- RT @4eversleepless Safe Danger 3: "Ice". If you enjoy it, please re-tweet etc. Happy New Year! http://www.youtube.com/watch?v=DkK8IwbGZak #
- I am a mince pie seeking missile. #
- Patch, The Jack Russell illustrated his fine breeding and training by catching a partridge. Was it road kill or canine skill? #
- I must be getting out of shape – Bonzo the fat Labrador who is never walked kept up over 3-4 miles running :-/ #
- Hello 2010 #
- RT @greensql Apple.com Joined to the SQL Injected web sites.. http://bit.ly/6uoaZd #
- Snow in ld8 #uksnow #
- I seem incapable of resisting the @asda dark chocolate covered almonds. Good thing they're on offer 🙂 #
- RT @loudmouthman oooh Look the real Drobo Killer http://bit.ly/8Zn780 #
- http://www.friendsintech.com/index.php/archives/295 A Geek Xmas Story #
- I am in an igloo playing with rowan. [Un]fortunately it's not made of snow/ice. Where is the snow goddammit?… Weather forecast fail! #
- There is a distinct lack of snow here … 🙁 #
- Watching the great escape. Toddler doesn't seem impressed. #
- Just created a @rowangoodwin Twitter account so I can stop confusing people when I pretend to be him on this account. #
- My favourite Xmas toy, on it's 'rails' … It makes a great noise my parents love. http://twitpic.com/vgi2d #
- I appear to be tweaking. #
- And we're back home. As I'm sure everyone will be fascinated to know. Joy. (who stole all the #uksnow ?!?) #
- Operation keep @thegingerdog awake with coke taste test: regular – ok, diet – yuck, diet citrus – horse semen would prob taste better. #
- No tcx078l you may not have your luggage. Pls wait more now. #
- Waiting to board. Rowan seems determined to remain awake. Grr #
- My last siesta, during which I dreamt of crocodiles daddy! http://twitpic.com/vbc67 (toddler) http://twitpic.com/vbc7z (dangerous sand croc) #
- Festive sandcastle in st Agustin http://twitpic.com/vbbzd #
- .@chairmummiaow says I'm turning into my father in law. Perhaps I need to work on the beer gut etc though. #
- Rowan now greets people with 'hola'. He's doing better than me – "two please…. TWO PLEASE… Thanks!" #
- Xmas nearly over. Toddler nearly asleep. Beach tomorrow and then eventually home. I miss my bed. Won't miss the bitey insect things. #
- Getting sun burnt. Day trip a partial failure as there is f. All to do in this town and a v bored toddler. Boat trip cancelled (bad weather) #
- At Mogan market. Can we barter. Errr no. #
- Can you hide your feet? http://twitpic.com/uz4yy #
- Park done. Lots of animals seen. Lovely scenery / setting. Tourist tat bought for toddles and nieces http://twitpic.com/uytzg #
- I can't sleep… I can't talk…. Feeling hot, hot. hot…. either sunburnt face or virus :-/ palmitos park today – http://bit.ly/7ulTCH #
- #Mtb – Good route but guide/group slow. Fed up braking. Mud scared them. Heavy rain made for interesting journey. http://free-motion.net/ #
- Surprised how little bandwidth Twitter /fb/email are using. Must use iPhone more to get value from o2. £50 for 50mb :/. Used ~15mb so far. #
- On bus, waiting for them to pick up other mtb'ers. Why was I the first? :-/ off to different route, like I care / know any different. #
- Crossing fingers and hoping I can go
Mountain biking tomorrow. Got NO kit with me, so I'll suffer and be uncomfortable. Weather permitting!! #
- Post cards sent, toddler asleep. Weather lovely (sun, warm, wind). To the beach with the sand eater later I think. http://twitpic.com/un7b2 #
- I eat sand. Nom nom. The parents couldn't stop laughing. http://twitpic.com/uigoa #
- After 2.5 hours of flying, we finally had this http://twitpic.com/ugrwi thankfullyhe slept to landing despite other kids screams on descent #
- Fyi parents – I like ice cream, but only with sprinkles AND only from mummy's bowl. http://twitpic.com/ugro5 #
- Xmas SMS sent to annoy lots of people. Now to find food in gatwick. #
- Waiting in duty free. Nothing seems like a bargain or any cheaper. #
- It's a world of fun, when you're a toddler http://twitpic.com/u5na1 #
- Stupid car frozen on the inside too…. Hurry up holiday. Don't be closed gatwick. #
- Snow. Paranoid wife thinking we won't get to go on holiday…. #
- Toddler vomit; Chinese flavour. Not the best start to bed time. #
- RT @codepo8: A single sperm has 37.5MB of DNA information in it. That means a normal ejaculation represents a data transfer of 1,587.5TB! #
- hmm.. sugar rush…. Better not stop eating though #
- I have an xmas biscuit addiction. #
- Rowans ELC musical keyboard has dead keys and the microphone does not work. Great. Reminds me of my first computer – zx spectrum +2 (DOA) #
- RT @garywkfung Ping! is FREE AGAIN! http://bit.ly/eKD52 Get your friends on Ping! iPhone-2-iPhone msging (*Please RT!*) #
