WEB 2.0 Tools. Useful ones!
Planetweb has a lovley list of web2.0 apps:
----Quote-----
Let’s have a look at the top 5 most popular Web2.0 services hackers cannot live without. This listing is based on my personal research that was also presented at OWASP Web Application Security Conference 2007 in Italy.
Yahoo Pipes is the web hacker power tool. The powerful mashup
functionalities of YPipes cannot be compared to any other service
available on-line. Even Google’s Mashup Editor looks like a baby toy
when compared to Yahoo’s big guns.
Yahoo pipes allow you to mashup feeds, xml and csv files. The
service provides powerful caching capabilities to improve the
availability of the mashed data. Among the traditional filters and
aggregators, Yahoo pipes can be used to replace text blocks, perform
mathematical computations, execute contextual searches and many other
things. The result of the mashed data can be exported in RSS, ATOM,
JSON, XML and pretty much everything else that is under the sun.
Yahoo pipes is one of the most elegant tools when it
comes to AJAX worms. The internal Pipes logic can be used to fetch any
resource and serve it as well structured JSON serialized object. With a
few blocks on pipes, attackers can develop powerful vulnerability
scanners/spiders that work on browser based JavaScript code (i.e.
harmless web pages). Yahoo Pipes is the most elegant tool for all sorts
of malicious purposes on-line. Signup today.
Dapper is the web2.0 scraping service. Dapper’s wrapper allows you
to parse the content of any page in a few simple steps. Just like
Pipes, Dappers supports many output formats, including XML, RSS, ATOM,
JSON, etc.
Dappers is most suitable for community supported malware
code. Why do you want to statically embed your XSS attack vectors
inside your malicious JavaScript when you can dynamically parse them
from websites such as?
As soon as a new XSS vector is added to the on-line XSS database,
Dapper will pick it up and send it to all bots so they are all updated
with the latest vulnerability findings. Worms that propagate across the
entire Web has never been easier without Dapper.
Feed43 goes even further then Dapper. Instead of parsing the top
layer data, Feed43 allows you write regular expression like rules. This
service is suitable when you need to get into the remote page source
code. In a few simple steps, we can parse and collect important bits of
informaton from every page online. Feed43 outputs RSS only, but that
shouldn’t bother you. We can get Pipes and Dapper to convert it back to
JSON, XML or ATOM. It is that easy.
Feed42 is suitable when you need to get to the point. Do
you want to extract the latest Google Hacking database entries, or you
may prefer to look for SQL Injection payloads? No problem. Use Feed42
powerful parsing capabilities and get your results as simple RSS feeds.
Then feed the Trojan. Why not use Digg’s commenting system as covert
channel for distributing malicious payloads? Feed42 will help you out
with whatever your needs are.
Zoho Creator is MS Access for the Web. You can create database like
applications in a few simple steps. Just login and start building your
forms. It is as simple as dragging the type of field that you want and
dropping it inside the current workspace. Save you form and exposed it
online. Now use JavaScript to populate your database entries.
Zoho Creator is a great tool, and very powerful too. It
allows you to do all sorts of useful things, like Phishing users with
only client-side JavaScript. For example, create a new database that
has fields for the username, the password and of course the website
where the credentials were retrieved from. Now link that to your
JavaScript. When you hijack the login forms your are after, just send
the credentials across Zoho. The Service will store them for you and
will send you a confirmation email. I’m loving it! Now sit back and
relax. Soon your phished accounts will start showing up in your mail
box. If you are not after accounts, well, just store whatever else you
need, like sites that has been already compromised so your worm does
not have to redo the job again. Simple!
Google Reader the one of the most powerful feed readers on-line.
This application allows you to subscribe to anything. It also has some
nice GUI features. However, there is more then that.
Google Reader is one of the most powerful feed backup
and mashup services on-line. Do you need to backup the stolen
credentials? Use the reader. Do you want to mash them up with your
friends’ malicious feeds? Use the reader. Whatever you need, the reader
is the right tool for you. It is so powerful that you can export to
mashed feeds again into ATOM and then feed it back to your Trojans.
---/quote----
