Google Chrome is not connecting to the Internet (Fixed)

Looking for the ways to fix the error on Google Chrome “Unable to connect to the internet”? Here you will find some handy ways to work around this issue in no time. There may be different reasons for this problem. The problem is interrelated to DNS PROBE FINISHED NO INTERNET error that also occurs in Google chrome, these fixes will work for both error equivalently. I am going to share my personal experience with you. So, let’s start discussing all methods one followed by the other.

Google Chrome is not connecting to the Internet

Method # 1: Reboot the System

You should restart the system to try browsing in Chrome once more. When the computer restarts, just open Google Chrome and type your desired website to check whether it shows “” error or it is resolved.

Method # 2: Re-install the Browser

If the browser is still not responding, you should uninstall and re-install the browser to give it another try. For this, do the following steps.

  • You should go to the “Control Panel.”
  • In “Programs” category, you should select the option “Uninstall a program.”
  • Here, you will find a list of the programs installed on your system. You need to click “Google Chrome” and select “Uninstall” from above. It will uninstall this browser. Later, you can re-install it.

Method # 3: Disable the Firewall

If you are using an antivirus program, that may be blocking the way of Google Chrome for browsing. So, you need to disable its Firewall and try to browse your desired sites.

Method # 4: Clear the Cache

You should clear the cache from Google Chrome to remove this error. Use the following instructions to perform this action.

Go to the address bar and type “://net-internals/#dns” and press “Enter” key.

Method # 5: Use Command Prompt

You should be a bit technical this time if none of the above-discussed methods works well. Open Command Prompt with admin rights.

  • Go to the “Start” and type in the Search bar “Command Prompt”. As soon it appears in the search results, you should right-click on the Command Prompt and select “Run as Administrator.”
  • Now the Command Prompt window appears before you. Start typing the following commands one by one and every time press “Enter” to move below.

“ipconfig /release”

“ipconfig /all”

“ipconfig /flushdns”

“ipconfig /renew”

  • Now you need to type here two other commands given below.

“netsh in tip set dns”

“netsh winsock reset”

Method # 6: Change DNS Address

You should replace the DNS Address so that your browser may not show the “DNS_PROBE_FINISHED_NO_INTERNET” error again. You can follow the steps below that would fix this issue for sure.

  • Just go to the bottom right corner where you find the Network icon. You need to right-click on it to view its options.
  • Now select “Open Network and Sharing Center” to move ahead.
  • In the left pane, you will see “Change Adapter Settings” option. Just click this option to view its content.
  • When you right-click the active network connection, there you will find “Properties” at the bottom. Select this option.
  • In the Properties, “Networking” tab, you need to select “Internet Protocol Version 4 (TCP/IPv4)” and click “Properties.”
  • Click the radio button “Use the following DNS server addresses” and provide “” in the Preferred DNS Server box and “” in the Alternate DNS Server box.

How to make an iPhone Case at Home? [Guide + Video Tutorial]

Everyone is very caring for the safety of his iPhone and no doubt you will be too one of them if you use an iPhone. You won’t like to get scratches on its back and would prefer to protect it with a custom casing or skin. It can be bought from the market, but in my case, I never like buying a skin for my iPhone from the market. I would prefer to make it at home with my choice of colors, material and design because when I visited the market to get a cover for my iPhone, I found some covers too glossy with the colors I never like. Whereas some were good in material, but they were in matte and dull colors that were never my favorite. So, what to do the next is just to create my iPhone casing at home. The below listed things are must to create an iPhone case, if you don’t have, then avoid this guide and buy one from any trusted cell phone accessories shop, I personally buy and recommend if you’re looking for affordable accessories, otherwise you can order them on famous Online shopping site.. If you want to join me, you require some very ordinary things for this purpose to collect appreciation from your friends.

