Wanna carry your Linux everywhere you go? It'll be a good idea to learn how to install Kali for Android phones.

How to Install Kali Linux on Android


Kali can be called a penetration testing Linux distro used by cryptographers and digital forensics. If you have no prior knowledge on this OS, you might wanna refer to HOW TO INSTALL KALI LINUX ON A SYSTEM since I've already broken it all down as well as installation tutorial on computers.

Penetration testing entails making use of a variety of tools and techniques in testing the limits of security procedures and policies. These days more apps are made available on the Android OS for smartphones and tablets every day, so it becomes somewhat worthwhile to have Kali Linux on your smartphone.



Unlike the Computer installation, follow the below steps closely and you'll find the android installation pretty easy

INSTALLING KALI LINUX ON THE ANDROID PHONE

Prerequisites
  • Android version 2.0 or higher
  • Full battery life
  • Nothing less than 5Gb of memory space (both internal and external)
  • A strong internet connection
I believe you have the above specs so let's continue; Rooted Android phones are required for this to work, so lemme start there:

1. Rooting Your Android Phone

Left to me I'd say have your phone rooted by an expert because a little mistake on your part might screw up your phone. However, if you can do it, what you first need to do is back up your phone data.

When that is done, go activate EOM unlocking and USB debugging in the smartphone's developer settings.

When the above steps are completed, head over to the Google developers site and download Android SDK tools and install it in a default directory. Or you can install it anywhere you can remember.

Uncheck everything in the displayed tab, then click to install two packages.

Note that this step is only for those with unrooted Android.

Install By Accepting Licenses

Find your way to your Android phone's manufacturer site and install the device drivers. Make sure the bootloader is unlocked.

Note that certain devices will ask you for an unlock key. Restart your Android to fastboot mode (done by pressing volume up+power on most devices).

Open a command prompt on your personal computer.

If your device requires a code, copy and paste it on your manufacturer's website. After the website form is submitted, you'll receive an email from your device manufacturer that contains a file, key and other necessary instructions for rooting your smartphone.

Get Kingo Root

How to Install Kali Linux on Android
Go and download the KingoRoot app from google play store. If you don't find it, a little google search will fix you. Install the application and make certain your phone is connected to your personal computer. 

Enable the debugging stuff in your Android and root your device.


2. Set up Linux deploy for Kali

How to Install Kali Linux on Android


NOTE for this procedure: Your Android phone should be rooted or have near you a rooting guide for your phone brand.

Download and install Linux deploy application from Google play store. Click on the download icon and select Kali distributions in the distributions tab.

Choose your installation type and location as well. You may decide to stick with the default settings but I recommend configuring up the deployment app yourself.

3. Installation

After configuring all the necessary stuff: You can go ahead to build the Kali image by pressing the install button at the top of the screen. This should take less than 5 minutes depending on your internet speed.


Installation boots a Kali Linux bootstrap directly from the Kali repository. By now Kali Linux is successfully installed.

4. VNC viewer app(optional)

Go download the VNC viewer app from google play store.

Now the steps to configure your VNC:


  • set Address to localhost 

  • set name to kali


When you must have finished the above steps, press the connect button and you'll find your Kali running on your Android.

How to Install Kali Linux on Android | installationThe Kali installation is prebuilt with a VNC or SSH server thus dropping the need to download one. So this step is optional.







5. The CHROOT mode

How to Install Kali Linux on Android | Chroot mode
Now you're done with the installation, let the Linux deploy mount and load your Kali Linux chroot image automatically. 

This step also means the start-up of SSH and VNC  servers to enhance easier remote access. Press the START symbol and this process will begin.


Note the IP address of your device. You'll be using it to log in to your kali session.

log in to chroot mode

Either use the SSH or VNC client to get yourself into your kali. The default VNC setup will be as follows;

  • username: android

  • Password/key: change

Important stuff you need know on using Kali Linux on Android

Linux deploy normally allocates 4GB of image size for a naked installation of kali. It is recommended you reconfigure the settings of the image size at the Linux deploy in case you need to install more utilities that might require huge space.

You might wanna check out how to use your Android as a security camera

Gotta use Tor browser properly right? Yeah, being anonymous while surfing online is a great idea.

