One of the most sophisticated types of attacks that threaten our digital landscape is Cross-Site Request Forgery (CSRF).

According to the Open Web Application Security Project (OWASP), CSRF vulnerabilities are among the top 10 most critical web application security risks.

Let’s explore what CSRF attacks are, how they work, and the preventative steps that browsers and websites can take to tackle them.

A CSRF attack is an ingenious form of web exploit where an attacker tricks a victim’s browser into performing an unwanted action on a website where the victim is authenticated.

A sobering statistic from Imperva’s Cyber Threat Index indicates that CSRF attacks accounted for almost 5% of all application layer attacks in 2022.

Here’s a simple example: Let’s say you’re logged into your bank’s website, and you’ve left it open in a tab. You visit another website in a new tab, which is under the control of a nefarious actor.

This site forces your browser to send a request to your bank’s website to transfer money without your knowledge or consent. This is a CSRF attack.

How CSRF Attacks Happen

Unlike many other types of attacks that rely on stealing user credentials, CSRF attacks exploit the trust a website has in a user’s browser.

They manipulate the victim into performing actions they didn’t intend to, leading to potential data loss, corruption, or unauthorized changes.

Disturbingly, the 2022 Norton Cyber Security Insights Report showed that 1 in 4 online users globally have been victims of a form of CSRF attacks.

To carry out a CSRF attack, an attacker needs to create a malicious website or email that generates forged HTTP requests. The victim’s browser sends these requests to the targeted website, which can’t differentiate between these forged requests and legitimate ones.

The attacker can then ride the authenticated session of the user.

Preventing CSRF Attacks: The Role of Browsers and Websites

Preventing CSRF attacks is a shared responsibility between web developers and browser manufacturers. A robust understanding and application of browser security are paramount.

The Website’s Responsibility

Websites can guard against CSRF attacks through various measures. They can generate and verify tokens for each session or use the ‘SameSite’ cookie attribute, which allows cookies to be sent only when the request originates from the same site that set the cookie.

The use of CAPTCHA can also help in mitigating CSRF attacks. According to Google, implementing reCAPTCHA blocked 99.9% of automated software-based CSRF attacks on their platforms.

The Browser’s Responsibility

Browsers play a crucial role in mitigating CSRF attacks. They can warn users about suspicious websites, provide visual cues about the security level of websites, and use better cookie controls.

For instance, browsers are now implementing features such as HTTPOnly and Secure cookies that prevent cross-domain requests.

Empowering Individual Users Against CSRF

Ultimately, the prevention of CSRF attacks also lies in the hands of individual users.

Practicing caution when clicking on suspicious links, logging out of sensitive websites when not in use, and regularly updating the browser can significantly reduce the risk of CSRF attacks.

According to a study by the Pew Research Center, approximately 64% of online adults have become more cautious in their online activities due to cybersecurity threats. This is a clear testament to increasing cybersecurity awareness among internet users.

The Future of CSRF

Research indicates that CSRF attacks are likely to increase in the future. This makes ongoing advancements in browser security and web development crucial in maintaining a safe digital environment.

By prioritizing secure coding practices, understanding and implementing advanced CSRF prevention techniques, and continuously educating users about these types of threats, we can create a safer online ecosystem.

Remember, cybersecurity is not a destination but an ongoing journey that requires diligence, knowledge, and adaptability.

The post Cross-Site Request Forgery (CSRF) Attacks: An Emerging Threat to Browser Security appeared first on Tech Chronicles.

Disclaimer: This tool is limited to security research only, and the user assumes all legal and related responsibilities arising from its use! The author assumes no legal responsibility!

https://github.com/moonD4rk/HackBrowserData

Supported Browser

Windows

Browser	Password	Cookie	Bookmark	History
Google Chrome
Google Chrome Beta
Chromium
Microsoft Edge
360 Speed
QQ
Brave
Opera
OperaGX
Vivaldi
Yandex
CocCoc
Firefox
Firefox Beta
Firefox Dev
Firefox ESR
Firefox Nightly
Internet Explorer

MacOS

Based on Apple’s security policy, some browsers require a current user password to decrypt.