Required Items

  • Foam Sheet (It should be in matte, and I would prefer in dull yellow color as it is my favorite)
  • Glitter Foam Sheet (It is used to give a glossy look or design to the casing. If you want a casing in matte only, you can select another matte sheet in a bit different color, but it should be in darker color)
  • Cardboard
  • Pencil
  • Ruler
  • X-Acto knife (If that is not available, you can buy a sharp paper cutter)
  • Scissors
  • Glue (If you buy Super glue, it works the best instead of an ordinary glue. So, ask for super glue)
  • Velcro
  • Markers (In two different colors)


  • Take the flat colored matte foam sheet and use ruler and pencil to draw two lines each in 1 cm width.
  • Now use scissors to cut the strips. These strips will cover the four sides of your iPhone.
  • Paste some glue to the edges of the strips and join them to make one long strip.
  • Start putting the long strip to the four sides of your iPhone. Mark the place where is the “Off/On” button and the “Volume” key. You need to cut the area with X-Acto cutter.
  • Now take cardboard. Put your iPhone on it to trace its shape from the front and the rear side with 2 cm distance between them. (It is because when you open or close the casing after attending a call on your iPhone, it should be flexible enough to work accordingly)
  • Mark the places where the camera exists and cut that in squares. Cut the shapes of front and rear you have traced on cardboard.
  • Now you have front and rear sides of your iPhone in cardboard. Paste these sides on the glittering foam sheet you selected earlier.
  • Don’t forget to mark and cut the holes for camera and flashlight on the glittering sheet.
  • Now put some glue on the edges of the shapes of front and rear for your iPhone and put your phone between them.
  • The ring on the width of your phone you created with the matte foam sheet will fit the front and back covers. Press the sheet on all sides so that it sticks on every inch.
  • Keep it aside. Now you should draw some attractive shapes like stars, the flag of your country, your favorite fruit, bird or animal on the matte foam sheet with a marker. Cut these shapes and paste them with the help of glue to the rear and front covers on glittering foam sheet.
  • Take about 4 inches long and half 1-inch wide piece of the glittering foam sheet and paste at the mid of bottom side of the casing
  • Now put some glue on both sides of Velcro and stick it on the mid of the front side of the casing and join the 4 inches long piece you pasted on the back side of the casing. Now it is easy for you to open and close the casing.

Video Guide:

That’s all guys! Your creation is ready to collect the appreciation of the people.

Michael Daw Anthology is pleased to announce the first “Michael Daw Anthology” award.

For those of you curious, anthology is a collection of published works. The original idea behind the website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host other security related material. As a close friend pointed out to me, the name is very relevant “when pondered upon”. Some believe that the archangel Michael holds the keys to the doors of Heaven.

Use cutting-edge security wizardry, use sci-fi… write a hacking story centered around Michael Daw and be 1 of 6 to stand the chance of winning.

The full details of the competition will be provided soon. We are currently seeking sponsors to donate towards the winnings. For more information please contact us.

Hacking HomePlug Networks

I don’t know whether HomePlug networks are growing in use or not, but the following statements caught my attention:

“Officials at Intellon, the chip maker that developed the HomePlug spec, say that hacking into a HomePlug network would require cracking the government’s DES encryption standard.” – link

My favourite:

“HomePlug specification products also protect data by utilizing powerful DES encryption, which makes hacking into a HomePlug network virtually impossible.” – link

If you are not sure what a HomePlug network is then maybe the following diagram will help:

As you can see above, HomePlug’s in many cases can replace a Wireless infrastructure or work along side it (i.e. your house or office has thick walls weakening the signal). You simply plug it into your wall socket and attach a network lead to it.


Now I didn’t really spend ages on coming up with advanced hacking techniques for these things. It would be overkill me thinks. These devices are insecure in their default state. They are also insecure in their “secured” state.

So lets put our attack together:
1. HomePlug Detection & Enumeration
2. Exploitation in its default state
3. Exploitation in its “secured” state
4. Hacker Countermeasures

1. HomePlug Enumeration

You need a compatible HomePlug to start. A single plug can cost between £20 – £30. Ensure that the plug is HomePlug v1.0 certified or you will most likely fail in your endeavor.

You will then require a target, testing your own network is easy enough, attackers will most likely test your network from an outside wall socket.

Install the software that comes with the plug – this software was exactly same with both my HomePlug makes (other then a few logo changes). Plug your HomePlug into the wall socket of the network you what to connect to. Load up the software and simply click “Scan Powerlines Network”. You could also just load a sniffer and check if your rogue plug has already joined the network.