NIPE: How to Anonymize your system completely with Tor


Tor is arguably the most popular onion browser out there, being able to run on Apple MacOS, Microsoft Windows and GNU/Linux(without installing any software).

Confused on what Tor actually is? Lemme put it this way; 

Tor browser protects your anonymity by bouncing your communications around a range of distributed networks of relay runs by aides all around the globe: it prohibits and ensures that somebody watching your Internet connection does not learn what sites you visit, it prevents the websites you browse through from knowing your physical location, and also lets you visit blocked websites.

Now, what is Nipe?

Nipe simply put, is a script to make Tor Network your Default Gateway.

This little Perl Script gives you access to route all your traffic directly from your
computer to the Tor Network. 

After it is all done, you can successfully surf the Internet Anonymously
without any worries of being tracked or traced back.


Let's get to it!

Download and install:

    cd nipe
    cpan install Switch JSON LWP::UserAgent

Commands needed:

    COMMAND          FUNCTION
    install                Install dependencies
    start                   Start routing
    stop                   Stop routing
    restart                Restart the Nipe process
    status                 See status

Examples:

    perl nipe.pl install
    perl nipe.pl start
    perl nipe.pl stop
    perl nipe.pl restart
    perl nipe.pl status
THE best free hacking games for android and ios?


Hacking has always been a fantasy worth exploring for many people. A lot of those people get to actually learn and work on their hacking skills, but only a few reach the great height of a pro.



Hacking is a serious profession. It is always portrayed by many to be all doom and gloom but isn't so. To better understand hacking and have fun while doing so, you might wanna try your luck against real-life world hackers in games.  

The below Android and iOS games help you take a break from the numerous security threats all around and have you a little fun. From the splendid VR environments, to tower defence strategy games. 

These free mobile/tablet games will stretch your already existing imagination and possibly even your hacking skills.

In no orderly fashion;

1. Hack Ex

Best free hacking games for Android and ios

In this game, users face off against each other by continuous attempts to crack into bank accounts or other accounts in order to upload viruses into the system to generate funds to further their hacking efforts.

Hacking into other hackers devices grants you access to spy on other players and then cover your tracks through manipulation of logs.

Players get the location of opponents by scanning and identifying IPs with the help of a Firewall. The better the discrepancy surrounding these levels, the less likely a particular hack will be successful. 

Hack Ex makes use of in-game currency (Bitcoin) to purchase and equip new hacking gadgets and superior smartphones.


2. Hacker's Quest

Best free hacking games for Android and ios
A player can pay as much as he likes for this game. But even without paying a dime, one can still enjoy the whole game without limitations. 

Hacker's Quest is basically an addictive text adventure that requires great hackers to reveal dark secrets.

Inspired by the popular Linux shell brand, your smartphone gets to turns into a hacking terminal in an instant. You'll get to know plenty individuals and firms - some will be good and others evil. 

Always listen to your own knowledge of human nature and put trust in your IT skills to grab this thrilling adventure. Perform well and you'll be a big boy in this virtual world.

This game is a much more realistic depiction of the hacking world than most with a great deal of social engineering instead of pure hardware and software getting the job done. 

Basic knowledge of terminal commands will make the early levels a little too easy, but with awesome 55 levels of hacking, there is still plenty to really test your skills.




3. Cyber Hacker


A big apology to great hackers out there, but Cyber Hacker is the nearest thing to an actual hacking environment you will find on Android or iOS. 



With a rating of 4.6/5.0 on App store, the game is basically puzzle solving with lots of password cracking, virus uploads, DDoS attacks and a beautiful dose of social engineering. 



It begins with you as a freelance hacker taking jobs for Bitcoin. Even at the very beginning, the threat of Interpol tracking you down is ever present. 


Techniques, like remembering the various structure of file systems and adequately phishing employees before attempting a hack are vital in the game. You also need to take proper advantage of all the tools available (definitely take the tutorial). 

While this game is still a less version of hacking, it provides a more complete picture than most games of the same genre.


4. Hack RUN Series

Best free hacking games for Android and ios
Ever wanted to be somewhat a hacker? Crack into the very heart of a mysterious organization to uncover their darkest secrets. Hack RUN® uses 'old school' commands (like UNIX or DOS) that simulate a real-life OS.

Learn and master the command prompts of each system in order to navigate through your adventure. 


