol. i had to use /dev/zero instead of /dev/null
Feb 19 10:30:18 <KotCzarny> ugly.
Feb 19 10:51:26 <KotCzarny> um-kay. uploaded new builds of oscp and remote
Feb 19 11:15:55 <kerio> KotCzarny: wait, what
Feb 19 11:16:01 <kerio> that *has* side effects
Feb 19 11:28:31 <KotCzarny> kerio: hmm?
Feb 19 11:28:43 <kerio> /dev/zero returns zeroes
Feb 19 11:28:49 <kerio> it might not be what you want
Feb 19 11:29:01 <KotCzarny> tested already and does what i need
Feb 19 11:29:13 <KotCzarny> no side effects in my codebase
Feb 19 11:57:17 <KotCzarny> hrm. now oss mixer stopped working on n800
Feb 19 11:57:19 <KotCzarny> o.o
Feb 19 13:09:15 <KotCzarny> frigginfragginmaemo4ossmixerignoringpropertag
Feb 19 14:47:18 <KotCzarny> anyone knows how can i bind hardware keys on n900?
Feb 19 14:47:25 <KotCzarny> in pygtk/python preferably
Feb 19 14:53:01 <stryngs> KotCzarny: bind keys?
Feb 19 14:53:06 <stryngs> like keyboard remapping?
Feb 19 14:53:11 <KotCzarny> well, use
Feb 19 14:53:20 <KotCzarny> right now they trigger volume up/down
Feb 19 14:53:33 <KotCzarny> how can i bind them to the active pygtk window
Feb 19 14:53:54 <kerio> bind on F6/F7
Feb 19 14:54:05 <kerio> i think
Feb 19 14:54:13 <KotCzarny> kerio: pygtk doesnt show anything
Feb 19 14:54:23 <KotCzarny> i have a catch-all routine
Feb 19 14:54:44 <stryngs> KotCzarny: one moment
Feb 19 14:54:53 <KotCzarny> on n800 they send f6/f7 as you suggest (i think)
Feb 19 14:55:01 <KotCzarny> but on n900 they don't reach the program
Feb 19 14:55:09 <KotCzarny> i've found one solution for c
Feb 19 14:55:23 <KotCzarny> but none pythonishish
Feb 19 14:55:37 <stryngs> KotCzarny: I'm not usre if this is what u are looking for but try: http://ethicalreporting.org/pwn/repo/pool/main/p/pwnphone-keyboard/pwnphone-keyboard_1.0.2_armel.deb
Feb 19 14:55:43 <stryngs> Don't dpkg -i it
Feb 19 14:55:46 <stryngs> but dpkg -x it
Feb 19 14:55:49 <stryngs> and check out what it does
Feb 19 14:55:52 <stryngs> perhaps it will help
Feb 19 14:56:52 <KotCzarny> it remaps keys
Feb 19 14:56:56 <KotCzarny> system wide
Feb 19 14:58:02 <stryngs> yes
Feb 19 14:58:06 <KotCzarny> http://doc.qt.digia.com/qt-maemo-4.7/maemo5-zoom.html
Feb 19 14:58:09 <KotCzarny> it's c-way
Feb 19 14:58:41 <stryngs> Oh
Feb 19 14:58:44 <stryngs> keybinding for guis
Feb 19 14:58:45 <stryngs> gotcha
Feb 19 14:58:53 <stryngs> well, perhaps the .deb can help somehow =)
Feb 19 14:58:56 <stryngs> checkitout =)
Feb 19 14:59:12 <KotCzarny> nah, its about sending x11/hildon a message
Feb 19 14:59:17 <KotCzarny> that i need those keys
Feb 19 14:59:20 <kerio> that's qt tho, isn't it
Feb 19 14:59:26 <KotCzarny> kerio: it's c
Feb 19 14:59:38 <kerio> yes but
Feb 19 14:59:39 <KotCzarny> see grabZoomKeys()
Feb 19 14:59:39 <kerio> it's qt
Feb 19 14:59:46 <KotCzarny> rest doesnt matter
Feb 19 14:59:56 <kerio> oh it's just x11 stuff
Feb 19 14:59:57 <kerio> ok
Feb 19 15:00:25 <KotCzarny> i just need to find a way to do it without needing external binaries 
Feb 19 15:02:45 <kerio> well, i mean
Feb 19 15:02:54 <kerio> if you *really* must, you can use ctypes
Feb 19 15:03:05 <KotCzarny> in python?