Browser	Password	Cookie	Bookmark	History
Google Chrome
Google Chrome Beta
Chromium
Microsoft Edge
Brave
Opera
OperaGX
Vivaldi
Yandex
CocCoc
Firefox
Firefox Beta
Firefox Dev
Firefox ESR
Firefox Nightly
Safari

Linux

Browser	Password	Cookie	Bookmark	History
Google Chrome
Google Chrome Beta
Chromium
Microsoft Edge Dev
Brave
Opera
Vivaldi
Firefox
Firefox Beta
Firefox Dev
Firefox ESR
Firefox Nightly

Install

Installation of HackBrowserData is dead-simple, just download the release for your system and run the binary.

In some situations, this security tool will be treated as a virus by Windows Defender or other antivirus software and can not be executed. The code is all open source, you can modify and compile by yourself.

Building from source

support go 1.14+

git clone https://github.com/moonD4rk/HackBrowserData

cd HackBrowserData

go build

Cross compile

Need to install target OS’s gcc library, here’s an example of the use Mac building for Windows and Linus

Windows

brew install mingw-w64

CGO_ENABLED=1 GOOS=windows GOARCH=amd64 CC="x86_64-w64-mingw32-gcc" go build

Linux

brew install FiloSottile/musl-cross/musl-cross

CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++ GOARCH=amd64 GOOS=linux CGO_ENABLED=1 go build -ldflags "-linkmode external -extldflags -static"

Run

You can double-click to run, or use the command line.

PS C:\test> .\hack-browser-data.exe -h
NAME:
   hack-browser-data - Export passwords/cookies/history/bookmarks from browser
USAGE:
   [hack-browser-data -b chrome -f json -dir results -cc]
   Get all data(password/cookie/history/bookmark) from chrome
VERSION:
   0.3.7

GLOBAL OPTIONS:
   --verbose, --vv                     verbose (default: false)
   --compress, --cc                    compress result to zip (default: false)
   --browser value, -b value           available browsers: all|opera|firefox|chrome|edge (default: "all")
   --results-dir value, --dir value    export dir (default: "results")
   --format value, -f value            format, csv|json|console (default: "csv")
   --profile-dir-path value, -p value  custom profile dir path, get with chrome://version
   --key-file-path value, -k value     custom key file path
   --help, -h                          show help (default: false)
   --version, -v                       print the version (default: false)

PS C:\test>  .\hack-browser-data.exe -b all -f json --dir results -cc
[x]:  Get 44 cookies, filename is results/microsoft_edge_cookie.json
[x]:  Get 54 history, filename is results/microsoft_edge_history.json
[x]:  Get 1 passwords, filename is results/microsoft_edge_password.json
[x]:  Get 4 bookmarks, filename is results/microsoft_edge_bookmark.json
[x]:  Get 6 bookmarks, filename is results/360speed_bookmark.json
[x]:  Get 19 cookies, filename is results/360speed_cookie.json
[x]:  Get 18 history, filename is results/360speed_history.json
[x]:  Get 1 passwords, filename is results/360speed_password.json
[x]:  Get 12 history, filename is results/qq_history.json
[x]:  Get 1 passwords, filename is results/qq_password.json
[x]:  Get 12 bookmarks, filename is results/qq_bookmark.json
[x]:  Get 14 cookies, filename is results/qq_cookie.json
[x]:  Get 28 bookmarks, filename is results/firefox_bookmark.json
[x]:  Get 10 cookies, filename is results/firefox_cookie.json
[x]:  Get 33 history, filename is results/firefox_history.json
[x]:  Get 1 passwords, filename is results/firefox_password.json
[x]:  Get 1 passwords, filename is results/chrome_password.json
[x]:  Get 4 bookmarks, filename is results/chrome_bookmark.json
[x]:  Get 6 cookies, filename is results/chrome_cookie.json
[x]:  Get 6 history, filename is results/chrome_history.json
[x]:  Compress success, zip filename is results/archive.zip