This gaming series is a text-based interactive storyline that has begotten five series on iOS, with the first two available on Android.

All the series follow the same structure: the player with the help of a terminal interface will try to hack into the various accounts of employees within the mysteriously RUN organization.

The game really is about puzzle solving as you seek to decipher valuable data in emails and websites within the system.

While this game isn’t going to be for you a path to hacking greatness, the storyline is engaging and the developer doesn't seem to stop churning out sequels to keep fans engaged.

Download Hack RUN for Android
Download Hack RUN for Ios

5. vHack XT

Best free hacking games for Android and ios
Try your best to outsmart other hackers and level up your reputation as the best geek around in vHack XT. If you're one of those that enjoy some social interaction in their games, then you're in luck because this game is one of the few hacking games that offer this functionality.

Players can chat with one another and “cluster” allows a maximum of 10 players to work together and create an in-game private chat room.

 To successfully hack, players scan for target's IP location and compare their stats to the target to determine the possibility of success.

While vHack XT isn’t the most visually appealing of the games in this genre, it offers an addictive gameplay along with an active community that will always bring you back.

Download vHack XT for Android

6. Hackers

This article explains the Best free hacking games for Android and ios
One of the best free hacking games out there, Hackers pits you against various real-world hackers in a towerlike defence style strategy game.

The darknet has never been so widely accessible! This high-end cyber combat interface helps you to research important programs, fight for your nation in the First World Cyberwar and build your hacker's prestige.

Players build up their own type of network while acquiring and upgrading tools to attack targets either via stealth with three known distinct mission types or through brute force attack. 



Note that while all the above-listed games can bring you closer to what hacking looks like, they don't accurately depict the real world of hacking.

The best free hacking games for Android and ios have been done justice to, now you might wanna check out how to hack Clash of Clans or how to turn your android phone into a spy camera


7 important truth on Man in the middle attack


Wanna know all the stuff you need to know about Man in the middle(MITM) attack? including the basic concepts, types, prevention, etc. If your answer is yes, I suggest you read further.



This particular topic is one of the most asked cyber-security questions on the net. Just like most search terms, I'm gonna break it this way;


  1. What is Man in the middle attack?
  2. How does it work?
  3. Typical example
  4. Real life instances
  5. Different forms of MITM attack?
  6. What are the types of MITM attack?
  7. How do I prevent a MITM attack?

To better understand this concept, you'll be reading this from a victim's perspective rather than the attacker. Pay attention!


1. What is Man in the middle attack?

A man-in-the-middle attack is a known cybercrime where a malicious actor secretly inserts himself into an online conversation between two individuals(sometimes more), impersonates both parties involved and accesses information that is being sent by the two parties to one another.

This type of cyber attack basically requires three players to be carried out; the victim, the individual/s the victim is trying to communicate with, and the hacker(Man in the middle), who ’s trying to intercept the victim’s communications with the purpose of getting critical information.

7 important truth on Man in the middle attack


Note that the victim in this scenario isn’t aware of the man in the middle.

A practical example of a MITM attack is active eavesdropping. In this example, the hacker attempts independent links with the victims and conveys messages between them, making them think they're communicating directly with each other over a secure private connection, when in truth, the whole conversation is being controlled by the attacker.

MITM attack is one of the forms of session hijacking. Other forms similar to a MITM attack are:


  • Sidejacking - This involves sniffing of data packets with the purpose of stealing session cookies and in the process hijack a user’s session. These cookies login information in some cases are unencrypted, even if the website was secure.



  • Evil Twin - This can be called a rogue Wi-Fi network appearing to be from a legitimate network. When a user joins a rogue network, an attacker can launch a MITM attack, thereby intercepting useful data sent between you and the network.



  • Sniffing - This is when a malicious actor uses a readily available tool or program to intercept data being transmitted from or to your device.


2. How does Man in the middle attack work?

How does this work? what actually happens in the background is that the hacker manages to have some form of control over the network topology thereby being able to insert himself in-between the client and the server.

