How to fix “Lua: Error during loading” in Loading Wireshark on Kali Linux

Lua: Error during loading

Wireshark is very handy tool among Network Engineers, Pen-testers and anyone who cares about network traffic. You may install it on your Windows OS as well as Mac and Linux. Since it is installed by default on Kali Linux so you don’t need to install it on your Pentest machine.

Usually during my classes, participant complain a warning message during the initialization of the Wireshark. In this short tutorial I am showing you how to get rid of the following warning:


Lua: Error during loading:

[string “/usr/share/wireshark/init.lua”]:46: dofile has been disabled due to running Wireshark as superuser. See for help in running Wireshark as an unprivileged user.


Lua: Error during loading

Open your terminal and type the following command to

Command: gedit /usr/share/wireshark/init.lua

Set the “disable_lua” paramter into the True value. Save the file and relaunch the Wireshark. You are good to go without any warning message.


How To install Google Play on Genymotion for Android Application Penetration Testing

As an Android Application Penetration Tester, or bug hunters, we need to download Android application in our playground (Testbed) device/emulator to play around with the desired application. There are many websites that provide .apk file of any Android applications for downloading into the PC such as, APK Downloader v2,,, and etc.

I mostly work with Genymotion and Android Studio for running my Emulators and R.I.P Samsung S3. I tried to find a way to use Google Play on the Android Studio Emulators and still unsuccessful (Please let me know if you have a way to install Google Play service on the Android Studio). Meantime, I am using Genymotion for downloading the applications from Google Play.

For those who are new in Android application penetration testing, and prefer to use emulators rather than physical devices you can install the Google Play on Genymotion to always get the latest available version from the Google app store.

Note: Some of Android applications don’t run on emulators to avoid reverse engineering techniques, so you have to do it on your physical device.

Running Google Play on Genymotion:

  • Install Oracle Virtualbox.
  • Go to the Genymotion website, signup with a valid email (you will need it later) and download  Genymotion into your Desktop and install it ( Next, next, next, finish wizard)

Note: If you are currently installed either of them on your machine make sure you have upgraded them into the latest version.

Note: if your emulator is running lower version you may download for your desired version.

  • Now start your emulator and once it successfully booted, drag & drop the “” on the emulator. And then reboot the phone.
  • Do the same step for Google Apps Both files will flash your emulator.
  • After step 6 & 7, you google play service or Hangout… will crash several times. No worries, its normal :) Open the installed Google Play application, login with your Gmail account, and let it run and update the required apps and service. You need to update the Google Play application as well. Once you update all of them, you are ready to go.
  • Enjoy Hunting and share your experiences with me.

I highly recommend you keep this emulator for only downloading apps from Google Play to avoid any updates during the testing.

How to avoid IDS/Firewall Blocks your IP during Web Penetration Testing

This is very common during the Penetration testing, since we send an unexpected/payload request toward the servers, the subject web server may pick our IP address and sometimes they block our address. There are many ways such as TOR, VPN (Free/Commercial). Personally, I don’t like to setup the VPN or TOR, since there are other applications that running against the target which I prefer to run on normal network to avoid any slow connections due to VPNs. Although sometimes Spiders and Fuzzers may also alert servers and consequently they block my IP address. In addition, prefer to not send all my laptop traffic through the VPN and Proxies into the network. There are many personal data and application running on my Pentest machine as well.

Please keep in mind that, the only reason I recommend them is to easily change your IP to easily bypass firewall/IDS restriction during penetration testing progress. So you don’t need to call Admin to unblock your IP, or provide a new IP for you. Obviously I don’t have any personal account on my FireFox/Chrome to protect myself about data leakage and privacy issues.

Note: A hacker has none of the aforementioned ability to request Server administrator to unblock him, right? :) Act Real.

I usually use the following two VPNs for  Firefox/Chrome adds-on during Web Penetration Testing.

Firefox:ZenMate Security, Privacy & Unblock VPN

This is an Adds-on that you can easily install and ready to go on the FireFox/Chrome browser to change your IP constantly whenever it is required. Although in free version you may only use four country’s IPs (Romania,Hong Kong, Germany and USA), in premium version you may use IP address of other countries as well. but I think these four are enough in this context.


