Udaipur
Website: www.udaipur.ind.in
Facebook: www.facebook.com/TheUdaipurLakecity/
Twitter: www.twitter.com/udaipur_
21.5.16
Udaipur Shopping
Udaipur
Website: www.udaipur.ind.in
Facebook: www.facebook.com/TheUdaipurLakecity/
Twitter: www.twitter.com/udaipur_
7.2.16
Girls Ethnic Fashion Wear in Udaipur
If you are looking for best fashion accessories and clothing in Udaipur, here is the solution. Fashion Hack is a well known name in Udaipur known for its trendy casuals for men and women where you can pick from a wide range of designer jeans, Suits, Blazer, Kurta Pazama, Trouser, Jeans, T-shirts, Formals, Shirts, Jackets and huge collection of stylish clothing.
Fashion Hack is famous for its wide range collection, beautiful patterns, elegant designs, exquisite colors and provides complete women clothing solution and offers wide collection of latest fancy, stylish designs and patterns in party wear salwar kameez, anarkali suits, casual suits, classic kurtis, lehenga Dresses, leggings, night wear and dress material.
Fashion Hack also have a designer collection of Sarees like pure Kanjivaram silk, Ikat silk, Bomkai silk, Rajkot silk, Banarsi silk, soft silk sarees including unique display of Traditional sarees, Wedding Sarees, Cotton Sarees, Bridal Wear Sarees, Party Wear Sarees, Designer Silk Sarees, Exclusive Embroidery Sarees and Designer Sarees.
So, we have solved your problem. Now go and only prefer #FashionHack for trendy clothing.
11.12.15
Explore the Beauty of Udaipur With New City Portal
Udaipur is a very popular tourist destination founded in 1559 by Maharana Udai Singh II. Udaipur is a beautiful city known for its shimmering lakes, Aravli Hills, picture-perfect backdrops, and aslo for its glorious history, tradition and culture. Udaipur also called 'the city of lakes' & 'Venice of East'.
We are Introducing all new Tours & Travel as well as City Guide of Udaipur with you can explore various museums, palaces, gardens, monuments and colorful festivals and the taste of mewar. Search Hotels, Restaurants, Travel, Tourism, Clothing-Garment, Shops, Taxi and All Information About Udaipur.
Log on to : www.udaipur.ind.in
We are Introducing all new Tours & Travel as well as City Guide of Udaipur with you can explore various museums, palaces, gardens, monuments and colorful festivals and the taste of mewar. Search Hotels, Restaurants, Travel, Tourism, Clothing-Garment, Shops, Taxi and All Information About Udaipur.
Log on to : www.udaipur.ind.in
4.12.15
Cheap Taxi Udaipur - Udaipur Car Hire
Udaipur Taxi Service - Udaipur, the capital of the former princely state of Mewar is a beautiful city in Rajasthan, India. Udaipur city is also referred to as the "Venice of the East", the "Most Romantic City of India" and the "Kashmir of Rajasthan". Udaipur the “City of Lakes” is one among the most romantic and most beautiful cities of India. The city of Dawn, Udaipur is a lovely land around the azure water lakes, hemmed in by the lush hills of the Aravalis. A vision in white drenched in romance and beauty, Udaipur city of Rajasthan state is a fascinating blend of sights, sounds and experiences - an inspiration for the imagination of the poets, painters and writers. Udaipur's kaleidoscope of fairy-tale palaces, lakes, temples, gardens and narrow lanes strewn with stalls, carry the flavor of heroic past, epitomizing valor and chivalry. Their reflection in the placid waters of the Lake Pichhola is an enticing sight.
Best Way to Explore Udaipur
We at Run Taxis Udaipur Deliver Premium and luxury Taxi Services in Udaipur, Rajasthan. Run Taxis Udaipur is the most trustworthy Taxi Provider in Udaipur offering Car Rental and Taxi Service in Udaipur that ensures comfort and safety of the customers
Best Way to Explore Udaipur
We at Run Taxis Udaipur Deliver Premium and luxury Taxi Services in Udaipur, Rajasthan. Run Taxis Udaipur is the most trustworthy Taxi Provider in Udaipur offering Car Rental and Taxi Service in Udaipur that ensures comfort and safety of the customers
9.7.15
Buy Clothes and Accessories in Udaipur - Clothes Showrooms in Udaipur
Buy Clothes and Accessories in Udaipur
Fashion Hack is a famous well known men’s and Women's wear showroom in Udaipur consisting of fashionable collection & wide range of of men’s wear Suits, Blazer, Kurta Pazama, Trouser, Jeans, T-shirts, Formals, Shirts, Jackets and many more.