A befitting example of this is DNS spoofing. The attacker convinces your computer system that www.amazon.com doesn’t map to any of the Amazon server IPs, but to his(the attacker) server IP. The client not knowing what's going on then connects to the attacker instead of Amazon. The hacker can then decide to forward the client’s traffic to Amazon servers or not

Address Resolution Protocol(ARP) is another interesting example. This is used to map a network address to a physical address like a MAC address. An IPv4 address is an example of the network address.
7 important truth on Man in the middle attack
Check out the ARP cache of one’s computer system.
ARP comes with a flaw though, it being that you can't verify that the ARP packet is telling the truth.

Check this out;

The Router asks, “Who and where is 192.168.1.103?”, a system at 192.168.1.105 replies, “192.168.1.103 is at ff:ff:ff:ff:ff:ff (192.168.1.105’s MAC)”. The router doesn't know that this packet is coming from a totally different system. For the router, 192.168.1.103 is 192.168.1.105. This is known as ARP spoofing.

So what basically happens in a man in the middle attack is that the attacker continuously sends ARP packets to the victim claiming that the attacker’s system is the router.
Here, the attacker is sending ARP replies to the victim (192.168.1.17) saying that he's the router. It says 192.168.1.1 is at 8:0:27:f1:77:4e(attackers MAC)
The victim’s computer goes ahead and sends all the packets to the attacker’s computer, all the while thinking it is actually the router and the attacker then forwards those messages to the actual router. Editing and taking the information he needs in the process.

There’s a more complex and sophisticated MITM attack involving Border gateway protocol(BGP) where you can divert the routing to the internet for an entire domain.

3. Typical example?

7 important truth on Man in the middle attack

An example? Let’s say your friend receives an email that seems to be from his bank, encouraging him to sign into his account dashboard to confirm his contact information. 

He clicks on a link(saying maybe click here to sign in) in the email and is redirected to what looks like his bank’s website. Then he signs in and carries out the requested task and in the process unknowingly giving out his info.

In this scenario, the MITM sent your friend the email, making it appear to be legitimately from his bank. This particular attack involves phishing i.e tricking him to click on a link in the email that appears to come from his bank. 



Note that the hacker had to create a replica of your bank's website

Another analogy:

Let's say Debra and Justice are having a conversation online; Mary intends to eavesdrop on the conversation but at the same time remain transparent.

Mary could tell Debra that she is Justice and tell Justice that she is Debra. This would consequently make Debra believe she’s currently texting Justice while revealing her version of the conversation to Debra.

Mary then gathers needed information from the conversation, alter and twist the response,  and pass the message across to Justice (who still thinks he’s having a good talk with Debra). As a result, Mary transparently hijacked their entire conversation.

4. Real life instances of a MITM attack?

Enough of made up scenarios. Let's look at a few real life man in the middle attacks;

7 important truth on Man in the middle attack

  • In 2013, the Browser owned by Nokia Xpress was made known to be decrypting HTTPS traffic on the Nokia's proxy servers, enabling the company to access its customers' encrypted browser traffic. Nokia, however, said that the content was only stored temporarily and they have technical and organizational measures put in place to prevent unwarranted access to private information. cite

  • In 2003, a remarkable non-cryptographic man in the middle attack was carried out by a Belkin wireless network router. Periodically, it hijacks HTTP connections being routed through it to a destination and self-respond as the intended server. After the reply is sent, instead of the of the web page the user requested, was a commercial for a Belkin product. After several complaints from technically literate users, this particular 'feature' was removed from the router's firmware. cite
Other notable mentions are;
  • Comcast uses a man in the middle attacks to inject JavaScript code into 3rd party web pages, displaying their ads on top of the pages. cite

  • NSA impersonation of Google. cite

5. Different forms of Man in the middle attack

MITM attacks are of two forms; one that involves malware, and another that involves physical proximity to the proposed target. The first form, just like the fake bank scenario above, is also referred to as a man in the browser attack.

  • Man in the browser attack

With a MITB attack, the attacker requires a way to inject malicious programme into the victim’s computer system. This can be achieved by conducting a phishing attack.

The malware installs on the browser without the user ’s consent and knowledge. The malware then records the data/information sent between websites and the victim, such as online shops, and forwards it to the attacker.


Going back to the forms of MITM attack. Hackers execute a MITM attack in 2 phases — interception and decryption.

In a traditional man in the middle attack, attackers need access to a vulnerable Wi-Fi router. These types of connections are likely to be found in public places with free Wi-Fi hotspots, and in some cases, in some people’s homes, i.e when they fail to protect their network properly. Attackers will go ahead to scan the router in search for specific vulnerabilities such as a weak password.