Chrome: DOTVPN:

DotVPN is a Chrome based Adds-on extension that works perfectly. just install on your chrome browser and create a username/password and go for bug hunting.


so next time, if your connection become so slow to access to the target website, or they blocked  your access, just use these VPNs and you may change your IP easily time to time.

There are some other free VPNs such as Hotspot Shield VPN, ProxMate, Hola Unblocker, CyberGhost VPN, AWB Proxy, AutoProxy, which I use the DotVPN and ZenMate to change my IP on demand.

Invitation Letter for OWASP Meetup Q3 2015

this is an open invitation for those who are keen in Information Security Meetups. we are conducting OWASP Talk in UniKL University. everybody are welcome to participate and attend in OWASP Meetup Q3 2015.

OWASP Meetup Q3 2015 Inivtation

Contact me for more information

Kali Linux Version 2 Released.

In old days, computer users were always waiting for Microsoft or Apple release the latest OS. We all grow up, and now as security evangelist and penetration tester, we are looking forward to see the latest version of Kali Linux v2. You can download ISO image file from Kali Website or you may download the VMware version from Offensive-Security website.

EnJoY Hunting….

Windows Critical Security Update- Remote Code Execution

A new vulnerability has been discovered that allows remote code execution by opening specially crafted documents or untrusted web pages which the OpenType fonts has been embedded. The target of this vulnerability are Windows Vista (SP2), Windows Server (2008 & 2012, Core Installation) and windows server (2008 & 2012) R2 (32/64), windows 7 (32/64), as well as Windows 8 and 8.1 and RT 8.0 and RT 8.1.

Metasploit Lovers:

Metasploit hasn’t updated their exploits for this vulnerability yet.

For more information refer to the following link:


How To Remove “Secure Browsing” Virus

This is very common that we use our Pendrive within others PCs or Laptops. One of the viruses which I recently have faced is called “Secure Browser”. For the first time, when I see that, was the time I went to a print shop. I thought this is their security application to avoid running malicious codes or malware. Today, I found that my pendrive has the same directories and folders in hidden form. In addition some new and suspicious processes in my Task Manager were running. Obviously I never installed it. So I tried TrendMicro it couldn’t detect or clean it. I tried my own Esset Smart Security as well with the latest version; it could detect and quarantine them. So I started digging google, to see if there is any introduced tool for “Secure Browser” virus. I found USBfix which is free. This is very easy and straight forward tool which ask you to connect your external drives such as SD card, Hard Drives, Pendrives and will scan and clean all of them, as well as your registry and system directories. It’s good to have it next to your Malwarebytes application. You may need to future as well. In the following the steps are explained.

Once you have downloaded, run the USBfix and wait for the first wizard appear and then click on Next as follows:


In the next step it pop up a message box that tell you to connect your external drives, simply click on ok and go for the next step.


While it starts to analyze your system and external drives, it invites you to participate in the Forum. Its up to you to join or not. So I click on “No” to go for the next step.


Finally USBfix thanks you for choosing their tool. actually we should say thanks for helping us to stop this annoying virus.


And then it goes to start analyzing and removing the infected files. This is secure application, it doesn’t damage your system. at least so far my PC had  no issue since the last time running J. It might ask you to restart your computer, save your files and works and then restart your machine.

keep the USBFix in your pendrive, whenever you see this in others computer you may help them by simply running it and clean their system for free.

Mail App of iOS 8.3, is vulnerable to Phishing attack

There is always a debate between Apple Lovers and Android or Windows OS fans. there is an wrong believe that iOS never get hacked, or virus, or this is the best product. several times I have showed in my classes how Apple devices, similarly may get hacked  as  windows or Android devices can be a target for hackers. Hereby, there is a news that shows how a phishing attack my cause Apple user to lose their iCloud credential over Maill app. This vulnerability can be findout on iOS 8.3. Phishing attack is one the most significant and fast track methods allows hackers to obtain credential information or remote attack and many more. The prove of Concept of this attack has been uploaded in youtube and the PoC code of it has been shared with github for learning purpose.

lets say hi to new Gmail #Inbox and #Google #Photo

Seems Google​ has some new updates, Google Daily Photos​ to compete with Instagram, and now they have upgraded their Inbox.
now you may switch into Inbox and install the Inbox app as well. for the beginning it seems a bit creepy, but no choice, we are living in technology edge which everything is changing daily, and we need to adopt to new systems and updates.
Google Inbox:

Google Photo: