Test your IP version 6 readiness here: http://ip6.nl/
Another test do the vulnerability test on the JQuery version of a webpage: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003 - http://domstorm.skepticfx.com/modules/run?id=529bbe6e125fac0000000003
A JQuery bookmarklet - http://www.learningjquery.com/2009/04/better-stronger-safer-jquerify-bookmarklet/
It’s a nice little tool that allows you to play around with jQuery on a page that doesn’t already have jQuery loaded and see the results immediately - either “This page is now jQuerified” or “This page was already jQuerified.”
polonus
Problems with your Internet connection,
There is something you could do for starters, that is test it:
[Windows-key]r key combination → cmd.exe (in admin mode only, else you are not allowed to flushdns)
nslookup www.quantum.com (your providers address - just a random example)
ipconfig /flushdns
nslookup www.quantum.com 8.8.8.8
Report to a qualified remover here for instance what results you got for 2 nslookup commands.
Of course you could test another dns-entry, do by all means, preferably one that gives DNS-issues/problems for you (in Internet Explorer). Info credits go to Tijs, Tera Honourable Senior Member
polonus
Run your code through the sniffer here: http://squizlabs.github.io/HTML_CodeSniffer/
enjoy,
polonus
A test site for Moble Friendliness of Webpages, also rather interesting for folks like Polonus, volunteer website analyst regarding insecurities on sites. Enjoy this test site, folks, enjoy: http://mobilefriendlytest.website/index.php
polonus (volunteer website security analyst and website error-hunter)
To save offline and analyze - WinHTTrack Website Copier 3.48-21
(Ons fouten en problemen mede te delen)
Ontwikkeling:
Interface (Windows): Xavier Roche
Spider: Xavier Roche
JavaParserClasses: Yann Philippot
(C)1998-2003 Xavier Roche and other contributors
MANY THANKS for Dutch translations to:
Rudi Ferrari (Wyando@netcologne.de)
Bezoek onze webpagina :
http://www.httrack.com
Combined with analyzer SensePost Wikto 2.1. http://sensepost-wikto.software.informer.com/download/
Wikto is Nikto for Windows - but with a couple of fancy extra features including fuzzy logic error code checking, a back-end miner, Google-assisted directory mining and real time HTTP request/response monitoring.
Wikto is not a web application scanner. It is totally unaware of the application (if any) that’s running on the web site. Wikto will not look for SQL injection problems, authorization problems etc. on a web site. It is also not a network level scanner – so it won’t try to find open ports, or see if the web site is properly firewalled. Wikto rather operates between these two levels – it tries to, for instance, find interesting directories and files on the web site, it looks for sample scripts that can be abused or finds known vulnerabilities in the web server implementation itself.
Enjoy, enjoy, but be aware of all the legal implications for your country using the software
only for websites where you have explicit written permission to scan (e.g. websites you own),
in all other circumstances do not scan any website directly - use so-called third party cold reconnaissance scanning.
polonus
Make your own bookmarklets and drag the links created onto your bookmark toolbar in the browser.
Create the bookmarklet yourself here http://mrcoles.com/bookmarklet/ with this code to remove bloat from a page
javascript:(function()%7Balert(%22test!%22)%20javascript%3A(function()%7Bfunction%20R(w)%7Btry%7Bvar%20d%3Dw.document%2Cj%2Ci%2Ct%2CT%2CN%2Cb%2Cr%3D1%2CC%3Bfor(j%3D0%3Bt%3D%5B%22object%22%2C%22embed%22%2C%22applet%22%2C%22iframe%22%5D%5Bj%5D%3B%2B%2Bj)%7BT%3Dd.getElementsByTagName(t)%3Bfor(i%3DT.length-1%3B(i%2B1)%26%26(N%3DT%5Bi%5D)%3B--i)if(j!%3D3%7C%7C!R((C%3DN.contentWindow)%3FC%3AN.contentDocument.defaultView))%7Bb%3Dd.createElement(%22div%22)%3Bb.style.width%3DN.width%3B%20b.style.height%3DN.height%3Bb.innerHTML%3D%22%3Cdel%3E%22%2B(j%3D%3D3%3F%22third-party%20%22%2Bt%3At)%2B%22%3C%2Fdel%3E%22%3BN.parentNode.replaceChild(b%2CN)%3B%7D%7D%7Dcatch(E)%7Br%3D0%7Dreturn%20r%7DR(self)%3Bvar%20i%2Cx%3Bfor(i%3D0%3Bx%3Dframes%5Bi%5D%3B%2B%2Bi)R(x)%7D)()%7D)()
and this code to rewrite redirects
javascript:(function(){var k,x,t,i,j,p; for(k=0;x=document.links[k];k++){t=x.href.replace(/[%]3A/ig,':').replace(/[%]2f/ig,'/');i=t.lastIndexOf('http');if(i>0){ t=t.substring(i); j=t.indexOf('&'); if(j>0)t=t.substring(0,j); p=/https?\:\/\/[^\s]*[^.,;'">\s\)\]]/.exec(unescape(t)); if(p) x.href=p[0]; } else if (x.onmouseover&&x.onmouseout){x.onmouseover(); if (window.status && window.status.indexOf('://')!=-1)x.href=window.status; x.onmouseout(); } x.onmouseover=null; x.onmouseout=null; }})();
Enjoy,
polonus
Validate your SSL connection strength: https://calomel.org/firefox_ssl_validation.html
You could combine this with the Netcraft extension report.
