Socks 5 client support for twisted

Posted on Mi 05 Februar 2014 in Programming • Tagged with Python, Twisted, Socks5, Programming, Security

I recently forked twisted-socks to add SOCKS 5 support for my GoogleScraper in order to scraper Google pages asynchronously. Obviously I needed SOCKS5 support to anonymize the parallel requests such that I can scrape more pages simultaneously.

I tested the code for SOCKS4 and SOCKS4a with a local TOR proxy and twistd -n socks and the SOCKS5 protocol with the dante socks proxy server on my VPS. So I guess the basic functionality should be working by now. GSSAPI (Kerberos) support is planned.

Here is the socksclient code, which is …


Continue reading

Wordpress comment form with bootstrap v3.0.2

Posted on Fr 08 November 2013 in Programming • Tagged with Bootstrap, Comment, Programming, Form, Wordpress

Hey everybody!

In this short article I will explain how I designed my wordpress theme's comment section with bootstrap 3.0.2. For the most recent changes, you find my theme on github. If you want to see a live demo, just inspect the comment form on this site. It uses exactly this bootstrap styled form I am discussing here.

In order to follow the content's of this blog post, you should have basic experience with PHP and HTML/CSS.

The Problem

The tricky question here is, whether we can …


Continue reading

A tale of a twofold broken wordpress captcha plugin

Posted on Mo 04 November 2013 in Programming • Tagged with Captcha, Security, Programming, Exploit

Last Edit (Effective: 7th November 2013)

It seems like the plugin authors updated the security of the plugin. All the bottom blog entry deals with version 3.8.7. In this new paragraph, I will look whether these recent updates to version 3.8.8 added the necessary security to prevent conducting an...

  • Attack vector one: Parsing the captcha logic.
  • Attack vector two: Reversing the decode() function and just reading the solution from the hidden fields.

Let's get started:

At line 942 of the plugin code (The start of the …


Continue reading

No 2. - flash-album-gallery: persistent XSS exploitet with help of XSRF leading to remote code execution.

Posted on Sa 27 Juli 2013 in Programming • Tagged with Exploit, Programming, Bug, Security, Xss, Rce

PLUGIN: http://wordpress.org/plugins/flash-album-gallery/
AFFECTED VERSION: 3.01
DOWNLOADS: 840,714
RISK: MEDIUM/HIGH

The following blog post addresses a critical (chain) of security issues in the version 3.01 of flash-album-gallery
which eventually leads to remote code execution. The exploit is not completely automatically and needs a minimal amount
of social engineering. Nevertheless I rate the danger at a medium/high level {Probably even worse than a fully automatable SQL injection).

First of all, I need to say that the plugin code lacks a fair amount of …


Continue reading

Create anonymous identites with fakenamegenerator.com and Python

Posted on Do 30 Mai 2013 in Programming • Tagged with Programming

Introduction

Woah, it has been a hell of a long time since I posted my last contribution (I feel like I always begin my blog post with these introductory words). However, today I want to show you how to forge random identites with a site called fakenamegenerator.com. I use Python 3 and a unoffical branch of socksipy,  a nice module which enables you to tunnel TCP/IP streams through a remote server, commonly used to disguise your real IP address. There are three availabe modes, SOCKS4, SOCKS5 and HTTP …


Continue reading

GoogleScraper.py - A simple python module to parse google search results.

Posted on So 06 Januar 2013 in Programming • Tagged with Google, Scraping, Programming, Security

UPDATE on 18th February 2014:

This python module has now its own github repository!

The plugin can extract

  • All links
  • Link titles
  • The description/caption below the links

and has the following features:

  • Advanced proxy support for SOCKS4/4a/5 and HTTP PROXY
  • Multithreading
  • XPATH parsing
  • Supports almost all search parameters

Please note that this is by no means a permanent version! Heavy structural changes will be implemented in the near future (I'll experiment with asynchronous networking for instance). But on this site, I will always host a working version …


Continue reading