Learn Ethical Hacking

2021-08-29 19:16:35 What is the difference between the dark web vs. the deep web ?

- The terms "dark web" and "deep web" are often used interchangeably, but they are not the same. Rather, the dark web is a small, less accessible part of the deep web.

- Both the dark and deep web share one thing in common: Neither can be found in search engine results. The difference between them primarily lies in how their content is accessed. Deep web pages can be accessed by anyone with a standard web browser who knows the URL.

- Dark web pages, in contrast, require special software with the correct decryption key, as well as access rights and knowledge of where to find the content.

- If you imagine the web in three layers, at the very top would be the surface web, whose content is indexed by search engines like Google and Yahoo. Beneath it is the deep web, and then located underneath that is the dark web.

Share and Support

@HackingCraze Open / Comment

2021-08-27 09:17:34 Dark Web (Darknet)

- The dark web, also referred to as the darknet, is an encrypted portion of the internet that is not indexed by search engines and requires specific configuration or authorization to access.

- Although the dark web is sometimes portrayed as a domain frequented by criminal elements, it is also used by people who require privacy for entirely legal reasons, such as the exchange of proprietary business information or communication by political activists.

- Information may be exchanged through an encrypted peer-to-peer (P2P) network connection or by using an overlay network, such as the Tor browser. The anonymity that these networks provide has contributed to the dark web's reputation for housing illegal activity.

Share and Support

@HackingCraze Open / Comment

2021-08-20 16:42:36 Clickjacking test – Is your site vulnerable ?

A basic way to test if your site is vulnerable to clickjacking is to create an HTML page and attempt to include a sensitive page from your website in an iframe. It is important to execute the test code on another web server, because this is the typical behavior in a clickjacking attack.

Use code like the following, provided as part of the OWASP Testing Guide:

Website is vulnerable to clickjacking!

View the HTML page in a browser and evaluate the page as follows:

- If the text “Website is vulnerable to clickjacking” appears and below it you see the content of your sensitive page, the page is vulnerable to clickjacking.

- If only the text “Website is vulnerable to clickjacking” appears, and you do not see the content of your sensitive page, the page is not vulnerable to the simplest form of clickjacking.

Share and Support

@HackingCraze Open / Comment

2021-08-10 10:47:01 Clickjacking Mitigation

There are two general ways to defend against clickjacking:

Client-side methods – the most common is called Frame Busting. Client-side methods can be effective in some cases, but are considered not to be a best practice, because they can be easily bypassed.

Server-side methods – the most common is X-Frame-Options. Server-side methods are recommended by security experts as an effective way to defend against clickjacking.

Mitigating clickjacking with X-Frame-Options response header

The X-Frame-Options response header is passed as part of the HTTP response of a web page, indicating whether or not a browser should be allowed to render a page inside a or