- RT @grifferz http://www.twat.me.uk/ (NSFW language, via prh) #
- /me hopes tonight is peaceful and uninterrupted. #
- The toddler lost the battle. Now what do I so with no earphones on the sofa with him asleep on me? #
- Rowan isn't too keen on the idea of sleeping :-/ #
- Stupid woman. Trying to pay for the bus with an inadequate supply of what seems to ve 5p coins. #
- I wish $idiot would stop trying to recover the password for gingerdog @ gmail. While I'm at it – stop using my address to signup to stuff. #
- Well that rocked. Thanks dominion theatre and cast 🙂 #
- We will, we will…. Rock you. (waiting for the performance to start) #
- Well I jumped into the river, too many times to make it home, I'm here on my own, drifting all alone….. #gnr #
- Fuckit – water bottle has leaked in my bag; laptop + adaptor appears to have escaped TFFT. 2nd time for this to happen. Had better learn! #
- Support call with mr paranoid cookie hater *sigh*. #
- s/Firefox/Chromium/g perhaps…. seems much quicker at least, and now has required extensions. Shame it didn't import passwords from FF. #
- Wonders if anyone on bromsgrove freecycle passed GCSE English. #
- My nose should win an award for the volume, various colours,range of consistencies and stamina in snot production. #fedup #wanttransplant #
- Well at least rowan seems awake and happy this morning. #
- My iPhone is only 4(?) months old yet the case is cracked. Think I need to encase it in something rigid. #
- I hate post office queues #
- Right own up! Who gave Rowan speed? He's been hyper hyper super hyper toddler since being home from nursery. #
- Think I, or bromsgrove missed some heavy rain today. No great loss. #
- iPhone gun app discovered. Suspect we may not get to use our phones much when we next see the nieces. (literal) Banana gun vs bazooka…. #
- Good episode of stargate universe (s1e10). #
- Mcvities light chocolate digestives are rubbish. Biscuit too hard. #sundaylunchfail #
- The instore asda radio started telling me about @asda today. Is Twitter too mainstream? Does it matter? Might as well 'subscribe' for now. #
- Aiming a virtual kick at a London data centre. #
- Stupid m6 and m1. All crawling #
- Arrived in milton Keynes; I still couldn't find my way without the gps. Too many roundabouts. #
- Number 2 is due for 11th June 2010. Now you all know. There will be no more. #
- RT @greensql GreenSQL-FW: 1.2.0 has just been released! Now with #postgresql support. #security http://www.greensql.net/node/889 #
- Daiseychain nursery fail. #
- Haha <marquee> hahaha #
- I hate hardware. Stupid motherboard with a broken SAta controller. Grrr #
- Christmas shopping nearly complete. Thank —- #
- Sleeping on a towel …. *sigh* stupid virus and sweat eager body #
Today, I finally looked at Wapiti, which is a web application vulnerability scanner. It operates on a black box basis (i.e. it doesn’t see the underlying PHP/ASP/Java source code), and effectively tries to ‘break’ any forms on a page.
In order to get it to do anything useful, you’ll probably need to provide it with a cookie file to use. Unfortunately, I couldn’t originally get the provided ‘getcookie.py’ file to work, as the application in question just posted the login form details to ” (i.e. <form action=” method=’post’>)…. after a bit of hacking I fixed this, but it took some time.
Installation is relatively easy – download the .zip file, extract it and change directory into it (e.g. cd wapiti-2.0.X)
Anyway, given we have “webapp” installed at http://orange/webapp, and we wish to test it, we might do something like the following :
- cd src/net
- python getcookie.py ~/cookie.txt http://orange/webapp/login.php
- Enter username/password etc as required to complete the login form
- Script exists, check the contents of ~/cookie.txt – it will look something like :
Set-Cookie3: PHPSESSID=3d20841af5de43c718732d80e5d78fe3; path=”/”; domain=”orange”; path_spec; expires=”2010-01-04 22:42:47Z”; version=0
Now we can use wapiti to test any urls ‘behind’ the login screen (as it were) :
wapiti http://orange/webapp/search.php –cookie ~/cookie.txt -v 2 -o ~/report -x http://orange/webapp/logout.php
(We need to exclude the logout page, else our session will get destroyed when wapiti spiders that page…)
Depending on how good the application is, you may see output like :
Found permament XSS in http://orange/webapp/search.php
attacked by http://orange/webapp/search.php?area=on&client_id=on&county=on with fields county=crzbl79tqr&status=x57cjl7m14&website=vk59qqbgmp&name=<script>alert(’11byq04xd1′)</script>&client_id=on®ion=on
and similar for the other vulnerabilities.