2. Exploitation in its default state

I couldn’t find the v1.0 specification rfc, but it was trivial to work out that all these devices use a default network key of “HomePlug” to start with. Obviously this was done to allow for plug and play. Load up your sniffer and monitor network traffic. If the default key is used you should see NetBIOS broadcasts etc. Job done.

3. Exploitation in its “secured” state

56-bit DES encryption may have been considered cryptographically strong in the stone ages but not today.

Even though 56-Bit DES encryption (2^56 possible keys) is breakable, it may take a fair chunk of time to crack – although Rainbowtables has made this alot easier. Personally, I would try some weak passwords to begin with.

4. Hacker Countermeasures

Do the obvious. Use a very strong key to secure your HomePlug’s. Ensure thats your network devices are firewalled. Hopefully the newer versions will provide stronger encryption options.

Bypassing ASP.NET XSS Filters

This attack is only possible with Internet Explorer users as it exploits the old IE CSS comment hack; a very creative find indeed from the guys at ProCheckUp.

Proof of Concept:

Alert box injection - simply provided for testing purposes
(may cause DoS issues on Internet Explorer)

ASP.NET will also escape double quotes(“), so although a number .NET servers are vulnerable to this, it is somewhat mitigated by this fact.

ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly.

AVs prove less-effective

Last year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the following:

  • A tool to aid penetration testers and web developers with security testing document management applications.

Recently I made a pre-v2 release of the tool, which has received even more feedback then the previous version and the project just got even more exciting.

During web applications security audits, I have come across a couple of situations where my uploaded file just vanished off the server – I am sure many reading this have come across this too. The reason behind this was that an Anti-Virus (AV) application had detected the malicious script and removed it. My future plans for this project is to check the effectiveness of AV filters against the scripts in WBC. Dancho Danchev has gone ahead and made a fantastic start to this!

I have gone ahead and added his research into the WBC table for easy viewing and as a centralised location for AV vendors and other interested parties. The results are certainly not a shocker but definately an eye opener. WBC has certainly demonstrated what all security researchers already know, this area needs work!

I can really see AV vendors catching a wake up call in this area or atleast I hope they do. The fun will soon begin to see how we can circumvent their restrictions and help improve some of these products!

Hotlinks and Persistent CSRF

[Hotlinking] is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as hotlinking, leeching, direct linking or bandwidth theft – wikipedia

Hotlinking has been around for ages, and the attack vector shown in this paper is not new either; I merely take two known attacks and merge them to create a super dangerous client side attack that is persistent!

I released the Web Hacking 2.0 mindmap at the beginning of this year (2007). Someone from the Phoenix OWASP chapter liked the idea and posted it on I have no problem with this, although an email saying how and where my work was to be used would have been nice. Enough of that, the point here is to demonstrate the concept of exploiting hotlink trust relationships. This is the primary problem with hotlinking. Site 1 is creating bandwidth problems for Site 2, however, Site 2 is now in a position of trust (persistent).

Two possible attacks are as follows:

  • Attack 1: We deface the page with a lovely picture of stallowned
  • Attack 2: We setup a 302 or 304 redirect on my web server with the image filename used on the site who’s trust we are exploiting. The redirect exploits a CSRF vulnerability. Everytime the page is loaded, the CSRF attack is executed. This is now persistent! Everytime a user loads the Site 1, our CSRF attack is executed.

Lets take this concept a little further. If the site is hotlinking an object or iframe type, it is now possible to turn a reflective XSS attack into a persistent XSS attack. For this attack we require both a reflective XSS vulnerability and a hotlink. What’s really neat and tidy is that an attacker can display the correct object after exploitation, remaining completely invisible to the user.

Our malicious redirects are as follows:

Redirect 302 /a.jpg
Redirect 302 ^/flashobj.swf$ http://site/trusted.html?<script>alert(1)

This attack concept is a security catastrophe especially when taking Web 2.0 which is designed around this form of trust.

In summary, don’t hotlink. Rather download the file onto your local server, although with Web 2.0, this will become increasingly difficult.