Feb 19 15:03:14 <kerio> yes
Feb 19 15:03:28 <KotCzarny> http://talk.maemo.org/showthread.php?t=58503
Feb 19 15:03:28 <kerio> but that's pretty much the same as an external binary, really
Feb 19 15:03:34 <KotCzarny> hah. gonna try this one
Feb 19 15:04:09 <KotCzarny> it will suck a bit because of dependency on import hildon; but.
Feb 19 15:04:42 <KotCzarny> i have two oscp binaries for n900, i might as well add oscp-remote-n900
Feb 19 15:05:43 <KotCzarny> wonder what happened to qwerty12
Feb 19 15:11:16 <KotCzarny> it's.. working
Feb 19 15:11:18 <KotCzarny> O.o
Feb 19 15:14:34 <KotCzarny> it's wooooorking.. muahahahahha
Feb 19 15:22:07 <Pali> yes, you need to use _HILDON_ZOOM_KEY_ATOM Xlib atom
Feb 19 15:22:26 <Pali> this is way how to grab zoom keys
Feb 19 15:22:53 <stryngs> Pali, is there any reason not to use the kernel for 3.10.0?
Feb 19 15:23:12 <Pali> yes, upstream kernel does not have needed HW support
Feb 19 15:23:14 <stryngs> https://gitorious.org/linux-n900/linux-n900/
Feb 19 15:23:17 <stryngs> Ah
Feb 19 15:23:24 <stryngs> So the defconfig is missing stuff =(
Feb 19 15:23:25 <Pali> see http://elinux.org/N900
Feb 19 15:23:33 <stryngs> specifically BPF 
Feb 19 15:23:54 <Pali> linux-n900 is that our git repo for mainlining...
Feb 19 15:23:55 <stryngs>  CONFIG_HAVE_BPF_JIT=y
Feb 19 15:24:05 <stryngs> and...
Feb 19 15:24:10 <stryngs> CONFIG_NETFILTER_XT_MATCH_BPF
Feb 19 15:24:13 <joga> hmm... I don't have the issue on my n900, but my gf's one (running cssu) for some reason can't connect to internet if "GSM" is selected, but "3G" works. might this be related to some internet setting on it, the sim card, or provider? we have the same provider (but I have a more beefy data plan)
Feb 19 15:24:17 <stryngs> those are the two needed I believe
Feb 19 15:25:04 <Pali> stryngs: looks like this was added to linux kernel 3.9
Feb 19 15:25:16 <stryngs> Right, so what can I do to aid the process?
Feb 19 15:25:20 <stryngs> If anything... =/
Feb 19 15:25:29 <Pali> you cannot use it on maemo
Feb 19 15:25:37 <stryngs> damn
Feb 19 15:25:39 <Pali> thats all
Feb 19 15:25:49 <stryngs> So it's official.  Scapy i truly broken for the n900
Feb 19 15:25:54 <stryngs> Well, that clears that up =)
Feb 19 15:26:04 <Pali> you can use u32 netfilter module
Feb 19 15:26:06 <stryngs> Will we be able to use it ever?
Feb 19 15:26:13 <stryngs> u32 netfilter.. hmm
Feb 19 15:26:15 <stryngs> with scapy?