If I point my web browser at file:///home/david/report I’ll see a nice HTML report listing the vulnerabilites and so on – similar to the below…
Wapiti appears to detect:
- SQL Injection holes
- Cross Site Scripting (XSS) holes
- File inclusion (local/remote)
- Command execution vulnerabilities
- and others
I’m a bit annoyed I’ve only found this tool now – but also glad I’ve finally found it. I’ve been looking for something that can pick up XSS holes for ages (SQL Injection stuff I could already test using SQLMap, and ensuring I only ever used prepared statements).
Update (July 2011) – cookie file format has changed to xml –
<?xml version="1.0" encoding="UTF-8"?> <cookies> <domain name="uk"> <domain name="co"> <domain name="palepurple"> <domain name="david"> <cookie name="PHPSESSID" path="/" value="vmabdv5giph334aq33vb0add67" version="0"/> <cookie name="globdisc" path="/" value="yes" version="0"/> </domain> </domain> </domain> </domain> </cookies>
- Perhaps I should clean the car more often – latest 'find' a delicious ripe Banana skin http://twitpic.com/rg16o #
- Webbs 'garden centre' – where you buy christmas tat which people don't want #
- New mobile carrier – http://giffgaff.com/ – free in-network calls? #
- ASUS EeePC 900 – broken screen – extra battery+memory / spare parts? http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=170413079158 #
- Beans on toast with marmite was surprisingly good last night. What else can i do with marmite? #
- Cough cough cough …. Cough cough cough go the wife and toddler. #
- Ah. Can now sign up for spotify. It didn't like me having a 1/1/1890 DoB tho the form allows it. No error msg given. #fail #
- Hoping an excess of fruit will scare off this virus. #
- RT @garywkfung *BLACK FRI SALE* Ping! iPhone-2-iPhone messaging is free. Get your friends pinging for FREE! http://bit.ly/eKD52 #
- What a crap night. Now to run and cough my guts up. #
- I've got my tea sorted daddy! http://twitpic.com/r176k #
- Spotify clearly doesn't want my money. Stupid signup form gives no error msg feedback but keeps redisplaying itself. #fail #
- Look – proof I can cook (first time in 9+ months) http://twitpic.com/qxd11 #
- #phpuk2010 tickets bought for all employees … 26th Feb 2010 … You should be there too – http://www.phpconference.co.uk #php #london #
- wishes $previous_developer had discovered fputcsv() rather than doing a /lot/ of unsafe string concatenation("," . $foo . "," is WRONG) #php #
- Excessive screen estate ? 2×24" monitors – too much? http://twitpic.com/qv3ye #
- RT @garywkfung Ping! 1.2 now live! Includes address book, in-app purchase for sending photos and other fixes http://bit.ly/5kkUj #
- Well trains at least you picked today to be crap, rather than one where I had less leeway. #
- Hello White city. #
- Stupid signal failure is causing trouble for this train. Good thing I've got loads of 'spare' time. #
- RT @Openrightsgroup BBC: ORG supporters jump by 20% as protests grow: http://bit.ly/protestgrows #threestrikes #
- But I *had* to buy that massive bag of yummy licquorice and a triple choc muffin to have change for the bus!! #
- My way, your way, anything goes tonight……. Hmm. Need more music. #
- Confused. I thought rebooting iPhone jailbroken with blackra1n would result in it loosing jailbreak. This does not seem to be the case. :~/ #
- Pondering trying spotify for a month or two. Thoughts lazyweb? #
- Rowan is still asleep. 13 hours and counting. A new record. Shame it takes illness to cause this :-/ #
- RT @Openrightsgroup No 10 petition now stands at 6.8k sigs thanks to @stephenfry @glinner http://bit.ly/dontdisconnect #threestrikes #
- failing to jailbreak my iPhone… (3gs v3.1.2 etc). Stupid tools. #
This will end my fit of blogging diarrhea. Honest.
On Saturday, I ran to Kidderminster (21 miles in total). It went quite well, although my left thigh ached a little and I got a sore groin. Afterwards I also noticed my feet were aching on the outside of my sole (they don’t normally)….
