Recent Posts

Tutorial

How to: Configure Burp and Chrome for HTTPS (SSL) packet inspection and web site debugging on Mac OSX

Use Case

You are troubleshooting a web application and want to see the data being sent. You think you can’t because it is encrypted with SSL. You totally can bro/bro-dette. You to-tal-ly can.

Download BURP (the free edition is fine)

http://www.portswigger.net/burp/download.html

Using Chrome, install zx2c4′s quick and dirty proxy flipper

https://chrome.google.com/webstore/detail/quick-dirty-proxy-flipper/lbhdjpmomigdcfkidmimojhnoacaffcg?hl=en

Run Burp

When you run the Burp jar file, it will launch the gui along with a proxy running on port 8080. It will also create its own self signed certificate. Obviously this certificate has not been signed by any actual authority and will create issues for you. We are going to bypass this problem by essentially telling OSX to “TRUST” this self signed certificate.

burp_image_1

Enable Quick And Dirty Proxy Flipper

 

Select the http://localhost:8080 radio button

quick_and_dirty_proxy_2

Access google.com

With Burp running, access google.com using Chrome. You should get the following screen.

security_certificate_not_trusted_3

 

WTH?

Let me explain what is happening. You are using chrome to access the web site google.com. Because you enabled zx2c4‘s quick and dirty proxy flipper. The chrome extension is proxying the request through Burp. Burp is then using its self signed certificate to encrypt the data. At this point, your chrome browser is freaking out because it doesn’t know who the heck you are. It thinks you are a regular old l33t h@x0r or something. Here is how to fix it.

Click the lock icon with the red (x)

 

click_lock_with_red_x_4

 

Click the “certificate information” link

Click_certificate_information_5

Click on the PortSwigger CA line

6

Click and Drag the Gold Certificate icon to your desktop

7

(Image of certificate on your desktop)

8

 

Double click on the .cer file that you dragged to your desktop, this will open a popup window, make sure that “system” is set in the dropdown, then click the add button

9

Type in your System password (you may have to do this several times)

10

 

Click “Always Trust” (you may have to enter your system level password)

11

You should see the following line in the Keychain Access application. The blue plus denotes that you select to “Trust” the certificate.

12

Close Chrome, Open Chrome, Try accessing Google.com again, Success

14

Now if you go back to Burp, you can click on the Proxy->History tab and see the traffic

 

15

Happy Sniffing!!!

jared

(Nerd) ^M Removing control characters using VIM

hat tip Matthew Turland

Have you ever opened up a file using VI and found the following?

<?php
    echo '<html>'^M
    echo '<head>'^M
    echo '</head>'^M
    echo '<body>'^M
 
...

That stupid control character from some other horrid text editor is trailing every single line. And you are annoyed enough to Google for an answer. ^M

Now, hopefully you are aware of the powerful regex tools built right into VI. But in this case, the fix is pretty simple, and we won’t have to craft any regFu. After you open your file using VI, we will then use the search/replace functionality. And we will eventually end up with a line that looks like this.

:%s/^M//g

But there is a gotcha to this solution, so you may need to read on to find out more. And before proceeding, press esc to make sure you are not in insert mode.

First type the following.

 Shift + :

Which should just print the colon at the bottom of your screen.

:

Then type this exactly how it looks.

%s/

Now we need to type the control character. You may be thinking “Jared, I will just hit shift + 6 and get that character onto my screen in no time.”. And you are more than welcome to do that, but you would be wrong.

You will need to press the following keys.

Control + V

Which will get you this printed out.

:%s/^

Then type the following.

Control + M

Which should have you ending up with this.

:%s/^M

At this point you can type the rest of the characters exactly how they look.

//g

Which leaves you with a finished line that looks like so.

:%s/^M//g

Press enter, and you will now replace the ^M character with nothing.

Part 2(kinda): Small search and replace example.

This would replace Dog with Cat.

:%s/Dog/Cat/g

Cat with Mouse.

:%s/Cat/Mouse/g

Mouse with Trap.

:%s/Mouse/Trap/g

So our line to replace the ^M character is literally saying “Replace the ^M character with nothing”.

(Nerd) How to: Setup Virtual Hosts on Ubuntu 9.10 using Apache2 + MySQL5.X + PHP5

I have been working on a couple projects that are hosted on gitHub. As the scale and scope of the projects grow, I ended up needing to setup multiple virtual hosts on my development machine. It wasn’t hard, but the information online that I found was fairly dated, so I created this tutorial.

This entire tutorial is done after entering the ‘sudo -i’ command which allows us to act as the SUPER-USER for the entirety of our terminal session. You’ve been warned.

sudo -i

NOTICE!!! I am aware that we could use the ‘a2ensite’ and related commands. But for the sake of understanding the entire process, I will not be using it.