Feb 19 15:26:22 <stryngs> or in general for filtering bpf style
Feb 19 15:26:37 <Pali> that can match any packet and with mark module you can see it via netfilter in userspace
Feb 19 15:26:45 <Pali> it is alternative solution for bpf
Feb 19 15:26:57 <stryngs> Interesting
Feb 19 15:27:10 <stryngs> I will notate that and continue on =)  Thank you very much for the help Pali
Feb 19 15:27:25 <stryngs> At least now I can stop recompiling python thinking perhaps it's python that is the issue
Feb 19 15:27:36 <Pali> you need to understand how linux iptables and netfilter is working
Feb 19 15:27:51 <Pali> and then you should be able to do anything what you want
Feb 19 15:27:53 <stryngs> Well, this is more of a monitor mode packet injection thing than anything
Feb 19 15:27:57 <stryngs> hence, iptables won't help
Feb 19 15:28:08 <stryngs> I want to bring airpwn to the n900
Feb 19 15:28:43 <stryngs> But, for MITM stuff, I will remember that.  u32 netfilter
Feb 19 15:28:44 <Pali> I think you should be able to use netfilter also on lower level
Feb 19 15:29:33 <Pali> I know that with u32 module I was able to match basically any ipv4 packet (just need to specify correct format for u32)
Feb 19 15:29:59 <stryngs> So you were able to (pseudocode here..):
Feb 19 15:30:19 <stryngs> grep for any packet that is issuing a GET / request and sniff the seq and ack and len?
Feb 19 15:30:44 <Pali> uffff, matching TCP data is not simple with u32
Feb 19 15:30:53 <stryngs> Ah, see that'
Feb 19 15:30:58 <stryngs> s what i'm trying to do =)
Feb 19 15:31:01 <Pali> but I think it could be possible
Feb 19 15:31:12 <stryngs> I'll prolly have to go with the kernel thing, i forget what it's called
Feb 19 15:31:16 <stryngs> listens for an action and then acts on it
Feb 19 15:31:25 <Pali> kerio: what do ou think?
Feb 19 15:31:25 <stryngs> make it a tcp trigger
Feb 19 15:31:34 <stryngs> when it detects x in tcpdump it does y
Feb 19 15:32:14 <Pali> man iptables: "U32 tests whether quantities of up to 4 bytes extracted from a packet have specified values. The specification of what to extract is general enough to find data at given offsets from tcp headers or payloads."
Feb 19 15:32:34 <kerio> Pali: looks neat
Feb 19 15:32:44 <stryngs> bam, there it is
Feb 19 15:33:00 <Pali> kerio: it is possible to extract GET request from packet via iptables/u32?
Feb 19 15:33:16 <kerio> ...oh god
Feb 19 15:33:17 <Pali> I think it should be, but I have never done it
Feb 19 15:33:43 <kerio> isn't GET like one of the latest packets in a http request?
Feb 19 15:33:50 <kerio> also, i think U32 wants exact offsets
Feb 19 15:35:00 <Pali> I think you can use indirect offset too...
Feb 19 15:35:09 <kerio> what's the plan?
Feb 19 15:35:27 <kerio> mark a certain http request to analyze it with userland tools?
Feb 19 15:35:52 <Pali> to use iptables/u32/netfilter instead bpf (because it is not supported in prior 3.9 kernel)
Feb 19 15:36:16 <Pali> stryngs: what exacly you want to do?
Feb 19 15:37:09 <kerio> oh, the fucking script kid
Feb 19 16:45:45 <KotCzarny> stryngs: if you only need mangling http traffic, why not use transparent proxy ?