Once a vulnerability is found, attackers use some hacking tools to intercept and read the victim’s transmitted data


A successful MITM attack doesn't stop after it intercepts. The victim’s encrypted data needs to be unencrypted, that way, the attacker can read and act upon it.

6. What are the types of man in the middle attack?

IP spoofing 

Each computer online has an internet protocol (IP) address, which is somewhat similar to the street address of your home. By spoofing an IP address(changing the IP), a hacker is able to trick you into thinking you’re interacting with someone or a website you’re not, probably allowing the attacker to have access to sensitive information you’d otherwise not share.

DNS spoofing

Domain Name Server(DNS) spoofing is a type of MITM attack that forces a victim to a fake website instead of the real one the victim intends to visit. Victims of DNS spoofing think they’re visiting a safe, trusted site, instead, they’re unknowingly interacting with a fraudster. Here, the attacker's mission is to divert traffic from the real website and capture user login details.


HTTPS(Hypertext Transfer Protocol Secure) spoofing

When doing online transactions, be on the lookout for “HTTPS” in the website URL, rather than “HTTP”. This shows that the site is secure and trusted. A hacker can trick your browser into believing it’s visiting a secure site when it’s not.


SSL hijacking

If your computer connects to an unsecured server specified by “HTTP”, the server can on its own redirect you to the secure version of the server, specified by “HTTPS.”

Connecting to a secure and trusted server basically means standard security protocols are in order, protecting all the data you have in common with that server.

SSL is short for Secure Sockets Layer, a protocol that sets up encrypted links between the web server and your browser.

In an SSL hijacking, the hacker uses a different computer and a secure server to intercept all the data passing through the server to the user’s computer.


Email hijacking

Attackers can target email accounts of financial institutions like banks. Once access is gained, they are able to monitor transactions between the customers and the institution.

The attackers can then decide to spoof the bank’s email address and email to customers. This convinces the victim to follow the hackers’ instructions instead of the bank’s. As a result, an unwitting victim may end up sending money to the attacker.


Stealing browser cookies

To better grab the concept of a stolen browser cookie, you first need to understand what one is; a browser cookie is simply a  piece of information a website stores on your computer system.

online retailers like Amazon might store the personal info you enter and cart items you’ve selected on a cookie, that way, you need not re-enter same information when you return.

A hacker can steal your browser cookies and gain access to sensitive information.

7. How do I protect my system from a MITM attack?

7 important truth on Man in the middle attack


Strong WEP/WAP Encryption on Access Points

Having a very strong encryption mechanism on wireless access points(WAP) helps prevent unwanted persons from connecting to your network. A somewhat weak encryption mechanism allows a hacker to easily brute-force his way into a network and starts MITM attacking. 

The stronger the encryption, the safer.


Virtual Private Network

VPNs is used to create a secure browsing environment for information within a LAN(local area network). They create a subnet using key-based encryption for secure communication. If this is done properly, the attacker will not be able to decipher the traffic in the VPN even if he happens to get on a network that is shared.


Force HTTPS

HTTPS is used to safely communicate over HTTP with the help of public-private key exchange. This helps prevent an attacker from making sense from the data he may be sniffing. 

Webmasters should not provide HTTP alternatives.


Public Key Pair Based Authentication

A man in the middle attack involves spoofing something. RSA public key pair authentication can be used in numerous layers of the stack in ensuring that the people or website you are in communication with are actually the people you want to be communicating with.



Summary

It is all scary from a victim's perspective of man in the middle (MITM) attack. Sometimes times the fear is due to knowing little or no info on the topic. 

After reading through this, most users might panic with the knowledge that they have been keeping their devices vulnerable and might have fallen victim to an attack. The best thing to do in such a scenario is to keep calm.


Join us on facebook if you appreciate this post.
Got a spare old android phone? read on and you're gonna know how to put it to good use; turning it into a security camera. Great to be used as a baby monitor✌

Is it really possible to use a smartphone as a monitoring device without any knowledge of I.T? The short answer is YES. You don't need any sort of Cyber training to use your smartphone as a spy device.



How is this practicable? By installing necessary security applications and using them in the manner I'll show you as you scroll down the page.