Fashion Hack has huge varieties of branded, fashionable, exciting, stylish apparels to choose from at affordable price. It is a hotspot for the all shopaholics. Ultimate offers you the finest designer and casual clothes. It is a one stop shop for all kinds of casual, formal, party apparels and clothing.
Fashion Hack is the only answer of an ultimate wardrobe shopping experience. It is keeping with the latest fashion trends, showcases lines for spring, summer, fall, and winter, in varied fabrics. You can find wide range of stylish and trendy apparel collection here.
Step in today and walk out in style!
Fashion Hack is the only answer of an ultimate wardrobe shopping experience. It is keeping with the latest fashion trends, showcases lines for spring, summer, fall, and winter, in varied fabrics. You can find wide range of stylish and trendy apparel collection here.
Step in today and walk out in style!
4.2.15
Soha Ali Khan-Kunal wedding Fashion
Soha Ali Khan married Kunal Khemu this weekend in what was, by Bollywood standards, a fairly private wedding. The few pictures that have emerged of the wedding show Bollywood stars in designers like Manish Malhotra and Sabyasachi Mukherjee.While the bride is glowing, fashion lovers this side of the border can’t help but ask — this is the best of Indian bridal fashion Read More
Bollywood Buzz on - India Kishmish "The Blog of India"
26.6.12
10 Super Cool Chat Photos codes For facebook chat
Hello Friends new post about Facebook Chat
Send directly Photo to someone or your friends, family.
Just copy below code and paste in chat box.
If you like this comment please and Share This with
Your friends and Like and visit site daily for
new update..
Islami Photo
[[354483334605688]] [[354483327939022]] [[354483331272355]] [[354483321272356]] [[354483324605689]]
[[354483454605676]] [[354483447939010]] [[354483444605677]] [[354483451272343]] [[354483441272344]]
[[354483531272335]] [[354483521272336]] [[354483527939002]] [[354483524605669]] [[354483517939003]]
[[354483617938993]] [[354483611272327]] [[354483621272326]] [[354483614605660]] [[354483627938992]]
[[354483704605651]] [[354483707938984]] [[354483701272318]] [[354483714605650]] [[354483711272317]]
Cute Girl
[[288278597931514]] [[288278607931513]] [[288278601264847]] [[288278594598181]]
[[288278604598180]] [[288278711264836]] [[288278707931503]] [[288278714598169]]
[[288278717931502]] [[288278704598170]] [[288278841264823]] [[288278831264824]]
[[288278824598158]] [[288278834598157]] [[288278844598156]] [[288278991264808]]
[[288278987931475]] [[288279001264807]] [[288279007931473]] [[288279004598140]]
[[288279101264797]] [[288279104598130]] [[288279107931463]] [[288279111264796]]
Rajnikanth
[[357894360930447]] [[357894357597114]] [[357894350930448]]
[[357894354263781]] [[357894364263780]] [[357894470930436]]
[[357894477597102]] [[357894474263769]] [[357894467597103]]
[[357894484263768]] [[357894557597094]] [[357894544263762]]
[[357894554263761]] [[357894550930428]] [[357894547597095]]
[[357894634263753]] [[357894627597087]] [[357894630930420]]
Heart
[[379320338758329]] [[379320355424994]] [[379320348758328]] [[379320352091661]] [[379320345424995]] [[379320455424984]]
[[379320448758318]] [[379320452091651]] [[379320445424985]] [[379320442091652]] [[379320525424977]] [[379320518758311]]
[[379320512091645]] [[379320522091644]] [[379320515424978]] [[379320602091636]] [[379320612091635]] [[379320605424969]]
[[379320598758303]] [[379320608758302]] [[379320702091626]] [[379320705424959]] [[379320692091627]] [[379320695424960]]
[[379320698758293]] [[379320778758285]] [[379320775424952]] [[379320788758284]] [[379320785424951]] [[379320782091618]]
[[379320872091609]] [[379320875424942]] [[379320865424943]] [[379320862091610]] [[379320868758276]]
Mr. Bean
[[255016264574238]] [[255016271240904]] [[255016277907570]]