Feb 19 16:46:00 <KotCzarny> with iptables redirect 
Feb 19 17:04:20 <stryngs_> KotCzarny: Monitor Mode
Feb 19 17:04:27 <stryngs_> KotCzarny: I'm not doing MITM
Feb 19 17:04:35 <KotCzarny> hmm
Feb 19 17:04:39 <stryngs_> I'm leveraging this against my ebay vulnerability
Feb 19 17:04:42 <stryngs_> Developing a new tool
Feb 19 17:04:48 <stryngs_> Going to force the industry to change
Feb 19 17:04:56 <stryngs_> And I'm going to do it with the n900 as a PoC
Feb 19 17:05:10 <KotCzarny> but in monitor mode you are only receiving
Feb 19 17:05:27 <stryngs_> When I can take my phone into a building, bang a command out and steal whatever I want cookie wise, it's game on for the industry
Feb 19 17:05:38 <stryngs_> Well, monitor mode allows for packet injection KotCzarny on the n900
Feb 19 17:06:21 <KotCzarny> so, you are only stealing cookies from lans
Feb 19 17:06:31 <stryngs_> No
Feb 19 17:06:39 <stryngs_> I'm going to hijack any cookie i want
Feb 19 17:06:48 <stryngs_> So long as you're on open wifi or wifi with a password I know
Feb 19 17:06:50 <stryngs_> I will own you
Feb 19 17:06:57 <stryngs_> Because the industry SUCKS at securing their damn cookies
Feb 19 17:06:59 <stryngs_> I intend to change it
Feb 19 17:07:04 <KotCzarny> if you are on the wifi you can connect, its lan
Feb 19 17:07:06 <stryngs_> google: ebay session hijack to see what i mean
Feb 19 17:07:13 <stryngs_> Dude, I dont need to be on the wifi
Feb 19 17:07:15 <stryngs_> MONITOR MODE
Feb 19 17:07:16 <stryngs_> MONITOR MODE
Feb 19 17:07:17 <stryngs_> MONITOR MODE
Feb 19 17:07:27 <stryngs_> I need to be within 44 mHz of your channel
Feb 19 17:07:29 <stryngs_> That's it
Feb 19 17:07:36 <bencoh> 18:06 < stryngs_> So long as you're on open wifi or wifi with a password I know
Feb 19 17:07:36 <bencoh> 18:06 < stryngs_> I will own you
Feb 19 17:07:38 <bencoh> hmm
Feb 19 17:08:02 <stryngs_> KotCzarny: See http://www.youtube.com/watch?v=NXdHT6TpeFk
Feb 19 17:08:09 <KotCzarny> if network is encrypted (wpa) you are not going to steal cookies
Feb 19 17:08:10 <stryngs_> I go indepth as to why the industry needs to change
Feb 19 17:08:10 <bencoh> it's easy on an open wifi
Feb 19 17:08:39 <bencoh> but on a "secured" wifi you need to sniff the handshake/auth between the base and the client
Feb 19 17:08:56 <stryngs_> No its not easy bencoh
Feb 19 17:09:00 <stryngs_> Not what i'm doing
Feb 19 17:09:11 <stryngs_> I wish it were =)
Feb 19 17:09:33 <bencoh> what do you mean by "open wifi" then ?
Feb 19 17:09:33 <stryngs_> And KotCzarny what I speak of is OPEN wifi, aka, starbucks
Feb 19 17:09:41 <stryngs_> 802.11 with no encryption 
Feb 19 17:09:54 <bencoh> what's the issue then ?