How to use your android phone as a security camera


What you're about to read further is common sense for some experienced individuals, but alien to many. For the experienced ones, I'll gladly welcome any form of contribution to the methods I'm gonna use here. For the not-so-experienced, read on!


Breaking it down in these steps;
  1. Get IP Webcam
  2. Setting it up
  3. Streaming
  4. Positioning your camera
  5. Mounting

1. How to use android phone as a security camera

Let's dive in to the topic at hand;

Step 1: Get a security camera app for android

To kick this off, you need an app used as a security camera. Most such app offers the same features as; cloud streaming, motion detection and alerts. local streaming and recording/storing footage locally or remotely.

Despite lots of options online, the best for me is IP webcam. Now the pro version cost $3.99 to unlock all features, but there's also a free-to-use version. Though this version can't be compared to the paid one, it still got some cool features.

IP Webcam broadcasts both over the cloud and locally with the help of a service called Ivideon, so you can watch your stream, live from anywhere. Get the Ivideon app for android on Playstore.

In short, IP Webcam is used for videoing and Ivideon for streaming.

Step 2. To set up your Android phone as a security camera:

After you must have downloaded and installed IP webcam, follow the below procedures to set it up:

  • Open IP Webcam

  • Set your video preference, effects, power management settings, and motion and sound detecting.

How to use your android or ios phone as a security camera

  • Go to Local broadcasting>>login/password to set up your unique login details when streaming locally. Streaming locally is public. Reason why you should have a password. That way only you can stream your video.

  • Now, to broadcast the stream remotely, you have to register or log in to Ivideon(if already registered).
How to use your android or ios phone as a security camera
Ivideon on PC after sign in

How to use your android or ios phone as a security camera
Ivideon on Android after sign in

  • Locate cloud streaming from your IP Webcam app, then select Ivideon and log in to connect your Ivideon account to the IP Webcam.

  • To begin streaming, select Start server at the very bottom of the app of your IP Webcam.


Step 3. Streaming your video from anywhere

Now to the fun part;

  • To view the stream locally:

you'll see an IP at the bottom of the video like https://192.156.43.1.7070 type it in the web address bar of your pc or phone. It'll tell you insecure url but don't worry since you have your own dedicated password. Continue with the login.


A pop up will show asking for your username and password. After successful login, you'll be directed to your dashboard.

How to use your android or ios phone as a security camera
Streaming locally from PC

Locate Video renderer and select Browser to start streaming.

Note: make sure that your android phone is currently videoing on IP Webcam

  • To view the stream using Ivideon

Alternatively, you can stream directly from your Ivideon account. This is even better because it increases privacy(private not public)

To do this is very simple. Start the server in your IP Webcam(you must have linked your Ivideon account to IP Webcam by now), then login to your Ivideon account from your pc/desktop/android. You'll see a thumbnail of the current stream. Click on it and watch.


Step 4: Choosing a spot to position your camera

Choosing the best spot to place your phone is very challenging as you'll be careful to make sure it won't fall off or get seen. You may wanna position it at the main entrance to your home or wherever you think might be particularly vulnerable.

You can also set up an IP camera as a baby monitor.

If you have multiple old phones lying around, you can set up multiple cameras for fairly robust video coverage if you have multiple old phones lying around.


Step 5: Mounting and powering up your camera(s)

To mount the camera, a little smartphone tripod or suction car mount works perfectly and helps you fix the android in an inconspicuous place.

smartphone tripod
Loha smartphone tripod
Joby mini tripod
Best tripod for height



To broaden the view, you might consider purchasing a wide angle lens for your phone. These ones below are my top pick:

How to use your android or ios phone as a security camera


Note that streaming takes a lot of power since the phone will be turned on for a long time. To solve this issue, you might wanna position the phone close to a power source. A long Micro-USB or lightning cable will add some flexibility to your camera positioning.

Make sure you put your phone on silent. Putting it on airplane mode is advisable. Don't forget to on your wifi right back in order to access the internet.


If you really want to use your phone as a security camera, then a tripod(very important) and a lens(less important) will be useful. You can check them out from the below links:


Summary


Hopefully, by now you should know all you need to know on how to use your android phone as a security camera. You can go ahead and monitor your household when you're not at home.