Blog Archives
#MacOsX : SSH SOCKS Proxy (SSH Tunnel Web Traffic)
After PRISM scandal you may feel the need to secure your connection and protect your privacy. Then it is a good idea to tunnel web traffic through a secure encrypted connection. This allows your traffic to traverse a local network without being visible to snoopers, even when visiting unencrypted web sites.
What you need:
- a modern browser like Firefox, Chrome or Safari (they support SOCKS4 protocol)
- ssh client (already installed in Mac Os X)
- a shell account (with ssh access)
If you don’t have a shell account, you can find a free one HERE, or HERE, or HERE, or HERE.
To start the local proxy type:
ssh -D PORT user@hostwhere PORT is a local port between 1024 and 65535 (they do not require super user privileges), user is the username at the remote machine, and host is the identifier of the remote host.
That’s not enough, you need to configure the system to use the proxy. Go to System Preferences > Network > [select active interface] > Advanced... > Proxies and check SOCKS Proxy.
Then modify SOCKS Proxy Server info to use the PORT you chose before.
That’s it! From now on all connections on the active network interface will be tunneled through the proxy. 😎
NOTE1: you may want use proxy browser settings instead of system wide proxy settings, so you can tunnel only part of the traffic (e.g. the most sensitive one). This is easy, but the procedure slightly change between different browsers.
NOTE2: you may need to add the option -p HOST_PORT if the remote host doesn’t use the standard ssh port 22, e.g.:
ssh -D PORT user@host -p 666#MacOsX : Show Hidden Files and Folders
In *NIX systems file and folders beginning with a dot (e.g., .name) are not visible in the Finder (also known as file browser). Since Mac Os X it’s a certified UNIX that’s also the case. If you use the terminal you can use the command:
ls -aHowever, most people will use regular Finder. To enable view of hidden files in the Finder use this command:
defaults write com.apple.finder AppleShowAllFiles -bool TRUEand then restart the finder with the following command:
killall FinderTo revert the changes use the same command, but replace TRUE with FALSE.
#MacOsX : Web Hacking with Burp Suite
This is a legendary tool developed by the author of The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws (2nd edition).
Unfortunately there is no native Mac Os X version but Corsaire packed one. Since they updated the site, the link to download it provided in the aforementioned book is broken, so I will provide a new working one of the recently released version 1.5 1.6 of Burp Suite Free.
All rights reserved to Corsair and Portswigger.
The version at this link
DOWNLOAD HERE
is now outdated (it also requires JDK 6, which is no longer supported).
A free binary version for Mac OS has been made available:
Burp Suite Free Edition
See also here for a [much less powerful] alternative.
#Firefox : URL Keyword for Search Engines
Most browsers allow search to default search engine in address bar, but what if you want a different engine? You can switch on the right box, choose one and then start the search.
That’s suck!
So you can try this:
- click the little arrow in the search engine box to open the drop down menu.
- select Manage Search Engines…
- select an engine and then click on Edit Keyword…
- add the keyword you prefer and then click OK
From now on, if you want make a search with the engine in the URL bar, construct your research like:
keyword query
Examples:
wiki power law distribution
answer AAPL growth
twitter Barack Obama
NOTE: if your keyword doesn’t work and your query is answered by the default search engine, try to change it! I have noticed that if you use the name of the service (e.g., Wikipedia, Yhaoo) most of the time the keyword doesn’t work. 😦
#Firefox & #Chrome : Fast Email Composer
If you are a pro, you know, you use the keyboard to do most of the work, right?
Then why click to open the mail client or a new compose window when you can do it in less then 10 character:
type
mailto:
in the address bar of your browser and let’s the magic happen! 😎
whitehatty 