[[255016267907571]] [[255016274574237]] [[255016384574226]]
[[255016387907559]] [[255016394574225]] [[255016401240891]]
[[255016391240892]] [[255016464574218]] [[255016454574219]]
[[255016457907552]] [[255016461240885]] [[255016451240886]]
[[255016537907544]] [[255016531240878]] [[255016534574211]]
[[255016541240877]] [[255016527907545]] [[255016634574201]]
Jack Sparrow
[[298356520217565]] [[298356516884232]] [[298356506884233]] [[298356510217566]]
[[298356513550899]] [[298356620217555]] [[298356606884223]] [[298356616884222]]
[[298356610217556]] [[298356613550889]] [[298356673550883]] [[298356676884216]]
[[298356666884217]] [[298356680217549]] [[298356670217550]] [[298356740217543]]
[[298356733550877]] [[298356743550876]] [[298356730217544]] [[298356736884210]]
[[298356823550868]] [[298356810217536]] [[298356820217535]] [[298356826884201]]
[[298356813550869]] [[298356906884193]] [[298356896884194]] [[298356900217527]]
[[298356903550860]] [[298356893550861]] [[298356950217522]] [[298356946884189]]
Superman
[[299528860107644]] [[299528863440977]] [[299528866774310]] [[299528856774311]]
[[299528870107643]] [[299528950107635]] [[299528943440969]] [[299528946774302]]
[[299528953440968]] [[299528956774301]] [[299529013440962]] [[299529016774295]]
[[299529010107629]] [[299529003440963]] [[299529006774296]] [[299529060107624]]
[[299529063440957]] [[299529066774290]] [[299529070107623]] [[299529073440956]]
[[299529173440946]] [[299529183440945]] [[299529180107612]] [[299529176774279]]
[[299529186774278]] [[299529243440939]] [[299529236774273]] [[299529240107606]]
Emlo
[[302117289844540]] [[302117283177874]] [[302117276511208]] [[302117279844541]] [[302117286511207]] [[302117366511199]]
[[302117369844532]] [[302117373177865]] [[302117383177864]] [[302117379844531]] [[302117426511193]] [[302117436511192]]
[[302117429844526]] [[302117423177860]] [[302117433177859]] [[302117523177850]] [[302117529844516]] [[302117526511183]]
[[302117536511182]] [[302117533177849]] [[302117606511175]] [[302117596511176]] [[302117599844509]] [[302117593177843]]
[[302117603177842]] [[302117646511171]] [[302117649844504]] [[302117659844503]] [[302117656511170]] [[302117653177837]]
[[302117706511165]] [[302117703177832]] [[302117699844499]] [[302117709844498]] [[302117696511166]] [[302117749844494]]
Troll Face
[[242538225822042]] [[242538222488709]] [[242538232488708]] [[242538219155376]] [[242538229155375]] [[242538339155364]]
[[242538335822031]] [[242538342488697]] [[242538345822030]] [[242538349155363]] [[242538392488692]] [[242538395822025]]
[[242538399155358]] [[242538402488691]] [[242538405822024]] [[242538475822017]] [[242538472488684]] [[242538489155349]]
[[242538492488682]] [[242538485822016]] [[242538562488675]] [[242538565822008]] [[242538569155341]] [[242538575822007]]
[[242538572488674]] [[242538612488670]] [[242538625822002]] [[242538619155336]] [[242538622488669]] [[242538615822003]]
[[242538675821997]] [[242538682488663]] [[242538672488664]] [[242538679155330]] [[242538685821996]] [[242538742488657]]
Mask
[[255006724575192]] [[255006727908525]] [[255006737908524]] [[255006734575191]] [[255006731241858]]
[[255006827908515]] [[255006831241848]] [[255006824575182]] [[255006817908516]] [[255006821241849]]
[[255006874575177]] [[255006871241844]] [[255006884575176]] [[255006877908510]] [[255006881241843]]
[[255006934575171]] [[255006931241838]] [[255006941241837]] [[255006944575170]] [[255006937908504]]
[[255007004575164]] [[255007001241831]] [[255006994575165]] [[255006997908498]] [[255006991241832]]
[[255007084575156]] [[255007101241821]] [[255007077908490]] [[255007091241822]] [[255007081241823]]
Send directly Photo to someone or your friends, family.
Just copy below code and paste in chat box.
If you like this comment please and Share This with
Your friends and Like and visit site daily for
new update..