1) Install the required modules from the command line

apt-get install apache2 mysql-server mysql-client php5 php5-cli php5-mysql

2) Change the directory to /etc/apache2/sites-available

cd /etc/apache2/sites-available

3) If you run the ‘ls’ command while in the sites-available directory you should see the following

ls

Output

default  default-ssl

4) Copy the ‘default’ config to a site specific config. For this tutorial I am using dev.acloudtree.com.

cp default dev.acloudtree.com.conf

5) Make the application directory

mkdir /var/dev.acloudtree.com

6) Open the file with an editor of your choosing. I prefer VIM.

vi dev.acloudtree.com.conf

The output below is the entire file but I will discuss certain parts that we will need to edit.

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
 
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
 
        ErrorLog /var/log/apache2/error.log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/access.log combined
 
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
 
</VirtualHost>

7) Add the name of the server. This will be the name that you type in the URL field of your web browser (IE: Firefox)

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
	ServerName dev.acloudtree.com
...

8 ) Point the Virtual host to the correct directory

...
        DocumentRoot /var/dev.acloudtree.com
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
...

9) Also make the change here.

...
        <Directory /var/dev.acloudtree.com/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
...

10) So this is what your dev.acloudtree.com.conf file should look like when you are done. Write/Quite the file and we will move on.

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
	ServerName dev.acloudtree.com
 
        DocumentRoot /var/dev.acloudtree.com
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/dev.acloudtree.com/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
 
        ErrorLog /var/log/apache2/error.log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/access.log combined
 
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
 
</VirtualHost>

10a) IMPORTANT! Make a symbolic link in the sites-enabled directory

ln -s /etc/apache2/sites-available/dev.acloudtree.com.conf /etc/apache2/sites-enabled/000-dev.acloudtree.com.conf

11) We need to edit our /etc/hosts file

vi /etc/hosts

Output

127.0.0.1       localhost 
127.0.1.1       servername
 
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

12) Right beneath the ‘localhost’ definition, add the following

127.0.0.1      dev.acloudtree.com

13) The complete file looks like this.

127.0.0.1       localhost
127.0.0.1       dev.acloudtree.com
127.0.1.1       servername
 
# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

14) Create an index.php file in /var/dev.acloudtree.com for testing purposes.

vi /var/dev.acloudtree.com/index.php

Contents of .php file.

<?php
 
        echo 'Jared Folkins\' tutorial on acloudtree.com really works!';
        phpinfo();
 
?>

15) Reboot the apache2 process.

/etc/init.d/apache2 restart

16) Now open up your web browser and enter dev.acloudtree.com into the URL bar and it should work!

UPDATE: I forgot to mention that in this environment, I like to configure log files for each virtual host. This is our current dev.acloudtree.com file.

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
	ServerName dev.acloudtree.com
 
        DocumentRoot /var/dev.acloudtree.com
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/dev.acloudtree.com/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
 
        ErrorLog /var/log/apache2/error.log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/access.log combined
 
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
 
</VirtualHost>

Just change the ErrorLog and CustomLog names to match the virtual host.

...
        ErrorLog /var/log/apache2/dev.acloudtree.com_error.log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/dev.acloudtree.com_access.log combined
...
</VirtualHost>

(Nerd) How to: Reconfigure SSH listening port on Ubuntu 9.10

1) Make sure that you have have ssh installed on your system.

sudo apt-get install openssh-server openssh-client

2) Open the sshd_config file using VI

sudo vi /etc/ssh/sshd_config

3) Here is the file in its entirety that was created by the installation process

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# Package generated configuration file
# See the sshd(8) manpage for details
 
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
 
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
 
# Logging
SyslogFacility AUTH
LogLevel INFO
 
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
 
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys
 
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
 
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
 
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
 
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
 
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
 
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
 
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
 
#MaxStartups 10:30:60
#Banner /etc/issue.net
 
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
 
Subsystem sftp /usr/lib/openssh/sftp-server
 
UsePAM yes

4) But we are mainly concerned with this part right here

1
2
3
4
5
6
7
# Package generated configuration file
# See the sshd(8) manpage for details
 
# What ports, IPs and protocols we listen for
Port 22
 
...

5) Change the default port that is currently 22, to a non standard port. I changed mine to 22999

1
2
3
4
5
6
7
# Package generated configuration file
# See the sshd(8) manpage for details
 
# What ports, IPs and protocols we listen for
Port 22999
 
...

6) Write/Quite so that you can save the changes to the file.

7) Now, all we have to do is restart the ssh daemon and it will listen from the new port.

sudo /etc/init.d/ssh restart

8 ) Finally, from another linux (or whatever OS you prefer) box, use the SSH client and login to your newly reconfigured server. Make sure to change the port using the ‘-p’ flag.

Example: ssh YOUR_USERNAME@IP_ADDRESS_OF_SERVER -p 22999

ssh jaredfolkins@192.168.1.107 -p 22999
Older Posts