And of course a Qualys SSL scan: https://www.ssllabs.com/ssltest
or the other tests as given in this thread earlier.
polonus
Here on the avast official support forums various users use all sort of website scan sites.
The results of such scans may set us at ease or
they may encourage us to just look again or avoid to visit a particular website, url, uri…
As our friend Para-Noid has learned us: “You can only trust what you have tested yourself”.
And as his forum friend I’d wholeheartedly agree with this Para_Noid’s credo.
It is a home-ringing truth, my dear avast friends,
Now we may ask in all earnesty: “Who can we really still trust online these days?”.
We have bookmarklets to detect whether a site has JQuery and what (vulnerable) version.
On this fine page we also find fine vulnerability scanners for WP and Joomla CMS results
on websites and more scans and tools: https://hackertarget.com
Another interesting website to find out about what technologies are being used to be used
on a particular website can be found here:
http://pagexray.com/site/ x for x give in the domain of site you wanna check.
enjoy, my good friends, enjoy,
polonus
Various handy utilities to be found here: http://www.nothink.org/utilities.php
Links presented as is. Only to be used when given pertinent written permission to test
or to test on your own website and scripts.
Never go to websites directly, always know your legal position when using scans, if not certain refrain from using,
like with Dazzlepod scan results or Qualys server scan results. The info gained there is not be used against thos scanned.
Qualys Scan Results are not to be given.
You are never to use info gained by cold reconnaissance third party scanning against a particular website/domain. which you do not own. Sometimes you can give a certain scan link (broken), but are not to give the scan result data.
An intersting example of all you can find at this address: http://www.danstools.com/javascript-obfuscate/
Know that in malware loads of so-called pseudo-script and script-obfuscation is used to mislead detection.
so whenever we experiebce obfuscated script it should be a reason to be alert.
As Para-Noid states: “You can only fully trust, what you have tested yourself”.
enjoy, my good friends, enjoy,
Damian
A nice chrome extension to prevent type-behavioral profiling, Keyboard privacy, one you should have:
https://chrome.google.com/webstore/detail/keyboard-privacy/aoeboeflhhnobfjkafamelopfeojdohk
pol
P.S. Where you need secure connection and it does not matter, your bank website for instance, disable the extension.
So toggle to on´ when privacy goes over security, off´ when security goes over privacy.
Keyboord Privacy seems the extension to save Tor users to be de-anonimyzed by their type profile.
The cat and mouse game between protection and monitoring forces goes on and on…
Damian
For VPN users of Chrome, prevent leaking non-public IP addresses with this extension: https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia
Another protection against this read-out via javascript methods is the use of NoScript, uMatrix, and Tor-Guard.
To diable it in the Google Chrome browser settings, give in in the address bar: “chrome://flags/” and set “Disable WebRTC device enumeration” to on. In firefox in the address bar give in “about:config” and then set “media.peerconnection.enabled” to “false”. Or as said use the versatile overall protection of the NoScript extension in firefox, and uMatrix in Google Chrome.
polonus
Interesting about what your browser knows about you:
https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets/16415/
link article author = sally Vandeven
Curious → just open a command prompt and run:
set SSLKEYLOGFILE=c:\sslKeyLogFile.txt
Know that Bitdender products may ruin “SSL” through installing an all purpose root certificate, so one can no longer see the validation path and it also is not checking for revocation.
This can be disabled by locally deleting the root CA and disabling the SSL scan option, so Bitdefender can no longer interfere,
but for users that want to enforce SSL (like with https: everywhere) this is no option.
Forum users that use Bitdefender, and I know some here that are, should be aware of such facts.
Avast has a far better SSL-scanning feature ;D as we know from avast team members here.
We know Mozilla NSS has mentioned feature, MS might have it also,
but then if it was/is the feature never was known to the public.
Info-credits go to Secu_jay.
polonus
