Add the following config, e.g. to /etc/httpd/conf/httpd.conf:
LogLevel info authz_core:debug
then make sure to reload apache (service httpd reload) and you will find a detailed reason, why access to a resource is granted or not in the error log.
Export running virtual machine to ova file
ec2-create-instance-export-task {instance id} -e vmware -f vmdk -c ova -b {bucket name}
Source: Exporting Amazon EC2 Instances – Amazon Elastic Compute Cloud
Start virtual machine from ova file stored in AWS S3 as new EC2 instance
aws ec2 import-image --cli-input-json "{ \"Description\": \"Instance Name\", \"DiskContainers\": [ { \"Description\": \"First CLI task\", \"UserBucket\": { \"S3Bucket\": \"S2-BUCKET-NAME\", \"S3Key\" : \"FILENAME.ova\"}}]}"
Capture network packets using tcpdump via command line for later inspection with Wireshark
sudo tcpdump -i any -s 65535 -w somefilename.pcapng
Unpack part’ed tarballs
Need to unpack a bunch of files such as:
|
1 |
bigfile.tar-part0000 |
|
1 |
bigfile.tar-part0001 |
|
1 |
bigfile.tar-part0002 |
with the following command:
cat bigfile.tar-part000* | tar xzf –
which untars the part file’s contents to the current folder.
Recover sudo abilities in debian
In case you screw up your sudo functionality, e.g. by removing yourself (the entity using sudo) from the sudoers using sudo, you can fix that easily using this step-by-step guide.
Hardening Linux / Apache
Reverse engineer an iOS App with Wireshark
I read a lot of news from the 20 min online website using the 20 min online .ch app for iOS. Every now and then, people start commenting the articles (and leave behind a lot of silly comments). My goal was to get the URL where this data (the comments) is loaded from (for some unexplainable reasons :-)). As the website offers the articles as RSS feeds, the assumption was that the app will load the comments also via RSS feed.
So how to eavesdrop the network traffic between the iPhone and the Internet? The iPhone has four communication interfaces: GSM, WLAN, Bluetooth and USB (neglecting all non-networking interfaces like display, speaker, etc.). Now there must be way to eavesdrop on one of those. The WLAN was the obvious choice. Either your local router supports very detailed logging or you need to set up your computer as router and inspect the packets transferred with wireshark. So here I write about how to setup your computer as router.
1. start the linux os of your choice
In a recent version of Ubuntu, you have the ability to create a wireless network managed by your computer out of the box.
2. create a new (infrastructure mode) WLAN
3. name it however you want, for simplicity security is omited
4. get your iPhone/iPad and put it into airplane mode
Then inside the the Wi-Fi menu, switch on Wi-Fi and select the newly created WLAN (yes, we are still in airplane-mode). This forces the iPhone to route all packets through our WLAN network / we assure no data is sent using GSM.
5. start wireshark as admin (in a console run: sudo wireshark &)
Click on Capture ->; Interfaces and chose the WLAN device that communicates with the iPhone (most likely wlan0). Now, you capture all network traffic between the iPhone and the Internet.
6. start the app on the iPhone/iPad that you want to inspect
In this example, I analyzed the Facebook app for iOS. The question is, where the image data is fetched from.
As a HTTP request will do a at least an SYN, SYN-ACK, ACK for connection establishment (and further stuff) you best set the filter in Wireshark to “HTTP”. Then you only see the actual GET requests from the client and the responses from the server.
Right click a packet and chose “Follow TCP stream”:
Et voilà, we now know where the app is loading its data from:
Host: photos-f.ak.fbcdn.net (where fbcdn is most likely standing for Face Book Content Delivery Network)
GET parameter: /hphotos-ak-snc7/426768_3448505663995_658953026_t.jpg
Combining it, we end up with the following URL:
http://photos-f.ak.fbcdn.net/hphotos-ak-snc7/426768_3448505663995_658953026_t.jpg
In case SSL is used, you wont see any packets when filtering for HTTP. This means you cannot inspect any packet when the app uses SSL (meaning https instead of http), which is the very purpose of this encryption protocol.
My first open source project
I recently released my old, long-term project called survey-rocket (a simple online survey tool) to google code. I started to refactor the code to make it more readable and maintainable. Although I invested many hours, there is still a long way to go until it can be considered good code. Basically I used this project for applying all the best practices found in Clean Code.
The latest features added to the software are
- added email support for sending URLs
- added workspace reset
- after clicking “save” once, everything is autosaved
old blog post:
I am proud to announce my new webservice suRRvey.com (service moved!). It is a tool for easy survey creation. It is free and requires no sign up. It is heavily XML and XSL based and only uses AJAX for communicating with the server. It is fully implemented in Java. I am aware of some of the bugs which are still unresolved. Laeve me some feedback if you have some suggestions or you found bugs!!! Happy survey-creation!
Simple OpenCV video input/output sample
This short piece of code below captures a frame from a web cam and shows it in a window. Some simple transformations can be applied.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
#include <stdio.h> #include <highgui.h> int main(void) { //we assume, that there is only one camera CvCapture* capture= cvCaptureFromCAM(-1); IplImage* img; int loop; while(loop++<100) { cvGrabFrame(capture); // capture a frame img=cvRetrieveFrame(capture,1); // retrieve the captured frame // get the properties of the image int width = img->width; int height = img->height; int nchannels = img->nChannels; int step = img->widthStep; // setup the pointer to access image data uchar *data = ( uchar* )img->imageData; int i, j, value; int Rin, Gin, Bin; int Rout, Gout, Bout; for( i = 0 ; i < height ; i++ ) { for( j = 0 ; j < width ; j++ ) { Rin = data[i*step + j*nchannels + 0]; Gin = data[i*step + j*nchannels + 1]; Bin = data[i*step + j*nchannels + 2]; //------ begin image maniupulation ------ //one-to-one mapping //Rout=Rin;Gout=Gin;Bout=Bin; //grayscale conversion //Rout = Gout = Bout = ( Rin + Gin + Bin ) / 3; //some black and white thresholding Rout = Gout = Bout = ( Rin + Gin + Bin ) > 3*255/2 ? 255: 0; //------ end image maniupulation ------ data[i*step + j*nchannels + 0] = Rout; data[i*step + j*nchannels + 1] = Gout; data[i*step + j*nchannels + 2] = Bout; } } cvShowImage("video output", img); cvWaitKey(20); } cvReleaseCapture(&capture); return 0; } |
The code is simply compiled with:
gcc -Wall highgui_test.c -o highgui_test -lcv -I /usr/include/opencv/ -lhighgui