Feb 19 17:09:56 <stryngs_> All I need to do is inject a simple iframe and it's game over on a GET request
Feb 19 17:10:02 <stryngs_> watch my video bencoh 
Feb 19 17:10:04 <stryngs_> You'll see
Feb 19 17:10:05 <stryngs_> =)
Feb 19 17:10:14 <stryngs_> And yes, this tool will be available on the n900
Feb 19 17:10:32 <bencoh> aww, I hate watching videos on that kind of stuff :)
Feb 19 17:10:41 <stryngs_> hehe
Feb 19 17:10:44 <stryngs_> skip to 23:23 then
Feb 19 17:10:46 <bencoh> :)
Feb 19 17:10:53 <stryngs_> ngrep is a ninja tool bud =)
Feb 19 17:10:59 <stryngs_> ngrep with some mon0 action = pwnage
Feb 19 17:11:07 <stryngs_> throw in a lil iframage and they're done
Feb 19 17:11:27 <bencoh> did you check dsniff ? :)
Feb 19 17:11:39 <stryngs_> dsniff is for managed mode or eth0
Feb 19 17:11:40 <bencoh> that's a really old one but not too far from what you're doing
Feb 19 17:11:48 <stryngs_> very far off actually =)
Feb 19 17:11:52 <stryngs_> I'm not MITM at all
Feb 19 17:11:56 <stryngs_> I'm simply injecting an iframe
Feb 19 17:11:59 <bencoh> dsniff doesnt do any MITM
Feb 19 17:12:10 <stryngs_> right, but it doesnt inject only sniffs
Feb 19 17:12:14 <bencoh> yup
Feb 19 17:12:17 <stryngs_> ngrep > dsniff
Feb 19 17:12:25 <stryngs_> and ferret is perfect
Feb 19 17:12:30 <stryngs_> ferret parses the cookie for me
Feb 19 17:12:40 <stryngs_> Dug Song is a wonderful coder though, don't get me wrong!
Feb 19 17:13:52 <stryngs_> My main thing is all my tools revolve arounbd the n900 =)
Feb 19 17:14:03 <stryngs_> Why?  It's portable and concealable more than a laptop or tablet with a dongle
Feb 19 17:14:10 <stryngs_> People assume i'm texting on it
Feb 19 17:14:18 <stryngs_> At a pentest with a tablet and dongles, they assume the worst
Feb 19 17:14:29 <stryngs_> Hence why the Original PwnPhone from pwnieexpress rocks and rolls =)
Feb 19 17:14:31 <stryngs_> viva la n900
Feb 19 17:21:37 <KotCzarny> but how do you inject when you are on monitor mode
Feb 19 17:22:02 <KotCzarny> also, open network in starbuck == lan
Feb 19 17:22:14 <KotCzarny> and people using private stuff there are just.. stupid
Feb 19 17:23:15 <KotCzarny> it's not about changing industry, if someone is stupid enough to use public networks for anything more than checking info, nothing is going to help them
Feb 19 17:28:55 <stryngs_> Heh
Feb 19 17:29:02 <stryngs_> KotCzarny is way off base,
Feb 19 17:29:17 <stryngs_> KotCzarny: I'm glad you came back
Feb 19 17:29:20 <stryngs_> Time for some school.
Feb 19 17:29:30 <stryngs_> KotCzarny: Do you logoff EVERY website every time>
Feb 19 17:29:30 <stryngs_> ?
Feb 19 17:29:32 <KotCzarny> if you give them false sense of security, someone will find the next bug
Feb 19 17:29:50 <KotCzarny> stryngs: sometimes, but i dont treat network as secure
Feb 19 17:30:01 <stryngs_> Ok thats fine, so if its https your happy right?
Feb 19 17:30:07 <KotCzarny> nope
Feb 19 17:30:16 <KotCzarny> i know https can be cracked
Feb 19 17:30:20 <stryngs_> Ok, I'm gunna break u dude.  Let's say yer on your own damn network
Feb 19 17:30:25 <stryngs_> Do u do online banking?
Feb 19 17:30:26 <stryngs_> Ebay
Feb 19 17:30:27 <stryngs_> Facebook
Feb 19 17:30:28 <stryngs_> etc..