Run with custom browser profile path

PS C:\Users\User\Desktop> .\hack-browser-data.exe -b edge -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default' -k 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Local State'

[x]:  Get 29 history, filename is results/microsoft_edge_history.csv
[x]:  Get 0 passwords, filename is results/microsoft_edge_password.csv
[x]:  Get 1 credit cards, filename is results/microsoft_edge_credit.csv
[x]:  Get 4 bookmarks, filename is results/microsoft_edge_bookmark.csv
[x]:  Get 54 cookies, filename is results/microsoft_edge_cookie.csv


PS C:\Users\User\Desktop> .\hack-browser-data.exe -b edge -p 'C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default'

[x]:  Get 1 credit cards, filename is results/microsoft_edge_credit.csv
[x]:  Get 4 bookmarks, filename is results/microsoft_edge_bookmark.csv
[x]:  Get 54 cookies, filename is results/microsoft_edge_cookie.csv
[x]:  Get 29 history, filename is results/microsoft_edge_history.csv
[x]:  Get 0 passwords, filename is results/microsoft_edge_password.csv

The post HackBrowserData – Decrypt passwords/cookies/history/bookmarks from the browser appeared first on Tech Chronicles.

Repeatable Testing and Conduct a serious method One of the Best Method conduct Web Application Penetration Testing for all kind of web application vulnerabilities.

Web Application Penetration Testing Checklist

Information Gathering

1. Retrieve and Analyze the robot.txt files by using a tool called GNU Wget.

2. Examine the version of the software. database Details, the error technical component, bugs by the error codes by requesting invalid pages.

3. Implement techniques such as DNS inverse queries, DNS zone Transfers, web-based DNS Searches.

4. Perform Directory style Searching and vulnerability scanning, Probe for URLs, using tools such as NMAP and Nessus.

5. Identify the Entry point of the application using Burp Proxy, OWSAP ZAP, TemperIE, WebscarabTemper Data.

6. By using traditional Fingerprint Tool such as Nmap, Amap, perform TCP/ICMP and service Fingerprinting.

7. By Requesting Common File Extension such as.ASP,EXE, .HTML, .PHP ,Test for recognized file types/Extensions/Directories.

8. Examine the Sources code From the Accessing Pages of the Application front end.

Authentication Testing

1. Check if it is possible to “reuse” the session after Logout.also check if the application automatically logs out a user has idle for a certain amount of time.

2. Check whether any sensitive information  Remain Stored stored in browser cache.

3. Check and try to Reset the password, by social engineering crack secretive questions and guessing.

4. Check if the “Remember my password” Mechanism is implemented by checking the HTML code of the login page.

5. Check if the hardware devices directly communicate and independently with authentication infrastructure using an additional communication channel.

6. Test CAPTCHA for authentication vulnerabilities presented or not.

7. Check whether any weak security questions/Answer are presented.

8. A successful SQL injection could lead to the loss of customer trust and attackers can steal phone numbers, addresses, and credit card details. Placing a web application firewall can filter out the malicious SQL queries in the traffic.

Authorization Testing

1. Test the Role and Privilege Manipulation to Access the Resources.

2. Test For Path Traversal by Performing input Vector Enumeration and analyze the input validation functions presented in the web application.

3. Test for cookie and parameter Tempering using web spider tools.

4. Test for HTTP Request Tempering and check whether to gain illegal access to reserved resources.

Configuration  Management Testing

1. Check directory and File Enumeration review server and application Documentation. also, check the infrastructure and application admin interfaces.

2. Analyze the Web server banner and Performing network scanning.

3. Check and verify the presence of old Documentation and Backup and referenced files such as source codes, passwords, installation paths.

4. Check and identify the ports associated with the SSL/TLS services using NMAP and NESSUS.

5. Review OPTIONS HTTP method using Netcat and Telnet.

6. Test for HTTP methods and XST for credentials of legitimate users.

7. Perform application configuration management test to review the information of the source code, log files and default Error Codes.

Session Management Testing

1. Check the URL’s in the Restricted area to Test for Cross sight Request Forgery.

2. Test for Exposed Session variables by inspecting Encryption and reuse of session token, Proxies and caching, GET&POST.

