Author Archives: Admin

Secrets of Website Traffic Generators: How They Help You?

Tags :

Category : Web Applications

Traffic is the blood cell of a website. Without traffic website is dead. The modern world is hosting business in Online and the success factor depends on how much traffic they receive. Large number of online and offline services available for delivering high quality traffic. Here we discuss how Traffic Generator tools help to deliver traffic, how do they help to improve site rank and how much they can help your business.

Website Traffic Types & Quality

Website Traffic generators basically generate traffic to your website. Traffic can be generally classified as 2 types of traffic

  1. Direct – these kinds of traffic are generated when user directly enter the website address/URL in the address bar of a web browser
  2. Organic – these kinds of traffic are generated as a result of search engine query or by the link click from other websites (referral traffics). Please note some analytic tools (eg: Google Analytics) may classify referral traffic separately. Campaign traffic also belongs to Organic traffic.

A website can get only these 2 kinds of traffic. Now the question is which one is good for website ranking. Obviously organic traffic is preferred for website ranking. It does not mean 100% organic traffic is required, but a good site will always have more than 70% organic traffic. As the name indicates, organic traffics are considered as real traffic generated by human and direct traffic is mostly generated by bots. There are few other things, called as traffic characteristics that are looking for website rankings and they are listed below.

  • Page views (by organic traffic)
  • Sessions (long session duration)
  • Bounce rates (low bounce rates)
  • Access locations (Geo location/IP)
  • Platforms (Windows, Linux etc.)
  • Devices (Desktop, iPad, mobile phone etc.)
  • Web browsers (IE, Firefox, Google Chrome etc.)
  • Keywords and referrals (traffic from search engines and other websites)

How does fake traffic is detected?

A fake traffic is easily detectable if the traffic characteristics are same or they contain identifiable information. Every traffic received at web server side has certain characteristics like source IP, device used, web browser, browser version, OS, OS version & architecture etc. Suppose you make a web page to refresh 10 times from a browser, all the above characteristics are same. It means you are creating unwanted traffic to your website and the site rankers give you negative voting. But if you can make these characteristics different at each time, yes you created real traffic! Because if the traffic has the characteristics of real traffic, there is no way to understand it is generated by a software or not.

How does Website Traffic Generators Work?

A good website traffic generator can create different traffic characteristics and can make it as coming from various sources. Sometimes it is required to make the characteristics same for a while for adding highly required traffic quality determining factors like sessions, bounce rate etc. An intelligent traffic generator could do this by it’s switching capability. Since each website is for different purpose and your traffic requirement also varies, you need to manually change the traffic characteristics and switching options.

The most common doubt is from where the traffic is generated? Is it really from your network or somewhere else? The answer is from your own network. That is your own network bandwidth is used and it doesn’t mean your IP is exposed always. When we consider changing geol0cation factor in traffic generators, the traffic source IP will be different, which can be achieved by using proxy IPs or VPNs. You know traffic from different locations (IPs) are important factor for site ranking and SEO. Since your own bandwidth is used here, a high speed connection can do work better. However, a normal internet connection is only required for working of traffic generators.

What is a good website traffic generator?

A good traffic generator is the one that can make lot of traffic from various locations of the world like people are visiting your website continuously. It requires the software should have options to change all ranking features (traffic characteristics) listed above with switching features.

Are traffic generators detectable?

If you use free and random tools available in the internet, most of them would be detectable and can affect your website ranking. When we browse website, there is an HTTP request-response process happens in the back-end. Multiple intermediate request-responses also occurs if you visit a single website. The characteristics of these request and response is used to identify the traffic is fake or real.  There will be always difference for such traffic using a web browser and low standard traffic generator tools. They will not have intermediate request and responses and hence they are easy to create. They only show the traffic is received (ie the page views) and it will not have other characteristic like sessions. If you have ever searched for traffic generators, you would definitely have watched videos showing thousands of traffic receiving within seconds. They are ofcourse these kind of poor tools, which can seriously affect your website reputation.

“No traffic generators can make thousands of traffics instantly by keeping the quality of traffic.”

Since geolocation is an unavoidable factor in site ranking, most of the website traffic generators would be using proxy IPs. There are few things you should consider while using proxy as proxy traffic one of the main thing to detect fake traffic. Proxy IPs of various locations are freely available over internet, also you can purchase them if needed. There are mainly 3 types of proxy IPs are available, which are classified based on their anonymity.

  1. Transparent – the web server can understand you are behind a proxy and it can also know your real IP. Transparent proxies are recommended to avoid.
  2. Anonymous – anonymous proxy server is detectable revealing that you are using a proxy server, but your IP is not exposed. Anonymous proxy is more recommended than transparent proxies.
  3. Elite – these are high Anonymous Proxies. The web server can’t detect whether you are using a proxy and appear the traffic is really coming from different location. Elite proxies are highly recommended.

Conclusion

Website traffic generators are highly helpful in ranking, SEO and to bring your website to the front pages of Search Engine Result Pages (SERPs). There are a lot of cheap traffic generator tools available in internet, most of them are not aligning with traffic quality factors and can seriously affect website reputation. Always better to use website traffic generator tools which has the options to customize and switch traffic characteristics rather than looking for a tool having thousands of instant traffic. New generation website traffic generators have the features of handling sessions, bounce rates, traffic engines etc.

