Internet

xrayspx's picture

Simple location aware ssh tunneling for Chrome (Mac)

Music: 

Hall and Oates - Private Eyes (Seriously, it just came on randomly)
and really, just as I finished formatting the stupid script, Big Brother from Humanwine was playing.

This is both a nice toy to have in a Big Brother Is Watching sense, and a glaring example of why one should never log in and use a Mac (or any other system obviously) as an Administrator. Just have a Regular Guy account, and escalate to Administrator/Root when needed. For example, this tool could be inserted by a script to cause all your browsing traffic to route through a proxy server of an attackers choosing. If you're not running as an Administrator, you can't write the file without escalating. (Example of the risk, though it wouldn't help here, since there is LCE to root...goddammit Apple...)

I had a use case recently where I wanted to have multiple copies of Chromium start in different profiles and with different proxy settings. I'm getting to the point at which I don't think that's really feasible, in that any new instance will assume the proxy settings of any already running instance.

BUT, I did get some cool location aware-ish proxying set up. Since one use case involves laptops, I'd like to see it use a local proxy when I'm home, and a remote proxy when I'm not at home (hosted VPS for instance).

I'm using ssh to set up a SOCKS5 proxy, and push all traffic including DNS through the tunnel, ssh'ing to different hosts based on different local system IPs. I have it checking en0 and en1 and if their IPs match my home subnet, it ssh's to a local system, if they are anything else, it will run against a publicly hosted system to which I can ssh.

Next step is to clean up after itself, so when you run Chromium (or Chrome), it will detect IPs, ssh to the appropriate host, and connect using that tunnel. When Chromium closes, it cleans up the SSH session so it's not just hanging around.

To use - Have a local and remote host you can ssh to using keys, and which allow you to forward. On the Mac, navigate to /Applications/Chromium.app/Contents/MacOS/. Rename Chromium to Chromium-bin. Drop this script in, chmod appropriately, and name it Chromium. Now when the Chromium app is run, it runs our script to set up proxies and launch the browser:


#! /bin/bash

ip0=`ifconfig en0 | grep -v inet6 | grep inet | awk '{print $2}' | awk -F "." '{print $1"."$2"."$3}'`
ip1=`ifconfig en1 | grep -v inet6 | grep inet | awk '{print $2}' | awk -F "." '{print $1"."$2"."$3}'`

if [ -z "$ip0"  ]
  then
   if [ "$ip1" = "192.168.30" ]
     then
       ssh -C2qTnN -D 8181 username@192.168.30.241 &

       proxypid=`jobs -p`
       /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

       kill $proxypid

      else

        ssh -C2qTnN -D 8181 username@publichost.com &

        proxypid=`jobs -p`
        /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

        kill $proxypid

      fi

  elif [ "$ip0" = "192.168.30" ]
    then
      ssh -C2qTnN -D 8181 username@192.168.30.241 &

      proxypid=`jobs -p`
      /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

      kill $proxypid

  else

      ssh -C2qTnN -D 8181 username@publichost.com &

      proxypid=`jobs -p`
      /Applications/Chromium.app/Contents/MacOS/Chromium-bin --proxy-server="socks5://127.0.0.1:8181" --host-resolver-rules="MAP * ~NOTFOUND, EXCLUDE 127.0.0.1" --profile-directory=Tunnl 2>&1 /dev/null

      kill $proxypid

fi

xrayspx's picture

Name your vulns better

Music: 

George Clinton - Yank My Doodle

Drupalgeddon is silly, but at least it gets the point across that something is wrong and you must go fix it right now. Heartbleed, Shellshock, POODLE... not so much. At least we all had a heads-up that "some horrible SSLv3 attack" was coming even if no one knew specifics.

We've had enough this year already. Who wants a do-over on 2014?

xrayspx's picture

T**e *h* S**n****s B***i**G, **k* ***m b****n*.

Music: 

Xebox - Bunker Buster

This week David Lowery grumpled many of the Interbutts as he published a list of 50 "undesirable" (read: "un-licensed") music lyrics sites to target for legal action by the National Music Publishers Association (NMPA). With some major exceptions (RapGenius!), many of these sites do, in fact, suck. They're undesirable from an Internet user standpoint as well what with pop-unders and malware.