Islami Photo
[[354483334605688]] [[354483327939022]] [[354483331272355]] [[354483321272356]] [[354483324605689]]
[[354483454605676]] [[354483447939010]] [[354483444605677]] [[354483451272343]] [[354483441272344]]
[[354483531272335]] [[354483521272336]] [[354483527939002]] [[354483524605669]] [[354483517939003]]
[[354483617938993]] [[354483611272327]] [[354483621272326]] [[354483614605660]] [[354483627938992]]
[[354483704605651]] [[354483707938984]] [[354483701272318]] [[354483714605650]] [[354483711272317]]
Cute Girl
[[288278597931514]] [[288278607931513]] [[288278601264847]] [[288278594598181]]
[[288278604598180]] [[288278711264836]] [[288278707931503]] [[288278714598169]]
[[288278717931502]] [[288278704598170]] [[288278841264823]] [[288278831264824]]
[[288278824598158]] [[288278834598157]] [[288278844598156]] [[288278991264808]]
[[288278987931475]] [[288279001264807]] [[288279007931473]] [[288279004598140]]
[[288279101264797]] [[288279104598130]] [[288279107931463]] [[288279111264796]]
Rajnikanth
[[357894360930447]] [[357894357597114]] [[357894350930448]]
[[357894354263781]] [[357894364263780]] [[357894470930436]]
[[357894477597102]] [[357894474263769]] [[357894467597103]]
[[357894484263768]] [[357894557597094]] [[357894544263762]]
[[357894554263761]] [[357894550930428]] [[357894547597095]]
[[357894634263753]] [[357894627597087]] [[357894630930420]]
Heart
[[379320338758329]] [[379320355424994]] [[379320348758328]] [[379320352091661]] [[379320345424995]] [[379320455424984]]
[[379320448758318]] [[379320452091651]] [[379320445424985]] [[379320442091652]] [[379320525424977]] [[379320518758311]]
[[379320512091645]] [[379320522091644]] [[379320515424978]] [[379320602091636]] [[379320612091635]] [[379320605424969]]
[[379320598758303]] [[379320608758302]] [[379320702091626]] [[379320705424959]] [[379320692091627]] [[379320695424960]]
[[379320698758293]] [[379320778758285]] [[379320775424952]] [[379320788758284]] [[379320785424951]] [[379320782091618]]
[[379320872091609]] [[379320875424942]] [[379320865424943]] [[379320862091610]] [[379320868758276]]
Mr. Bean
[[255016264574238]] [[255016271240904]] [[255016277907570]]
[[255016267907571]] [[255016274574237]] [[255016384574226]]
[[255016387907559]] [[255016394574225]] [[255016401240891]]
[[255016391240892]] [[255016464574218]] [[255016454574219]]
[[255016457907552]] [[255016461240885]] [[255016451240886]]
[[255016537907544]] [[255016531240878]] [[255016534574211]]
[[255016541240877]] [[255016527907545]] [[255016634574201]]
Jack Sparrow
[[298356520217565]] [[298356516884232]] [[298356506884233]] [[298356510217566]]
[[298356513550899]] [[298356620217555]] [[298356606884223]] [[298356616884222]]
[[298356610217556]] [[298356613550889]] [[298356673550883]] [[298356676884216]]
[[298356666884217]] [[298356680217549]] [[298356670217550]] [[298356740217543]]
[[298356733550877]] [[298356743550876]] [[298356730217544]] [[298356736884210]]
[[298356823550868]] [[298356810217536]] [[298356820217535]] [[298356826884201]]
[[298356813550869]] [[298356906884193]] [[298356896884194]] [[298356900217527]]
[[298356903550860]] [[298356893550861]] [[298356950217522]] [[298356946884189]]
Superman
[[299528860107644]] [[299528863440977]] [[299528866774310]] [[299528856774311]]
[[299528870107643]] [[299528950107635]] [[299528943440969]] [[299528946774302]]
[[299528953440968]] [[299528956774301]] [[299529013440962]] [[299529016774295]]
[[299529010107629]] [[299529003440963]] [[299529006774296]] [[299529060107624]]
[[299529063440957]] [[299529066774290]] [[299529070107623]] [[299529073440956]]
[[299529173440946]] [[299529183440945]] [[299529180107612]] [[299529176774279]]
[[299529186774278]] [[299529243440939]] [[299529236774273]] [[299529240107606]]
Emlo
[[302117289844540]] [[302117283177874]] [[302117276511208]] [[302117279844541]] [[302117286511207]] [[302117366511199]]
[[302117369844532]] [[302117373177865]] [[302117383177864]] [[302117379844531]] [[302117426511193]] [[302117436511192]]
[[302117429844526]] [[302117423177860]] [[302117433177859]] [[302117523177850]] [[302117529844516]] [[302117526511183]]
[[302117536511182]] [[302117533177849]] [[302117606511175]] [[302117596511176]] [[302117599844509]] [[302117593177843]]
[[302117603177842]] [[302117646511171]] [[302117649844504]] [[302117659844503]] [[302117656511170]] [[302117653177837]]
[[302117706511165]] [[302117703177832]] [[302117699844499]] [[302117709844498]] [[302117696511166]] [[302117749844494]]
Troll Face
[[242538225822042]] [[242538222488709]] [[242538232488708]] [[242538219155376]] [[242538229155375]] [[242538339155364]]