WAT


iBall Baton ADSL2+ Home Router, UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass

Hi, I hope you have already gone through my first router exploitation writing Exploiting Router Authentication through Web Interface (CVE-2017-6558). Once again researching in router exploitation, I found similar bug in two other products iBall Baton ADSL2+ Home Router & UTStar WA3002G4 ADSL Broadband Modem that allowed me to bypass admin panel authentication. Both of these products are from two different vendors, but the vulnerability is same.

I was looking to find some methods to bypass authentication of commonly using routers in my country. First I came to open iBall Baton ADSL2+ Home Router admin page. The admin panel is protected by password authentication. I know some routers use CGI scripts like PayPal use in their websites. I tried to access common pages in the router by appending .cgi at the end of URL. Luckily I got the page info.cgi opened without asking authentication. I got few other pages also which can be accessed in the same way.

Steps

  1. Suppose 192.168.1.1 is the router IP, then the password reset page is http://192.168.1.1/password.html by default
  2. This page is a protected page which can be bypassed by changing URL extension as http://192.168.1.1/password.cgi

In the case of UTStar, the source code of password.cgi page contains the usernames and corresponding passwords in plain text. We can use this password to login admin panel!

Some pages we can directly access:

  • http://192.168.1.1/info.cgi – Status and details
  • http://192.168.1.1/upload.cgi – Firmware Upgrade
  • http://192.168.1.1/backupsettings.cgi – perform backup settings to PC
  • http://192.168.1.1/pppoe.cgi – PPPoE settings
  • http://192.168.1.1/resetrouter.cgi – Router reset
  • http://192.168.1.1/password.cgi – password settings

Products Affected

  • UTStar WA3002G4 ADSL Broadband Modem – Firmware Version: WA3002G4-0021.01
  • iBall Baton ADSL2+ Home Router – Firmware version: FW_iB-LR7011A_1.0.2

 

Identified and Reported by
Gem George


Direct Download Windows 10 ISO/ESD from official site

Finally Microsoft released Windows 10 publicly for free download on 29th July 2015. It gives free upgrade over genuine version of Windows 7, Window 8/8.1. Microsoft provides two ways to download Windows 10 – using Media Creation Tool and Direct ISO from Microsoft’s site. The media creation tool also allows us to:

  • Upgrade PC
  • Directly to your USB
  • ISO file for later usage

Media creation tool downloads Windows 10 in background and if some error happened in the middle of the download, we need to restart whole download from the beginning. Most of the users like to download files using their favorite download manager with resume support.
So let us see the ways to downloading Official ISO directly using your favorite download manager with resume support. It’s legal to download direct downloading offline ISO from Microsoft’s servers and nothing has been said here as illegal. Here is the official download page:

  1. https://www.microsoft.com/en-us/software-download/windows10 (via Media Creation Tool).
  2. http://www.microsoft.com/en-us/software-download/techbench (Official ISO)

If you are visiting 1st link using either windows 7, 8/8.1, it will give an option to download Windows 10 via Media Creation Tool (since they are upgradable to Windows 10). If you are using Windows XP, Vista, Mac OS or any linux PC, the page divert to Official Offline ISO download page. That is the above said page detects your OS and divert page accordingly. Hence you can try these operating systems or mobile phone to get download link, so that you can download it from PC.
Open above link and you will be have the option to select versions:

  • Windows 10
  • Windows 10 KN
  • Windows 10 N
  • Windows 10 Single Language

Each of this ISO file contains Windows 10 Home and Window 10 Pro editions and you can choose which one to be installed during installation. You will get option to select 32-bit (x86) or 64-bit (x64) ISO before starting download. Note that each download link is valid for only 24hrs. If the link is expired, then try downloading new ISO, replace old download link with new download link and resume. Most of the download manager tools allows the option to replace download links of partially completed downloads.

Finding direct download link from Media creation Tool
As said above, Media Creation Tool is an online installer, which is slow and resume unsupported. How it would be if you get direct download link for the version you are selecting to download from this Media Creation Tool? Yes, it’s possible with the help of any packet filtering tool such as Wireshark.

This method is not only applicable to with Media Creation tool, but it also helps you to get direct download links from most of the online installer tools. The main advantage of this method is that the downloaded file is in ESD (Electronic Software Download) format and which is around 25% compressed than ISO. It will definitely saves your data usage and time. FYI: The ESD file of OS can be find at C:\$Windows.~WS\Sources, which is in .tmp extension during download.

Steps to find direct download link:

  1. Open Wireshark and start capture
  2. Run Media Creation Tool, select OS version and start download
  3. Apply filter http.request.method == “GET” in Wireshark. It will list all the HTTP request GET from your computer and you can find official link of ISO from them.
  4. Click on the packet from the list and expand “Hyper Text Transfer Protocol” and there you will find the request URI as blue coloured.
  5. Right Click on it >> Copy >> Value and now you copied the direct download ink of ESD file.
  6. Download it with your download manager and use any tool such as ESD Decrypter to convert it into ISO


Watch video:https://www.youtube.com/watch?v=PWjd5ecbprg