Friday, October 3, 2014

Shellshock Test

Here is the one line of code to check if your bash is vulnerable to shellshock bug or not. Just copy and run the command on the shell prompt and if it shows "Yes vulnerable" then patch your bash

env x='() { :;}; echo Yes vulnerable' bash -c "echo Test complete"

This is a test script so it just have echo statement but in real attack this vulnerability can be use to exploit almost anything. Many bots around the globe has already started exploiting this vulnerability. The worst part is that no one can come up with the list of program which uses bash internally.

Sunday, September 14, 2014

Capture android HTTP traffic on Fiddler

Fiddler is windows application for debugging HTTP traffic. It can also be used to capture HTTP traffic from a android device to analyse or debug any android HTTP application. To capture HTTP traffic Fiddler setup a web proxy server and monitor any traffic flowing through the proxy. By default  fiddler proxy service listens on the loopback adapter only due to which this proxy cannot be used by other application. Follow these steps to enable remote connections to Fiddler proxy and steps to define this proxy in android.

Step 1: To enable fiddler to accept remote connection goto Tools->Fiddler Options->Connections in Fiddler and Enable "Allow remote computers to connect". Also not the port number on which fiddler proxy listens default port is 8888.

Step 2: Using ipconfig find out IP address of fiddler's machine,

Step 3: Disable Firewall or add exception in firewall to allow fiddler for incoming connection.

Step 4: Now connect your android device to the same wifi network and goto wifi settings, long tap the connected wifi name and Now selet Modify Network option.

Step 5: Enable "Show advance options", set Proxy Settings to Manual then put ip address and port of fiddler proxy server. Now start your application in android and debug the HTTP traffic in fiddler. Remember to remove proxy once your done with debugging.

Friday, July 25, 2014

Camera not working in Micromax A250

In Micromax Canvas turbo i.e. A250 camera often failed to start and camera app only display a black screen the root cause for the issue is that mediaserver process is having open handles to camera device (see screenshot below). To make the camera work again either restart phone or kill mediaserver process if device is rooted using below script.

su -c "kill `pidof mediaserver`"

Sunday, October 6, 2013

Auto Hathway Authentication is now available on Android Play Store

What is AHA?

Hathway internet users need to authenticate on hathway through a web page to start internet services. AHA short for Auto Hathway Authentication was the first application for Hathway Internet user which auto authenticates users to Hathway portal for internet connectivity. Initially AHA was developed in C#.NET for windows platform only but now the new version of AHA is available on Google PlayStore (PlayStore Link).

How It works?

Whenever you will turn on Wifi and connect to a Wifi network on your device then AHA will determine if network is having Hathway internet by detecting the Hathway modem. Once the modem is detected AHA will continue to check the internet connectivity. For internet connectivity it will ping web after every 30 to verify that the device has internet connectivity and if the ping result is negative then it will attempt to authenticate to Hathway.

Similarly if you will disconnect Wifi network or if your Wifi network has ISP other than hathway then AHA will disable itself so that it will not use resources on your device.


1. Install AHA from Play Store (PlayStore Link).
2. Open AHA and go to settings screen.
3. Enter your Hathway User Id and Password and Click on "Save Settings" button.
4. Now connect to your wifi network and AHA will do the rest whenver required.


Sunday, August 11, 2013

Solved: Ployer momo9c keep on resets to factory defaults on every restart or shutdown

Ployer momo9c and other A10 devices running android ICS or CM10 sometimes resets to factory defaults after every reboot. This usually occurs after the update of busybox. To correct the issue go to the Terminal (using adb, Terminal Emulator or any other approach) and copy the busybox binary from /system/sbin or /system/xbin to /system/bin. Below are the command sequence to run

mount -o rw remount /system
cp /system/sbin/busybox /system/bin/busybox

If you are not able to find the busybox binary at the path mentioned above then use which command to locate the busybox.

which busybox