June 27, 2013

GOLANG SSL Server and Client example

https://gist.github.com/spikebike/2232102

Below is my simple static "SSL Proxy" that listens on port 8000, and connects to another machine 10.3.0.124:443, and the proxy logs traffic both ways on screen.

To generate key.pem and cert.pem, you can use openssl, or use go team's simple program included in go package: http://golang.org/src/pkg/crypto/tls/generate_cert.go

package main
import (
        "io"
        "log"
        "net"
        "fmt"
        "os"
        "crypto/tls"
        "crypto/rand"
)

func checkError(err error) {
        if err != nil {
                fmt.Fprintf(os.Stderr, "Fatal error: %s", err.Error())
                os.Exit(1)
        }
}

/* slower, by we can print/log everything */
func myrawcopy(dst,src net.Conn) (written int64, err error) {
    buf := make([]byte, 32*1024)
    for {
        nr, er := src.Read(buf)
        if nr > 0 {
                        fmt.Printf("%s",string(buf[0:nr]));
            nw, ew := dst.Write(buf[0:nr])
            if nw > 0 {
                written += int64(nw)
            }
            if ew != nil {
                err = ew
                break
            }
            if nr != nw {
                err = io.ErrShortWrite
                break
            }
        }
        if er == io.EOF {
            break
        }
        if er != nil {
            err = er
            break
        }
    }
    return written, err
}

func myiocopy(dst net.Conn, src net.Conn){
        myrawcopy(dst, src)
        //io.Copy(dst,src);
        dst.Close();
        src.Close();
}

func handleclient(c net.Conn){
        config := tls.Config{InsecureSkipVerify: true}
        conn, err := tls.Dial("tcp", "10.3.0.124:443", &config)
        checkError(err)

        go myiocopy(conn,c)

        //io.Copy(c, conn)
        myrawcopy(c, conn)
        c.Close()
        conn.Close();
}

func main() {
        cert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
        if err != nil {
                log.Fatalf("server: loadkeys: %s", err)
        }
        config := tls.Config{Certificates: []tls.Certificate{cert}}
        config.Rand = rand.Reader
        service := "0.0.0.0:8000"
        listener, err := tls.Listen("tcp", service, &config)
        if err != nil {
                log.Fatalf("server: listen: %s", err)
        }
        log.Printf("server: listening on %s for https, connects to https://10.3.0.124:443",service)
        for {
                conn, err := listener.Accept()
                if err != nil {
                        log.Printf("server: accept: %s", err)
                        break
                }
                defer conn.Close()
                log.Printf("server: accepted from %s", conn.RemoteAddr())
                go handleclient(conn)
        }
}

June 24, 2013

Free - Remote Desktop Control Software

To sum it up: 

For business, Use LogMeIn for unattended, Join.me for attended.
For personal: Use TeamViewer.


LogMeIn The first and highest rated product in the unattended category is LogMeIn. This is a web-based service that's extremely easy to set up and use and can be accessed from any PC with a browser. The free version won't allow file transfer or remote printing but is a great solution for accessing your remote data as well as file sharing. Registration is required before using the product. It is really meant to be an 'install and leave it' kind of tool and not for the 'quick connect to help a friend' scenario.
I still very much believe that the features and speed of LogMeIn are unmet by any other product and worth the extra hassle if you have access to the other machine(s) or means to connect remotely and install it. It is free for personal and commercial use.

TeamViewer Next is TeamViewer. It is very reliable, allows both attended and unattended control and has great features. There is a portable version of the viewer if you want to use an application or they also have a web-based control site that requires no installation to remotely control computers. The web-based version uses HTML and Flash, so it is usable even if the browser or firewall doesn't allow Java or ActiveX. TeamViewer is a commercial product and is only free  for personal use. Any commercial use is prohibited by the TeamViewer use policy.

Join.MeThe fastest solution in the attended category is Join.me. Its small 1 MB download and simple security code make it very quick to establish a remote session.

MikogoThe last solution in this category is Mikogo. Mikogo is not the fastest nor is it the most reliable, but it offers the most features of any of the solutions in this article. It is a full-featured solution comparable to the commercial Citrix GotoMeeting product with features such as presenter switching, remote control, white board sharing, file sharing and session recording.

June 7, 2013

To open a page in a frame using javascript




"javascript:top.frames['framename'].location = 'filename.html';return true;"

A list of SSL/HTTPS sniffer/proxy/dump


  1. mitmproxy, written in Python, includes a ncurse-based UI, or the console-based mitmdump. Able to generate SSL certs on the fly. http://mitmproxy.org/
  2. TCPCather: http://www.tcpcatcher.org/. Looks really good.
  3. sslsniff: by the famous hacker moxie0: https://github.com/moxie0/sslsniff
  4. burp (the free version): http://www.portswigger.net/burp/proxy.html
I personally used mitmproxy to my satisfaction. 

June 6, 2013

vim regex search tips

1. $ < > does not need to be escaped.
2. [ ] & needs to be escaped
3. [a-zA-Z] sometimes can be better accepted than \a (for alphabet)
4. For replacement, & means the matched term