3. Collect a sufficient number of cookie samples and analyze the cookie sample algorithm and forge a valid Cookie in order to perform an Attack.

4. Test the cookie attribute using intercept proxies such as Burp Proxy, OWASP ZAP, or traffic intercept proxies such as Temper Data.

5. Test the session Fixation, to avoid seal user session.(session Hijacking )

Data Validation Testing

1. Performing Sources code Analyze for javascript Coding Errors.

2. Perform Union Query SQL injection testing, standard SQL injection Testing, blind  SQL query Testing, using tools such as sqlninja,sqldumper,sql power injector .etc.

3. Analyze the HTML Code, Test for stored XSS, leverage stored XSS, using tools such as XSS proxy, Backframe, Burp Proxy, OWASP, ZAP, XSS Assistant.

4. Perform LDAP injection testing for sensitive information about users and hosts.

5. Perform IMAP/SMTP injection Testing for Access the Backend Mail server.

6. Perform XPATH Injection Testing for Accessing the confidential information

7. Perform XML injection testing to know information about XML Structure.

8. Perform Code injection testing to identify input validation Error.

9. Perform Buffer Overflow testing for Stack and heap memory information and application control flow.

10. Test for HTTP Splitting and smuggling for cookies and HTTP redirect information.

Denial of Service Testing

1. Send Any Large number of Requests that perform database operations and observe any Slowdown and  New Error Messages.

2.Perform manual source code analysis and submit a range of input varying lengths to the applications

3. Test for SQL wildcard attacks for application information testing. Enterprise Networks should choose the best DDoS Attack prevention services to ensure the DDoS attack protection and prevent their network

4. Test for User specifies object allocation whether a maximum number of object that application can handle.

5. Enter Extreme Large number of the input field used by the application as a Loop counter. Protect website from future attacks Also Check your Companies DDOS Attack Downtime Cost.

6. Use a script to automatically submit an extremely long value for the server can be logged the request.

The post Web Application Penetration Testing Checklist – A Detailed Cheat Sheet appeared first on Tech Chronicles.

The “what” and “why” of open source

So you’re thinking about getting started with open source? Congratulations! The world appreciates your contribution. Let’s talk about what open source is and why people do it.

What does “open source” mean?

When a project is open source, that means anybody is free to use, study, modify, and distribute your project for any purpose. These permissions are enforced through an open source license.

Open source is powerful because it lowers the barriers to adoption and collaboration, allowing people to spread and improve projects quickly. Also because it gives users a potential to control their own computing, relative to closed source. For example, a business using open source software has the option to hire someone to make custom improvements to the software, rather than relying exclusively on a closed source vendor’s product decisions.

Free software refers to the same set of projects as open source. Sometimes you’ll also see these terms combined as “free and open source software” (FOSS) or “free, libre, and open source software” (FLOSS). Free and libre refer to freedom, not price.

Why do people open source their work?

There are many reasons why a person or organization would want to open source a project. Some examples include:

• Collaboration: Open source projects can accept changes from anybody in the world. Exercism, for example, is a programming exercise platform with over 350 contributors.
• Adoption and remixing: Open source projects can be used by anyone for nearly any purpose. People can even use it to build other things. WordPress, for example, started as a fork of an existing project called b2.
• Transparency: Anyone can inspect an open source project for errors or inconsistencies. Transparency matters to governments like Bulgaria or the United States, regulated industries like banking or healthcare, and security software like Let’s Encrypt.

Open source isn’t just for software, either. You can open source everything from data sets to books. Check out GitHub Explore for ideas on what else you can open source.

Does open source mean “free of charge”?

One of open source’s biggest draws is that it does not cost money. “Free of charge”, however, is a byproduct of open source’s overall value.

Because an open source license requires that anyone can use, modify, and share your project for nearly any purpose, projects themselves tend to be free of charge. If the project cost money to use, anyone could legally make a copy and use the free version instead.

