Socks 5 client support for twisted

Posted on Mi 05 Februar 2014 in Programming • Tagged with Python, Twisted, Socks5, Programming, SecurityLeave a comment

I recently forked twisted-socks to add SOCKS 5 support for my GoogleScraper in order to scraper Google pages asynchronously. Obviously I needed SOCKS5 support to anonymize the parallel requests such that I can scrape more pages simultaneously.

I tested the code for SOCKS4 and SOCKS4a with a local TOR proxy and twistd -n socks and the SOCKS5 protocol with the dante socks proxy server on my VPS. So I guess the basic functionality should be working by now. GSSAPI (Kerberos) support is planned.

Here is the socksclient code, which is ...

Continue reading

Wordpress comment form with bootstrap v3.0.2

Posted on Fr 08 November 2013 in Programming • Tagged with Bootstrap, Comment, Programming, Form, WordpressLeave a comment

Hey everybody!

In this short article I will explain how I designed my wordpress theme's comment section with bootstrap 3.0.2. For the most recent changes, you find my theme on github. If you want to see a live demo, just inspect the comment form on this site. It uses exactly this bootstrap styled form I am discussing here.

In order to follow the content's of this blog post, you should have basic experience with PHP and HTML/CSS.

The Problem

The tricky question here is, whether ...

Continue reading

A tale of a twofold broken wordpress captcha plugin

Posted on Mo 04 November 2013 in Programming • Tagged with Captcha, Security, Programming, ExploitLeave a comment

Last Edit (Effective: 7th November 2013)

It seems like the plugin authors updated the security of the plugin. All the bottom blog entry deals with version 3.8.7. In this new paragraph, I will look whether these recent updates to version 3.8.8 added the necessary security to prevent conducting an...

  • Attack vector one: Parsing the captcha logic.
  • Attack vector two: Reversing the decode() function and just reading the solution from the hidden fields.

Let's get started:

At line 942 of the plugin code (The start of ...

Continue reading

No 2. - flash-album-gallery: persistent XSS exploitet with help of XSRF leading to remote code execution.

Posted on Sa 27 Juli 2013 in Programming • Tagged with Exploit, Programming, Bug, Security, Xss, RceLeave a comment

PLUGIN: http://wordpress.org/plugins/flash-album-gallery/
AFFECTED VERSION: 3.01
DOWNLOADS: 840,714
RISK: MEDIUM/HIGH

The following blog post addresses a critical (chain) of security issues in the version 3.01 of flash-album-gallery
which eventually leads to remote code execution. The exploit is not completely automatically and needs a minimal amount
of social engineering. Nevertheless I rate the danger at a medium/high level {Probably even worse than a fully automatable SQL injection).

First of all, I need to say that the plugin code lacks a fair amount of ...

Continue reading

Create anonymous identites with fakenamegenerator.com and Python

Posted on Do 30 Mai 2013 in Programming • Tagged with ProgrammingLeave a comment

Introduction

Woah, it has been a hell of a long time since I posted my last contribution (I feel like I always begin my blog post with these introductory words). However, today I want to show you how to forge random identites with a site called fakenamegenerator.com. I use Python 3 and a unoffical branch of socksipy,  a nice module which enables you to tunnel TCP/IP streams through a remote server, commonly used to disguise your real IP address. There are three availabe modes, SOCKS4, SOCKS5 and HTTP ...

Continue reading

GoogleScraper.py - A simple python module to parse google search results.

Posted on So 06 Januar 2013 in Programming • Tagged with Google, Scraping, Programming, SecurityLeave a comment

UPDATE on 18th February 2014:

This python module has now its own github repository!

The plugin can extract

  • All links
  • Link titles
  • The description/caption below the links

and has the following features:

  • Advanced proxy support for SOCKS4/4a/5 and HTTP PROXY
  • Multithreading
  • XPATH parsing
  • Supports almost all search parameters

Please note that this is by no means a permanent version! Heavy structural changes will be implemented in the near future (I'll experiment with asynchronous networking for instance). But on this site, I will always host a working ...

Continue reading