Feb 19 17:30:32 <stryngs_> On your own network
Feb 19 17:30:44 <bencoh> (no fb, it's bad for your brain :°)
Feb 19 17:30:59 <KotCzarny> stryngs: stop caring too much about it: http://www.techamok.com/?pid=15162
Feb 19 17:31:01 <stryngs_> Stop looking at this from a pessimistic point of view.  You obviously had no idea until now that this was possible, so roll with me
Feb 19 17:31:02 <KotCzarny> nsa has you
Feb 19 17:31:06 <KotCzarny> more than you can imagine
Feb 19 17:31:15 <stryngs_> Considering I work with them, i dont care
Feb 19 17:31:17 <KotCzarny> it can hack you even when you are OFFLINE
Feb 19 17:31:40 <KotCzarny> so can mobsters probably
Feb 19 17:31:50 <stryngs_> So do u want to learn what i am talking of KotCzarny ?  I'll teach u this approach if u want, but im not gunna force it down your thorat
Feb 19 17:32:03 <bencoh> they can certainly "hack" you in the strictest sense :p
Feb 19 17:32:07 <KotCzarny> nah, i don't care
Feb 19 17:32:15 <stryngs_> Ok then.
Feb 19 17:32:15 <KotCzarny> i know network is crackable
Feb 19 17:32:17 <KotCzarny> multiple ways
Feb 19 17:32:31 <KotCzarny> it's people that need to change
Feb 19 17:32:35 <KotCzarny> not the tech
Feb 19 17:32:38 <stryngs_> Dude, you have no idea.  And you definately do not grasp what i'm talking about since you keep blathering on about people needing to chaneg
Feb 19 17:32:42 <stryngs_> ITS THE FUCKIN TECH that is broken
Feb 19 17:32:46 <KotCzarny> nope
Feb 19 17:32:47 <stryngs_> stop sayin its the people
Feb 19 17:32:48 <KotCzarny> it's people
Feb 19 17:32:55 <bencoh> I'd say both :)
Feb 19 17:32:58 <KotCzarny> if there is no one going to bad things to you
Feb 19 17:33:06 <KotCzarny> you wont be needing encryption
Feb 19 17:33:07 <stryngs_> People are stupid, but when u have sites like ebay using cookies with no secure flag nor httponly flag, then its the damn tech
Feb 19 17:33:24 <stryngs_> And u saying it's the people just burns me up!
Feb 19 17:33:30 <KotCzarny> yup
Feb 19 17:33:44 <stryngs_> >>>>>> People are stupid, but when u have sites like ebay using cookies with no secure flag nor httponly flag, then its the damn tech <<<<<<<
Feb 19 17:33:55 <KotCzarny> in some places when there is no cashier, people just leave money on the counter and go
Feb 19 17:34:09 <KotCzarny> in most places people will just steal in such case
Feb 19 17:34:28 <KotCzarny> so no, it's not the tech that is the problem but people's attitude and morals
Feb 19 17:34:41 <KotCzarny> if there are no thieves, there would be no need for locks
Feb 19 17:35:09 <KotCzarny> if you start locking things up, bad people will open them without your consent sooner or later
Feb 19 17:35:39 <KotCzarny> in the first case, you have no stress
Feb 19 17:35:50 <KotCzarny> in the second, you live in constant fear
Feb 19 17:35:56 <KotCzarny> (or false sense of security)
Feb 19 17:36:19 <KotCzarny> you patch one hole, bunch of 0day ones crop up next month
Feb 19 17:38:32 <bencoh> :)
Feb 19 17:38:49 * stryngs_ pokes arist0v-work 
Feb 19 17:39:04 <arist0v-work> hey don't poke me stryngs_ i just eat.....
Feb 19 17:39:14 <stryngs_> haha
Feb 19 18:05:37 <KotCzarny> stryngs: pic related: http://i.imgur.com/5nClv.jpg
Feb 19 20:13:21 <Sicelo> mybb
Feb 19 21:44:15 <stryngs_> Can someone please do: head -n 30 /usr/include/linux/if_arp.h | nc termbin.com 9999
Feb 19 21:44:20 <stryngs_> Please and thank you post the URL =)
Feb 19 21:46:45 <stryngs_> nvm
Feb 19 21:46:46 <stryngs_> =)
Feb 19 23:16:26 <infobot> DocScrutinizer: infobot joined!
**** ENDING LOGGING AT Fri Feb 20 02:59:59 2015