Free and Open Source Browser based Security Framework

Free and Open Source Browser based Security Framework

• Free and Open Source Browser based Security Framework

1994-1995

• 1994-1995

Microsoft came up with IE

• Microsoft came up with IE

Even though it was paid software at that time

• Even though it was paid software at that time

With lots of bells and whistles

• With lots of bells and whistles

Google’s own web browser

• Google’s own web browser

Hack3r’s browser.!!!

• Hack3r’s browser.!!!

What, Where, When, Why, Who and How

• What, Where, When, Why, Who and How

What, Where, When, Why, Who and How

• What, Where, When, Why, Who and How

What is Mantra?

• What is Mantra?

• What is the use?

• What Mantra is NOT?

Collection of hacking tools / add-ons

• Collection of hacking tools / add-ons

A security framework that can aid in exploit development

• A security framework that can aid in exploit development

• Security toolkit as of now

Its built on top of browser

• Its built on top of browser

Cross platform and flexible

• Cross platform and flexible

Free as in “Free Beer” and “Free Speech”

• Free as in “Free Beer” and “Free Speech”

• Open Source

All the five phases of attacks

• All the five phases of attacks

• Reconnaissance
• Scanning and enumeration
• Gaining access
• Escalation of privileges
• Maintaining access and
• Covering tracks

Not a one click Pwnage tool

• Not a one click Pwnage tool

• Not mature enough to suit a particular need

• Don’t uninstall your Metasploit and W3af

• Not a replacement for your normal browser

• Not completely integrated

What, Where, When, Why, Who and How

• What, Where, When, Why, Who and How

Why Mantra

• Why Mantra

Plenty of extensions available officially and un-officially

• Plenty of extensions available officially and un-officially

• Analyzing each and every extension is tedious task

• Many extensions going unnoticed

• Security researchers should know the power of browser platform

What, Where, When, Why, Who and How

• What, Where, When, Why, Who and How

When you will be needing Mantra?

• When you will be needing Mantra?

TIME

• TIME

• Life is all about timing

What, Where, When, Why, Who and How

• What, Where, When, Why, Who and How

Where you can find it

• Where you can find it

• Website
• getmantra.com
• owasp.org/index.php/OWASP_Mantra_-_Security_Framework
• code.google.com/p/getmantra
• sourceforge.net/projects/getmantra/
• Forums
• getmantra.com/forums/
• Social Network
• twitter.com/getmantra
• facebook.com/getmantra

What, Where, When, Why, Who and How

• What, Where, When, Why, Who and How

Who all needs it?

• Who all needs it?

• Who all are behind it?

If you are into

• If you are into

• Auditing
• Penetration testing
• Vulnerability Assessment
• Training

If you are a

• If you are a

• Black Hat
• White Hat and/or
• Grey Hat

Core Team

• Core Team

• Sheeba V Sudevan
• Shahin R Krishna
• Gokul C Gopinath
• Abhi M Balakrishnan
• Yashartha Chaturvedi

• Testers

• HackIT Team

What, Where, When, Why, Who and How

• What, Where, When, Why, Who and How

How I can contribute

• How I can contribute

• How it works, look etc.

Become part of the community

• Become part of the community

• Code | Modify --> Extensions | Framework

• Design

• Themes
• Artworks

Let me show you a demo

• Let me show you a demo

• http://clubhack.blip.tv/file/4782270/ http://clubhack.blip.tv/file/4782285/ http://clubhack.blip.tv/file/4782289/

So long and thanks for all the attention 

• So long and thanks for all the attention 