March 2010
Monthly Archive
Tue 30 Mar 2010
Maybe you want to send http requests out of different ip addresses assigned to your server. How do you do it? Here’s some code (modified from php.net and stackoverflow.com)
<? echo http_socket::download('http://whatismyipaddress.com/', 'theipyouwanttosendfrom');
final class http_socket
{
static public function download($url, $bind_ip)
{
$components = parse_url($url);
$header = array();
$header[] = 'GET ' . $components['path'] . ($components['query'] ? '?' . $components['query'] : ''). ' HTTP/1.1';
$header[] = 'Host: ' . $components['host'];
$header[] = 'User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20100106 Ubuntu/9.10 (karmic) Firefox/3.5.7';
$header[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
$header[] = 'Accept-Language: en-us,en;q=0.5';
$header[] = 'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7';
$header[] = 'Keep-Alive: 300';
$header[] = 'Connection: keep-alive';
$packet = implode("\r\n", $header) . "\r\n\r\n";
echo($packet);
if ($socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP))
{ echo("socket created\n");}
else
{ echo("socket NOT created\n"); }
if (socket_bind($socket,$bind_ip))
{echo("socket bind worked\n"); }
else
{echo("socket bind DIDN'T work"); }
socket_connect($socket,gethostbyname($components['host']), 80);
socket_write($socket, $packet);
$html = '';
while(1) {
socket_recv($socket, $packet, 4096, MSG_WAITALL);
if(empty($packet)) break;
$html .= $packet;
}
socket_close($socket);
return $html;
}
}
Thu 18 Mar 2010
Using javascript, you can create a list of URLs in a hidden div and then traverse that list checking for visited status.* Using this technique, you can determine if your web site visitors have visited other websites.** But how is this any good?
Well, as it turns out, you can estimate gender*** and, in some cases, de-anonymize the user entirely!**** The Tor network***** and proxies aren’t going to hide you anymore!
* http://www.niallkennedy.com/blog/2008/02/browser-history-sniff.html
** the code: http://aza.googlecode.com/svn/trunk/SocialHistory/SocialHistory.js & the code in action: http://www.ryanbyrd.net/links/
*** http://www.mikeonads.com/2008/07/13/using-your-browser-url-history-estimate-gender/
**** http://www.iseclab.org/papers/sonda-TR.pdf
***** http://www.torproject.org/
UPDATE: http://www.h-online.com/security/news/item/History-stealing-2-0-I-know-where-you-live-1005196.html
Tue 9 Mar 2010
Maybe you have a ton of SSL certs you’ve purchased from different vendors and you’d like warning when they’ll expire.
http://prefetch.net/articles/checkcertificate.html has a free bash script that will check the certs for you and notify you when you need to renew.
first, run this to get the list of SSL sites on your apache2 server:
grep 443 /etc/apache2/sites-enabled/*.conf |grep ServerName|awk '{print $3 }'|uniq|perl -p -e 's/:/ /g'|sort|perl -p -e 's/\r//g'>currentssls.txt
then run the script to check each of those sites (as listed in the currentssls.txt file)
# ./ssl-cert-check -f currentssls.txt|sort -nk6|sed '/^$/d'|sed 1d
Host Status Expires Days
www.example1.com:443 Valid Apr 16 2010 38
www.example2.com:443 Valid May 10 2010 62
www.example3.com:443 Valid May 14 2010 66
and now let’s add it to cron, instructing the script to send out an email 30 days before expiration:
# crontab -l
10 10 * * * grep 443 /etc/apache2/sites-enabled/*.conf |grep ServerName|awk '{print $3 }'|uniq|perl -p -e 's/:/ /g'|sort|perl -p -e 's/\r//g'>currentssls.txt
30 10 * * * ~/ssl-cert-check -a -f ~/currentssls.txt -q -x 30 -e you@example.com
Thu 4 Mar 2010
maybe you want to make all HTTP requests we rewritten to HTTPS. Here’s how:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Thu 4 Mar 2010
Maybe you want your Mac, Windows and Linux users to be able to access/write to a shared environment. Maybe you want to use WebDAV instead of a samba/NFS share.* How do you do that? Maybe you’d also like to authenticate against your Active Directory server. Here’s an Apache configuration that works:
<VirtualHost *:80>
ServerName example.com
DocumentRoot /srv/webadmin.example.com/media
DAVLockDB /var/lock/apache2/DAVLock
<Directory /srv/webadmin.example.com/media >
RewriteEngine off
</Directory>
<Location "/">
DAV On
AuthType Basic
AuthName "Basic Research Media Server"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl "ldap://SERVER:389/ou=YOUR_OU,dc=EXAMPLE,dc=COM?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "CN=LDAPQuery,DC=EXAMPLE,DC=COM"
AuthLDAPBindPassword YOURPASSWORD
Require ldap-user YOURUSER1 YOURUSER2
</Location>
</VirtualHost>
note: Windows 7 has buggy WebDAV implementation, but you can use third party webDAVE software (AnyClient, for example) to bypass this.
* unlike NFS and SMB, you can easily access a WebDAV share over the Internet. And it’s faster in some cases.