[[242538335822031]] [[242538342488697]] [[242538345822030]] [[242538349155363]] [[242538392488692]] [[242538395822025]]
[[242538399155358]] [[242538402488691]] [[242538405822024]] [[242538475822017]] [[242538472488684]] [[242538489155349]]
[[242538492488682]] [[242538485822016]] [[242538562488675]] [[242538565822008]] [[242538569155341]] [[242538575822007]]
[[242538572488674]] [[242538612488670]] [[242538625822002]] [[242538619155336]] [[242538622488669]] [[242538615822003]]
[[242538675821997]] [[242538682488663]] [[242538672488664]] [[242538679155330]] [[242538685821996]] [[242538742488657]]
Mask
[[255006724575192]] [[255006727908525]] [[255006737908524]] [[255006734575191]] [[255006731241858]]
[[255006827908515]] [[255006831241848]] [[255006824575182]] [[255006817908516]] [[255006821241849]]
[[255006874575177]] [[255006871241844]] [[255006884575176]] [[255006877908510]] [[255006881241843]]
[[255006934575171]] [[255006931241838]] [[255006941241837]] [[255006944575170]] [[255006937908504]]
[[255007004575164]] [[255007001241831]] [[255006994575165]] [[255006997908498]] [[255006991241832]]
[[255007084575156]] [[255007101241821]] [[255007077908490]] [[255007091241822]] [[255007081241823]]
Web-Beacon or Web Bug
Web-Beacon or Web Bug
What are Web Beacons (also known as Web Bugs) and Clear GIFs?
Web-Beacon Also called a Web bug or a pixel tag or a clear GIF. Used in combination with cookies, a Web beacon is an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a Web site or in an e-mail that is used to monitor the behavior of the user visiting the Web site or sending the e-mail. When the HTML code for the Web beacon points to a site to retrieve the image, at the same time it can pass along information such as the IP address of the computer that retrieved the image, the time the Web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values.
Web beacons are typically used by a third-party to monitor the activity of a site. A Web beacon can be detected by viewing the source code of a Web page and looking for any IMG tags that load from a different server than the rest of the site. Turning off the browser's cookies will prevent Web beacons from tracking the user's activity. The Web beacon will still account for an anonymous visit, but the user's unique information will not be recorded.
Why are they invisible images?
Clear GIFs are invisible because they record specific activity on a website or web page rather than deliver content. If visible images were sent to your browser they would clutter up the requested page with irrelevant content.
How do Web Beacons work?
On web pages
Web bugs are typically used by third parties to monitor the activity of customers at a site.
As an example of the way web bugs can make user logging easier, consider a company that owns a network of sites. This company may have a network that requires all images to be stored on one host computer while the pages themselves are stored elsewhere. They could use web bugs in order to count and recognize users traveling around the different servers on the network. Rather than gathering statistics and managing cookies on all their servers separately, they can use web bugs to keep them all together.
In e-mail
Web bugs are frequently used in spamming (sending unsolicited commercial e-mail) as a way of "pinging" to find which spam recipients open (and presumably read) before deleting it.
Tracking in e-mail can be disabled by:
Many web bugs can be avoided by turning off HTML display and displaying only the text.
Turning off the display of images while still using HTML may still allow other techniques to be used.
Web beacons are used by website owners to log activity on their web pages and websites. Their purpose depends on what a site wants to understand about how visitors interact with pages. To see the demonstration how web beacons work,CLICK HERE.
Why do websites use Web Beacons?
Web beacons are used by website owners to log activity on their web pages and websites. Their purpose depends on what a site wants to understand about how visitors interact with pages.
- Using web beacons site identify:
- Which online ads attracted visitors to the site.
- Which of those visitors then visited their online store.
- Which of those visitors then ordered goods.
- The sales values of those orders.
How can I block web beacons from executing in my browser (Firefox, Opera, Google Chrome)?
Tracking on web pages can be disabled using a number of techniques.