Yesterday morning I went running again, only for 30ish minutes and found my thigh seemed worse and my right knee was unhappy too. And my lower back aches a little.
I’m wondering if my new running shoes are responsible – or if it’s just because I somehow pushed myself too far on Saturday (considering my running routine has been a mess for the last month with me rarely managing to run more than twice a week (i.e ~8-10 miles if optimistic)).
Stay tuned. Or not. Today and tomorrow will be run-free days in the hope something will repair itself.
Why do some programmers not ensure data is escaped for the right output ‘layer’… today I came across some legacy code which appends strings together to create a CSV file – it went along the lines of :
$line .= $foo . ‘”,”‘ . $bar . ‘”,”‘ . $etc…. . “\n”;
There was no attempt at escaping the data being embedded, so if it contained a ” (which I know some records do) it will/would fail (yes, one premises has “…” in it’s name, and it’s caused us problems already with similar code).
The easy answer in this instance is to use PHP’s fputcsv() function (which has been around since 5.1).
What other demons are lurking there waiting to cause trouble I wonder?
(See also my random tweet linked to this)
Today, I installed Karmic on my desktop/server at work (aka orange). It was running Debian Lenny, but with the purchase of 2 24″ monitors and my subsequent failure to quickly configure them properly, I decided to jump ship to Karmic (which I knew would work thanks to the Ubuntu LiveCD).
So, installation was pretty simple – there appeared to be a language bug in the partitioner – where the text was telling me something different to the UI, but that wasn’t a real problem, and it seemed a bit tricky selecting the right time zone – the installer was adament that I would be It took about 20 minutes to install, I think, and then it was a case of reinstalling the various services/things needed on there (apache, bind9, dhcpd, postfix, mdadm, cron jobs [poo, lost some in the move], ftpd, ssh)…
Annoyingly, dotdeb packages don’t seem to install due to dependency issues, and there’s no php5-apc package, and I’m currently stuck with php 5.2.10 (until I can find 5.2.11 packages for Ubuntu somewhere).
The monitors work perfectly – a simple GUI click was required to stop cloning and turn them into two joined together monitors.
Empathy, the new Instant Messaging client doesn’t support FacebookChat, so it’s been given the boot – and I’ve ‘reverted’ to using pidgin (which works perfectly once you upgrade to using the .deb from here).
At last, my desktop effects seem to be working – I’m using the radeon kernel module – which appears to be open source, so that’s good.
- I’m a little miffed that I can’t do alt+shift+tab to cycle backwards through the window selector, but I’ll cope.
- The ‘Windows’ key still does nothing (FFS – windows key + D to show desktop, or windows key + E to open nautilus…). Such simple usage of it would be a huge improvement from a usability point of view.
- When I get new IM messages, the ‘notification bubble’ that appears seems to persist for too long, can’t be dismissed (although at least it doesn’t interfer with any windows you may have open already)
- The mess ‘they’ have made with /etc/ldap/slap.d; I can’t figure out how I’m meant to be able to configure this, so I copied my old slapd.conf file into place and changed the /etc/default/slapd file
- Have problems ssh’ing to some external servers, with useless messages like “Max number of auth attempts exceeded”. I’m assuming this is somehow related to ssh trying every possible ssh key in ~/.ssh (is this new behaviour?). Oddly one lenny server has no problem – another won’t let me in, unless I go via a third party and don’t do authentication agent forwarding (-a).
- pulseaudio is spamming /var/log/syslog with messages like :
Nov 25 21:17:01 orange pulseaudio: main.c: Module load failed.
Nov 25 21:17:01 orange pulseaudio: main.c: Failed to initialize daemon.
Nov 25 21:17:01 orange pulseaudio: main.c: Daemon startup failed.
I’ll guess this is file ownership related, as I dropped my old passwd and group files over the top of the ‘new’ Ubuntu ones. So far, however I’ve not found which file is to blame… reinstalling the package might be an option.
- Zero configuration of attached hardware (network card, graphics card etc)
- Monitors just work 🙂
- Almost the config files from the previous install (Lenny) can be dropped in and work
- Still debian like, so I know what to do
- Finally ‘service $foo start|stop|etc’ is available
- Pretty quick booting; I think.
- Like the new login screen, and default backgrounds
- UbuntuOne – had a quick meddle with this, better Nautilus integration could be achieved, but it’s not bad and seems easy to use. Not sure what I’ll use it for however….
So.. that was 2-3 hours of my morning wasted. Now I’m obviously so much more productive with massive(?) monitors…. and funky desktop effects.