As a result, most open source projects are free, but “free of charge” is not part of the open source definition. There are ways to charge for open source projects indirectly through dual licensing or limited features, while still complying with the official definition of open source.

Should I launch my own open source project?

The short answer is yes, because no matter the outcome, launching your own project is a great way to learn how open source works.

If you’ve never open sourced a project before, you might be nervous about what people will say, or whether anyone will notice at all. If this sounds like you, you’re not alone!

Open source work is like any other creative activity, whether it’s writing or painting. It can feel scary to share your work with the world, but the only way to get better is to practice – even if you don’t have an audience.

If you’re not yet convinced, take a moment to think about what your goals might be.

Setting your goals

Goals can help you figure out what to work on, what to say no to, and where you need help from others. Start by asking yourself, why am I open sourcing this project?

There is no one right answer to this question. You may have multiple goals for a single project, or different projects with different goals.

If your only goal is to show off your work, you may not even want contributions, and even say so in your README. On the other hand, if you do want contributors, you’ll invest time into clear documentation and making newcomers feel welcome.

As your project grows, your community may need more than just code from you. Responding to issues, reviewing code, and evangelizing your project are all important tasks in an open source project.

While the amount of time you spend on non-coding tasks will depend on the size and scope of your project, you should be prepared as a maintainer to address them yourself or find someone to help you.

If you’re part of a company open sourcing a project, make sure your project has the internal resources it needs to thrive. You’ll want to identify who’s responsible for maintaining the project after launch, and how you’ll share those tasks with your community.

If you need a dedicated budget or staffing for promotion, operations and maintaining the project, start those conversations early.

Contributing to other projects

If your goal is to learn how to collaborate with others or understand how open source works, consider contributing to an existing project. Start with a project that you already use and love. Contributing to a project can be as simple as fixing typos or updating documentation.

Launching your own open source project

There is no perfect time to open source your work. You can open source an idea, a work in progress, or after years of being closed source.

Generally speaking, you should open source your project when you feel comfortable having others view, and give feedback on, your work.

No matter which stage you decide to open source your project, every project should include the following documentation:

• Open source license
• README
• Contributing guidelines

As a maintainer, these components will help you communicate expectations, manage contributions, and protect everyone’s legal rights (including your own). They significantly increase your chances of having a positive experience.

If your project is on GitHub, putting these files in your root directory with the recommended filenames will help GitHub recognize and automatically surface them to your readers.

Choosing a license

An open source license guarantees that others can use, copy, modify, and contribute back to your project without repercussions. It also protects you from sticky legal situations. You must include a license when you launch an open source project.

Legal work is no fun. The good news is that you can copy and paste an existing license into your repository. It will only take a minute to protect your hard work.

MIT, Apache 2.0, and GPLv3 are the most popular open source licenses, but there are other options to choose from.

When you create a new project on GitHub, you are given the option to select a license. Including an open source license will make your GitHub project open source.

If you have other questions or concerns around the legal aspects of managing an open source project, we’ve got you covered.

Writing a README

READMEs do more than explain how to use your project. They also explain why your project matters, and what your users can do with it.

In your README, try to answer the following questions:

• What does this project do?
• Why is this project useful?
• How do I get started?
• Where can I get more help, if I need it?

You can use your README to answer other questions, like how you handle contributions, what the goals of the project are, and information about licenses and attribution. If you don’t want to accept contributions, or your project is not yet ready for production, write this information down.

Sometimes, people avoid writing a README because they feel like the project is unfinished, or they don’t want contributions. These are all very good reasons to write one.

For more inspiration, try using @dguo’s “Make a README” guide or @PurpleBooth’s README template to write a complete README.

When you include a README file in the root directory, GitHub will automatically display it on the repository homepage.

Writing your contributing guidelines

A CONTRIBUTING file tells your audience how to participate in your project. For example, you might include information on:

• How to file a bug report (try using issue and pull request templates)
• How to suggest a new feature
• How to set up your environment and run tests

In addition to technical details, a CONTRIBUTING file is an opportunity to communicate your expectations for contributions, such as:

• The types of contributions you’re looking for
• Your roadmap or vision for the project
• How contributors should (or should not) get in touch with you

Using a warm, friendly tone and offering specific suggestions for contributions (such as writing documentation, or making a website) can go a long way in making newcomers feel welcomed and excited to participate.

