Apache Scalp fixed XML file

Posted by & filed under Server Admin.

Needed to audit some apache logs, installed scalp, grabbed the XML, and it promptly puked:

web@web:~/apache-scalp$ python scalp-0.4.py --log /var/log/apache2/access.log
Loading XML file 'default_filter.xml'...
The rule '(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,"-]+from)|(?:find_in_set\s*\()' cannot be compiled properly

Seems there is some issue with the regex in the XML file. I found this handy thread which outlines the fixes: code.google.com/p/apache-scalp/issues/de… and another person posted a XML will all the fixes: pastebin.com/uDziqcD5

Backup of the XML is below just in case pastebin goes down: default_filter (rename to .xml)

Survive the Deep End: PHP Security

Posted by & filed under PHP, Programming, Security.

As every target of a serious security breach will quickly note in their press releases and websites: Security is very important to them and take it very seriously. Taking this sentiment to heart before you learn it the hard way is recommended. Survive the Deep End: PHP security covers most of the major concepts that should be considered when writing secure PHP web applications.

Despite this, security is also very much an afterthought. Concerns such as having a working application which meets the needs of users within an acceptable budget and timeframe often take precedence over security concerns. It’s an understandable set of priorities, however we can’t ignore security forever and it’s often far better to keep it upfront in your mind when building applications so that we can include security defenses during development while change is cheap.

The afterthought nature of security is largely a product of programmer culture. Some programmers will start to sweat at the very idea of a security vulnerability while others can quite literally argue the definition of a security vulnerability to the point where they can confidently state it is not a security vulnerability. In between may be programmers who do a lot of shoulder shrugging since nothing has gone completely sideways on them before. It’s a weird world out there


GreenSQL – Database Firewall

Posted by & filed under Programming.

GreenSQL is a database firewall. I’m skeptical, but here goes: GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL and PostgreSQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc).


Diffie-Hellman key exchange protocol

Posted by & filed under Uncategorized.


Diffie-Hellman is a key exchange protocol developed by Diffie and Hellman (imagine that) in 1976. The purpose of Diffie-Hellman is to allow two entities to exchange a secret over a public medium without having anything shared beforehand. As it turns out, this is an extremely important function, and understanding how Diffie-Hellman accomplishes this should be a point of interest for any information security enthusiast.

Two values, called Diffie-Hellman parameters, are at the core of this protocol, and they consist of a very large prime number p, and a second related “generator” number that is smaller than p, called g. The value for g is tied very strongly to its associated p value. The nature of this relationship is that for each number n, there is a power k of g such that n = g^k % p.

Each host must agree on these two parameters (p and g) in order for the protocol to work. Finally, a third and private value, called x is also generated for each host. This value, unlike p and g, is not shared.

Public values (to be exchanged with each other) are then generated with this function:

y = g^x % p

…or in other words, take value g and raise it to the power of value x, divide that by p, and your remainder is your public value y. Then, the two parties exchange their y’s with each other and the exchanged numbers are used to create the shared secret z as follows:

z = y^x % p

…or, take the exchanged public key y and raise it to the power of your private key x, and divide that by the shared value p. The shared secret, z, is the remainder of that operation.

The beauty of Diffie-Hellman is that after each party does this independently, they will both end up with the exact same value for z!. This means they now have an outstanding key for whatever encryption algorithm they decide on using for the rest of their communication.

This works because:

z = (g^x % p)^x' % p = (g^x' % p)^x % p

Note that the portion of the equation above in parenthesis is the other host’s “public key”, and that it has the other host’s private value in it. This is what makes the arrival at a mutual secret possible mathematically.

So here’s how it breaks down:

Exchange some numbers over a public medium
Create your own private number that won't be exchanged
Generate a public "key" from the previously agreed upon numbers combined with your private value
Perform a calculation using their public, your private, and the shared information
Your result will match that of your partner doing the same thing
You now have a shared secret without it ever crossing the public medium!

Truly awesome!
Shamelessly stolen from: danielmiessler.com/study/diffiehellman/

Tails — Tor

Posted by & filed under Networking.

Tails relies on the Tor anonymity network to protect your privacy online: all outgoing connections to the Internet are forced to go through Tor.

Tails is a live system: a complete operating-system designed to be used from a CD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails is configured with a special care to not use the computer’s hard-disks, even if there is some swap space on it. The only storage space used by Tails is the RAM memory, which is automatically erased when the computer shuts down. So you won’t leave any trace neither of the Tails system nor of what you did on the computer. That’s why we call it “amnesic”.


WiFi MITM with Jasager

Posted by & filed under Uncategorized.

Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.

Oh carp this is cool!


Skynet — back to life

Posted by & filed under Linux, Pen Testing, Projects, Security, WiFi.

The other day, I decided to bring my old “Skynet” device back online. The master came right online, but the drone was having some problems. I worked it out, and it’s all working correctly now. w00t. Just waiting on my N-Female to RP-TNC connector and I will be read to rock with the Yagi.



Also, I noticed that Kismet-Newcore is out which has a lot of nice features. There is also a plugin available called “Lorcon” that allows kismet to inject and sniff 802.11 frames. Sweet! I will compile both on the rother when I get time…

New Project?

Posted by & filed under Projects, RADIUS, Security, WiFi.

Well the time has come and I have been looking for a new project. I think implementing WPA2 Enterprise complete with a RADIUS backend would be fun not to mention help secure the home network further (currently using WPA2/TKIP).

I’m not sure if I am going to ditch my Tomato firmware on the WRT54G v3 for openWRT or what. I need to see what kind of requirements the freeradius server has.

Some links Ive found so far:
Using RADIUS for WLAN Authentication