Web servers can enable hotlinking protection to prevent this; however, since alot of browsers now restrict the referrer field, this security method will not really help.

Thanks to pdp (architect) for allowing me to bounce ideas off him.


Input Validation Cheat Sheet

Related articles: SQL Injection Cheat Sheet

We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing.

Character(s) Details
NULL or null Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway.
{‘ , ” , ; , <!} Breaks an SQL string or query; used for SQL, XPath and XML Injection tests.
{– , = , + , “} These characters are used to craft SQL Injection queries.
{‘ , &, ! , ¦ , < , >} Used to find command execution vulnerabilities.
“><script>alert(1)</script> Used for basic Cross-Site Scripting Checks.
{%0d , %0a} Carriage Return Line Feed (new line); all round bad.
{%7f , %ff} byte-length overflows; maximum 7- and 8-bit values.
{-1, other} Integer and underflow vulnerabilities.
Ax1024+ Overflow vulnerabilities.
{%n , %x , %s} Testing for format string vulnerabilities.
../ Directory Traversal Vulnerabilities.
{% , _, *} Wildcard characters can sometimes present DoS issues or information disclosure.

These characters can be represented in many different ways (i.e. Unicode). It is important to understand this when restricting input to these character sets.



WordPress Adsense Deluxe Vulnerability

David Kierznowski of Operation n has discovered some serious flaws in the WordPress Adsense Deluxe plugin as part of the WordPress Angel Project. The vulnerability(s) affect all versions.

This vulnerability reminds me of the the old Hacker movies, where a worm is released that steals random pennys from unsuspecting victims. This vulnerability is the closest I have seen to this scenario.

The vendor has been notified, and more information regarding the vulnerability will be released after 30 days or until such a time as the author feels that WordPress users have had a chance to upgrade.

Unfortunately, the developer has not gotten back to me, and as many blogs use this plugin as a source of income, I have gone ahead and made the necessary changes myself as a temporary solution. Please note this is an unofficial release. Hopefully the vendor will verify the changes and make an official release shortly.

As with any plugin, please make sure you have made a backup before downloading and installing this.


The vendor was notified: 18/05/07
Response received: None as yet
Fix received: Temporary fix released as part of the WordPress Angel Project.


WordPress Persistent XSS

Vulnerability Title: WordPress Persistent XSS
Author: David Kierznowski
Software Vendor: WordPress Persistent XSS
Versions affected: Confirmed in v2.0.5 (latest)

WordPress is a popular open source blogging software.
A persistent XSS vulnerability has been found in WordPress (to be honest I have found a few problems and hope to publish these soon). This issue affects the latest version v2.0.5.

When editing files a shortcut is created titled ‘recently accessed files’. The anchor tag text is correctly escaped with wp_specialchars(); however, the link title is not sanitised. Instead, it is passed to get_file_description($file). The only restriction or limitation here is that our text is passed through basename. This means standard script tags will fail when ending with ‘/’. We can get around this by using “open” IMG tags; this works under FF and IE.

Vulnerable code:

[line 22]$recents = get_option('recently_edited');
[line 72]update_recently_edited($file);
[Line 116]:foreach ($recents as $recent) :
        echo "<li><a href='templates.php?file="
          . wp_specialchars($recent, true) . "'>"
          . get_file_description(basename($recent))
          . "</a></li>";

Vulnerable function:

function get_file_description($file) {
        global $wp_file_descriptions;

        if (isset ($wp_file_descriptions[basename($file)])) {
                return $wp_file_descriptions[basename($file)];
        elseif (file_exists(ABSPATH.$file)) {
                $template_data = implode('', file(ABSPATH.$file));
                if (preg_match("|Template Name:(.*)|i",
                   $template_data, $name))
                        return $name[1];
        return basename($file);

Proof of concept:


Temp Fix:
Comment out the following line in wp-admin/templates.php
[Line 72] update_recently_edited($file);

WordPress was contacted: 26/12/06 22:04 BST
Reply received: 27/12/06 06:11 BST
WordPress has fixed this for v2.0.6 and a patch has been released
for v2.0.5, see

Page 1 of 3

Powered by WordPress & Theme by Anders Norén