For example, Active Admin starts its contributing guide with:

First off, thank you for considering contributing to Active Admin. It’s people like you that make Active Admin such a great tool.

In the earliest stages of your project, your CONTRIBUTING file can be simple. You should always explain how to report bugs or file issues, and any technical requirements (like tests) to make a contribution.

Over time, you might add other frequently asked questions to your CONTRIBUTING file. Writing down this information means fewer people will ask you the same questions over and over again.

For more help with writing your CONTRIBUTING file, check out @nayafia’s contributing guide template or @mozilla’s “How to Build a CONTRIBUTING.md”.

Link to your CONTRIBUTING file from your README, so more people see it. If you place the CONTRIBUTING file in your project’s repository, GitHub will automatically link to your file when a contributor creates an issue or opens a pull request.

Establishing a code of conduct

Finally, a code of conduct helps set ground rules for behavior for your project’s participants. This is especially valuable if you’re launching an open source project for a community or company. A code of conduct empowers you to facilitate healthy, constructive community behavior, which will reduce your stress as a maintainer.

In addition to communicating how you expect participants to behave, a code of conduct also tends to describe who these expectations apply to, when they apply, and what to do if a violation occurs.

Much like open source licenses, there are also emerging standards for codes of conduct, so you don’t have to write your own. The Contributor Covenant is a drop-in code of conduct that is used by over 40,000 open source projects, including Kubernetes, Rails, and Swift. No matter which text you use, you should be prepared to enforce your code of conduct when necessary.

Paste the text directly into a CODE_OF_CONDUCT file in your repository. Keep the file in your project’s root directory so it’s easy to find, and link to it from your README.

Naming and branding your project

Branding is more than a flashy logo or catchy project name. It’s about how you talk about your project, and who you reach with your message.

Choosing the right name

Pick a name that is easy to remember and, ideally, gives some idea of what the project does. For example:

• Sentry monitors apps for crash reporting
• Thin is a fast and simple Ruby web server

If you’re building upon an existing project, using their name as a prefix can help clarify what your project does (for example, node-fetch brings window.fetch to Node.js).

Consider clarity above all. Puns are fun, but remember that some jokes might not translate to other cultures or people with different experiences from you. Some of your potential users might be company employees: you don’t want to make them uncomfortable when they have to explain your project at work!

Avoiding name conflicts

Check for open source projects with a similar name, especially if you share the same language or ecosystem. If your name overlaps with a popular existing project, you might confuse your audience.

If you want a website, Twitter handle, or other properties to represent your project, make sure you can get the names you want. Ideally, reserve those names now for peace of mind, even if you don’t intend to use them just yet.

Make sure that your project’s name doesn’t infringe upon any trademarks. A company might ask you to take down your project later on, or even take legal action against you. It’s just not worth the risk.

You can check the WIPO Global Brand Database for trademark conflicts. If you’re at a company, this is one of the things your legal team can help you with.

Finally, do a quick Google search for your project name. Will people be able to easily find your project? Does something else appear in the search results that you wouldn’t want them to see?

How you write (and code) affects your brand, too!

Throughout the life of your project, you’ll do a lot of writing: READMEs, tutorials, community documents, responding to issues, maybe even newsletters and mailing lists.

Whether it’s official documentation or a casual email, your writing style is part of your project’s brand. Consider how you might come across to your audience and whether that is the tone you wish to convey.

Using warm, inclusive language (such as “them”, even when referring to the single person) can go a long way in making your project feel welcoming to new contributors. Stick to simple language, as many of your readers may not be native English speakers.

Beyond how you write words, your coding style may also become part of your project’s brand. Angular and jQuery are two examples of projects with rigorous coding styles and guidelines.

It isn’t necessary to write a style guide for your project when you’re just starting out, and you may find that you enjoy incorporating different coding styles into your project anyway. But you should anticipate how your writing and coding style might attract or discourage different types of people. The earliest stages of your project are your opportunity to set the precedent you wish to see.