Turning off a browser's cookies can prevent some web bugs from tracking a customer's specific activity. The web site logs will still record a page request from the customer's IP address, but unique information associated with a cookie cannot be recorded.
However, web site server techniques that do not use cookies can be employed to help track a site's cookie-blocking users. For example, a web site can identify a request from a new visitor and send that visitor links that pass a unique ID as a GET parameter.
Browser add-ons and extensions can be used. For example, the Ghostery add-on analyzes Java Script to detect trackers, web bugs, pixels, and beacons
Gifs cannot contain executable code or javascript. The images themselves have nothing to do with it.
If you want to block ALL javascripts completely, you can download the NoScript plugin. This blocks everything and I mean EVERYTHING, and you can manually allow websites that you use: http://noscript.net/ It's simple to use, nonintrusive, safe, and very effective.
You could also just block flash advertisements that can contain javascripts. Advertisements many times are the causes of viruses. First of all, installed a popup blocker or turn yours on - Firefox has one by default. Install AdBlock Plus, which blocks advertisements from showing up on all websites. You can manually allow or disallow new ones as well: https://addons.mozilla.org/en-US/firefox…
If you want to block ALL javascripts completely, you can download the NoScript plugin. This blocks everything and I mean EVERYTHING, and you can manually allow websites that you use: http://noscript.net/ It's simple to use, nonintrusive, safe, and very effective.
You could also just block flash advertisements that can contain javascripts. Advertisements many times are the causes of viruses. First of all, installed a popup blocker or turn yours on - Firefox has one by default. Install AdBlock Plus, which blocks advertisements from showing up on all websites. You can manually allow or disallow new ones as well: https://addons.mozilla.org/en-US/firefox…
Cookie Stealing by Cross Site Scripting Tutorial
An article on cookie stealing, using XSS.
In this tutorial I'll try to explain the procedure of cookie stealing through XSS in a few simple steps.
Step one: Finding a XSS vulnerability
How to Prevent Cookie Stealing
1. The easiest way to prevent someone from stealing your cookies is to watch the links you click. Check the URL address of the website it is trying to take you to. If you don't know it, don't trust it. A good thing to look for is the structure of the URL. The cookie stealing scenarios will be run from a free sub domain. To hide the link they will try to make it look like the web address of the site that they are putting the malicious link on. So say you came across a cookie stealer on Myspace. They will most likely form a sub domain that looks something like this. Www.myspace.freehost.com. At a glance you will just see the Myspace and think everything's good. It is very important that you watch for things like this. 2. The only real method that you need to follow other than the one above is too clear your cookies after every session. If a Trojan at any point somehow infects you then you most likely have some kind of backdoor on your computer that you don't even understand. This is a free pass for hackers to welcome themselves in. All they need to do once there in copy all the files in your cookie folder to their computer and start cracking. Nevertheless, if you make it a habit to delete these cookies at the close of every session then there is nothing for the hacker to steal (as far as cookies go, that is).
All About Cookies and Security
Introduction
I've seen so many hacking tutorials about XSS, SQL injection, and many topics along those lines, but I've seen very little dealing with cookies as potential attack vectors or security risks. h4x0r and I were talking a little while back, and it was decided that I would write a tutorial to fill that void. So here it is, all about cookies. What they are, how they're used, the security risks they can present, and how they can be exploited.
Note: Keep in mind that this tutorial was written with the same disclaimer as most others... it's for educational purposes only, use this information to secure your website, not break the law, etc.
OK, so now that we got that out of the way, let's get started!
What are cookies and how are they used by websites and web admins?
Cookies identify you to the site. They store settings about your customized look and feel for the pages you view, your username and encrypted password or user id, who referred you to the site, profile preferences, and just about any kind of information the admins want them to store to customize your user experience. Cookies are most commonly used to give you access to login protected pages once you've entered your information, identify you in content that you change on the site (forum posts or article comments, for example), tell the administrators how you found the site, and more. Again, cookies will function as their creators have written them to function. This sounds like a simple, obvious statement, but it can't be overlooked. We'll see why later.
So what are the effects if cookies are manipulated?
Insecure cookies can be changed to allow you access to protected pages (ex admin), change your user id to impersonate other users, etc. Up until now, this tutorial has been all theoretical information, so how about a little real-life application now?
I remember testing a website whose admin knew very little about security. The website worked like this: the user would log in and the site would check the username and password combination. If they were correct, then the site would give the user a cookie containing their user id (ex: 1428) to identify them to the site for the remainder of their session, their username to be displayed on the content they changed (ex: fourthdimension), and some other miscellaneous info like local time, referrer, etc. Like I mentioned earlier, sites will only use cookies as well as their administrator created them to. Are you beginning to see what could happen if administrators use cookies insecurely like this one did? If not, you will in a few minutes. The minute I saw my cookie and understood how the site used it, I knew the site was mine. The first thing I did was fool around with changing the value of my username. Sure enough, when I posted comments on the site, the comment author fields displayed whatever I had just changed my cookie's username value to. Well, that was fun, but not very useful unless I wanted to use it for phishing or social engineering, none of which were objectives in this test, so I decided to take note of it in my report and move on. What about the user id field? Like I said, the site would check for a valid username/pass combo ONCE, when the user logged in. After that, it relied on the cookie to tell it who the user was. That made the user id field a pretty promising field to change if I want to escalate my privileges on the site or control other users' accounts. Sure enough, as I changed the user id, I would change who I was logged in as. (Note that the display name didn't change because that was stored seperately as I mentioned earlier, but all the user info and preferences, etc changed, so I was sure that it worked.) Working on the assumption that the user id wasn't a randomly generated number but actually the member number assigned by the order of registration, I decided to try for the admin's account, which would have the user id of 1 or 0001 or something along those lines. After a few minutes of tweaking that logic, I was logged in as the site administrator. After finding a few more errors (xss, php validation, etc) I sent him the report. So now do you see how powerful changing your cookie can be if site administrators don't user secure cookies or use their cookies securely? I didn't even need to know the admin's username or password, and since there were no visible attacks on the site, there was nothing to raise anyone's suspiscion. Cookies can be usefull tools when used correctly by web admins, but powerfull attack vectors to be exploited when used incorrectly.
So now that you understand the theory and applications of cookies, you're probably wondering how you can edit them on your own. There are many ways to change cookies, such as javascript injections, dozens of firefox addons, etc. My favorite way is by using a firefox addon called Firecookie, which is actually an extension to another firefox addon, firebug. You can download them from mozilla's official addon site (firebug must be installed first):
Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843
Firecookie: https://addons.mozilla.org/en-US/firefox/addon/6683
If you don't have firefox, get firefox. Now that you have them installed, I'll give you a quick guide to editing cookies with them. There's a lot more you can do with firebug, so I'd encourage you to look at some tutorials for its other features as well, like editing pages' source code on the fly with its Inspect feature. That aside, back to editing cookies. Click the firebug icon on the bottom right of your firefox window. Now click on the Cookies tab at the top of the window that pulls up. Fill in the checkbox for Cookies and click apply. Click OK on any windows that pop up about resending data. Now you should see a listing of the cookie field and values, among other things. Right click on the field you want to change and click edit. Change the value field to whatever you want. You may need to change the session only check box or the expiration date to get the cookie to stay once the page has refreshed, depending on the page. Once you've changed the value, refresh the page. If you still see your cookie in the firecookie window, then your cookie is in effect. If not, you may need to play with some of the settings as I mentioned earlier.
14.7.11
How To Browse Forums Without Logging -Googlebot
How To Browse Forums Without Logging -Googlebot
Googlebot
Googlebot is Google's web crawling bot (sometimes also called a "spider"). Crawling is the process by which Googlebot discovers new and updated pages to be added to the Google index.
Googlebot use a huge set of computers to fetch (or "crawl") billions of pages on the web. Googlebot uses an algorithmic process: computer programs determine which sites to crawl, how often, and how many pages to fetch from each site.
Googlebot's crawl process begins with a list of webpage URLs, generated from previous crawl processes and augmented with Sitemap data provided by webmasters. As Googlebot visits each of these websites it detects links (SRC and HREF) on each page and adds them to its list of pages to crawl. New sites, changes to existing sites, and dead links are noted and used to update the Google index.
How Googlebot accesses your site
For most sites, Googlebot shouldn't access your site more than once every few seconds on average. However, due to network delays, it's possible that the rate will appear to be slightly higher over short periods. In general, Googlebot should download only one copy of each page at a time. If you see that Googlebot is downloading a page multiple times, it's probably because the crawler was stopped and restarted.
Googlebot was designed to be distributed on several machines to improve performance and scale as the web grows. Also, to cut down on bandwidth usage, we run many crawlers on machines located near the sites they're indexing in the network. Therefore, your logs may show visits from several machines at google.com, all with the user-agent Googlebot. Our goal is to crawl as many pages from your site as we can on each visit without overwhelming your server's bandwidth. Request a change in the crawl rate.
How To Browse Forums Without Logging -Googlebot
Visit any forum or website to find something useful and they will ask you to register.
All websites and forums will block unregistered users, but they won’t block Google Bot. What we will do is to switch our User Agent to that of Google Bot and freely browse any website orforum without registering.
First grab the User Agent Switcher add-on for Firefox called ‘user agent’ here and install it.
Now go to Tools > User Agent Switcher > Options and then again to Options.
Select User Agent from the left sidebar and click Add. Now in the description field type:
crawl-66-249-66-1.googlebot.com
and in user agent field type:
Googlebot/2.1 (+What is Googlebot? - Webmaster Tools Help)
as shown in the screenshot below.
Select Google Bot as your User Script by going to Tools > User Agent Switcher.
Now browse any website or forum without registering.
Sunday, December 12, 2010
How to Track Stolen Laptops With a .mac or IP Address
Computrace LoJack for Laptops states that more than 600,000 personal computers are stolen each year. When a laptop disappears at an airport or coffee shop, the greatest chance of recovery comes from preplanning. Installation of antitheft software offers more protection than trying to track stolen laptops with a .mac or IP address. Protect expensive equipment, personal information and confidential data by practicing prevention.
Instructions
- Things You'll Need:
- Tracking software
- How to Track a Stolen Laptop With a .mac Address
Things You'll Need:
1
Notify your network administrator of the theft. Locating a stolen laptop using a .mac address isn't possible unless the thief gets on the same LAN. This makes recovery unlikely with the exception of a computer used on a college network. The likelihood is much higher if the thief is a student who will log on to the university network with the stolen laptop. In such a case, let the network administrator know of the theft. Supply the .mac address and the network administrator can watch for the laptop to log on to the network.
2
Forget about tracking a stolen laptop over the Internet using a .mac address. Tracking a stolen laptop using a .mac address is not possible over the World Wide Web. This second-level information is not passed through the router to the third-level ISP (Internet service provider).
3
Increase your chances of recovery by preinstalling antitheft software that "phones home" to a service provider or open source software such as Adeona. This allows the original owner to gain IP address information without contracting with a third party such as LoJack.
How to Track a Stolen Laptop With an IP Address
How to Track a Stolen Laptop With an IP Address
1
Contact your ISP (Internet service provider) to see if the thief has accessed the Internet using your service. The ISP issues a location-specific IP address when a computer accesses the Internet. If the owner of a stolen laptop obtains an IP address assigned to her computer since the theft, then the police can track its location.
2
Investigate whether programs such as Yahoo! Messenger or email software that automatically logs on at boot-up are still being accessed. Contact the service provider with appropriate police report documentation and a subpoena to obtain a recent IP address for a stolen laptop.
3
Install Antitheft Software to Track a Stolen Laptop IP Address
Use preinstalled antitheft clients to obtain a recent IP address for the stolen laptop. Supply the IP information to law enforcement.
Install Antitheft Software to Track a Stolen Laptop IP Address
1
Contract with a third party for antitheft protection. Computrace LoJack for Laptops offers a three-year antitheft guarantee for its software. Buyers subscribe to a service that uses installed BIOS firmware to track a stolen computer and supply recovery information to the police. Computrace LoJack claims to recover three out of four stolen laptops using its service.
2
Download and install an open source antitheft client. Adeona is a university-developed open source alternative to tracking services. There is no charge to install the software, which monitors and stores location data. Adeona claims superior privacy protection, as only the owner is able to access location data.
3
Check manufacturer service plans for theft protection details or call customer support. Some computer manufacturers, such as Dell, offer tracking, recovery and data deletion for stolen laptops.
Track a Stolen Laptopwww.LoJackForLaptops.com
Track Down Your Stolen Laptop LoJack for Laptops. Official Site.
Intel Anti-Theft SecurityIntel.com/AntiTheft
Learn How Advanced Features Make PC Security More Intelligent Than Ever
IP Management Toolwww.Netcordia.com
Automate Network Change & Configuration, Try NetMRI for Free.
SONY VAIO - Official Sitewww.SonyStyle.com/VAIO
Smart performance w/Intel® Core™ i7 processor laptops. Free shipping.
- Install tracking software on all laptops, as .mac addresses are rarely useful in recovery, and gaining a subpoena for an IP address is challenging.
- Third parties may access the tracking information recorded by services such as Computrace LoJack to moniter a laptop owner's movements.
Subscribe to:
Posts (Atom)