Your pre-launch checklist

Ready to open source your project? Here’s a checklist to help. Check all the boxes? You’re ready to go! Click “publish” and pat yourself on the back.

Documentation

Code

People

If you’re an individual:

If you’re a company or organization:

You did it!

Congratulations on open sourcing your first project. No matter the outcome, working in public is a gift to the community. With every commit, comment, and pull request, you’re creating opportunities for yourself and for others to learn and grow.

The post Starting an Open Source Project appeared first on Tech Chronicles.

The internet we usually use is only a fraction of the area we can access. With the emergence of the internet all around the world, more security solutions were introduced to make the website secure, as well as keeping the required information confidential from others. In the 1990’s, the US military introduced the concept of the Dark web, which is only accessible by using specific tools so that Google or other search engines do not index it. The need comes because of the sensitive nature of data the military has to share.

In 2000, the use of Darknet was available for everyone, and since then, everyone who wants to remain anonymous and not being tracked can use the Darkweb. Some of the search engines that are available for accessing Dark web are given below:

• The Hidden Wiki
• Not Evil
• HayStak
• DuckDuckGo

Access the Darknet via TOR Browser:

Now let’s talk about the Tor browser. So far, we know some of the search engines that can be used to access the dark web. But the question is that can we use any browser like Google Chrome or Firefox to use those search engines. The answer is NO. We need to use a specific browser that does not transfer any personal information from your system to the internet. Tor anonymizes the data by creating a series of routers called ‘onion routers.’ The data remains encrypted when it goes from one onion router to another router.

The figure above is a clear demonstration of the Tor network. All the routes are encrypted by the Onion router apart from the exit relay. Between these routes, no one can trace a person or see the actual data. The only possibility is that if a person can capture the traffic on the exit relay, but since the Tor network is anonymized so much, it cannot be predicted that which router is the exit relay.

Is Darkweb safe to use?

Since the dark web provides anonymity, it is widely used by cybercriminals, terrorists, military intelligence, hackers, and spammers. All the illegal activities, including trading of drugs, money laundering, weapons, etc. are done through the Darknet. Therefore, it is not safe for the children to use and access the Dark web since they might mistakenly access some unwanted things that can affect the children psychologically. It is recommended to parents that they must keep an eye on the child for any such activities. Regular users can browse the dark web for day to day activities if they are concerned about their privacy. However, accessing the suspicious URLs such as trading of drugs, etc. is not allowed by law and if caught, will be sent to prison.

Starting with TOR browser to surf anonymously:

To access the Dark web, we need to download the TOR browser, which is an open-source project by TOR, partially funded by the US government. TOR Browser can be downloaded from the following link:

• https://www.torproject.org/download/

After downloading and installing, we can see a similar interface to that of any normal browser we use. The search bar displays the message as “Search with DuckDuckGo” which is a default search engine in TOR browser.

Accessing hidden services

Dark web URL’s end with. onion as their top-level domain. Anything that ends with. onion is basically a hidden website only accessible via particular browsers such as TOR browser. Now let’s take a look at thehiddenwiki, which is a Wikipedia of onion sites.

• https://thehiddenwiki.org/

As shown above, it has links to all onion sites of all categories, including Blogging, social media platforms, marketplace financial, commercial services, PayPal, and many more.

We can copy any of these URLs and paste in TOR browser’s default search engine DuckDuckGo. To access the Facebook hidden service, use their. onion URL, and it will be accessed normally. It is to be noted that this URL won’t work with regular browsers.

The scary part of this is that criminals can use this platform to perform illegal activities such as renting a hacker as shown in the below screenshot. Therefore, it is very important to use it with special precautions to avoid any unlawful activities.

The internet we see is a very little part of the overall web. But it is also important to note that most of the internet is full of nasty things and illegal activities. Therefore, it is recommended that users, especially children, should stay away from the dark web.

The post How to Securely Access the Darkweb (Darknet)? appeared first on Tech Chronicles.