The fact is, they are worried about lost revenue from the licensing fees these guys should be paying, and the fact that lyrics sites have tons of ads, and that it follows that their owners are sitting on massive piles of cash in the Caymans. So let's go sue 'em all and get that Scrooge McDuck money silo each of them has to have. Here's a better idea, why doesn't the industry run its own goddamn lyrics sites? Well hell, I bet since we live in The Future and all, you could even track how many times someone searches for a song and give Dave Lowry his quarter of a cent per 100 impressions for Euro-Trash Girl lyrics.

The claim that it's "ripping us off as artists" is unconvincing though. If someone's reading the lyrics, you must assume they're listening or have just listened to that song, which they either own or they don't (Keep going after those pirates, I can at least see the point kind of, best of luck). Very very few songs have lyrics that merit reading on their own without music surrounding them. No one is reading the lyrics to Dr. Heckyll & Mr. Jive who isn't also listening to that song right now.

The Musician as modern Shelley is in all but the most exceptional cases disingenuous at best (Fun fact: Search for Percy Shelley on Google, and the #3 hit after Wikipedia and Poets.org is poemhunter.com, one of the NMPA's targeted sites of IP thieves). Off the top of my head, I can think of four musicians whose lyrics I could just sit and read, and even that is only a handful of songs per artist. Also off the top of my head, I can think of zero musicians whose lyrics I have just sat and read as art for its own sake.

It certainly didn't take Tennyson to write Take The Skinheads Bowling.

"Industry Sues Morons, film at eleven". Fine. "Fragile snowflake genius loses livelihood when someone can search for their lyrics for /free(!)/". Well you lost me there pal.

Attack me? Attack you.

Music: 

The computer in the top of this security video is infected with malware and is currently attacking Natalie's site. Also it's in Vietnam. There were more exciting things happening earlier, but it never occurred to me to screen grab them. Since that one sucks and is boring, here's another one of the store front. Looks like medical supplies.

I have Mexican security cameras from infected machines too, but it's night there just like it is here, so those feeds are way more boring.

xrayspx's picture

Well that was funny

Music: 

I'm no longer forwarding cookie thieves to Natalie's site. I had been fussing around trying to make IPTables block all the botnet machines, and when that didn't work, I was just using deny rules in Apache, which sucked, because my include file of blocked hosts was 100,000 or so. That's in addition to the default "Block all of China, India, Eastern Europe" rules I apply. It also sucked because I'm still serving pages and so there were tons of ESTABLISHED, FIN_WAIT1/2, etc. connections, most of which were holding open Apache processes, which was crushing my machine.

The reason IPTables wasn't working turned out to be because of the VPS solution used by 1and1. There is a hard limit of 400 rules on the host, and I can't work around that, so I can't use IPTables with huge blacklists, at least, not that I've figured out.

What I'm doing now though is to use the LimitExcept directive to only allow GET requests in the virtual host which does the rewrites for nataliecurtiss.com. So now those fuckers are all just getting 403's or, in some cases, 500's (don't know why that is).

So yeah that was fun. A case has been opened with SquareSpace, since this attack traffic was all really directed at them. And the only logical thing I can think of is that the attackers are trying to guess session cookies of site admins who aren't explicitly logged out of their site admin tools. This would let the attackers exploit any XSS inherent in code generated by SquareSpace, or use the targeted site to infect more end user machines for this botnet.

Still, it's an awful lot of trouble to go to just to get your hands on Natalie's what, 12 legitimate users per month?

Now I just have a zillion connections in TIME_WAIT, but at least my site seems quick, all my services seem to be working at full speed ahead, and I'm going to stop thinking about this shit for a while. I'm not going to bother figuring out why I can't set tcp_tw_reuse to clean up all those TIME_WAITs.

Update:
The 500's are because I didn't set an auth-type for the user to be able to POST. Well, fuck 'em, they get 500's, since I never want anyone to ever do anything but GET, everything else can DIAF.

Fixed Tags:
xrayspx's picture

It's Statistical Outlier Saturday

Music: 

This is an odd Saturday. I got up at 7:15. That's not right. I'm still not supposed to be awake yet.

My site has been having problems this morning, serving pages, running cron, delivering mail... turns out that even though I don't host Natalie's site, I do redirect "nataliecurtiss.com" to "www.nataliecurtiss.com". So far today I've served 252,974 (presumably malicious POST request) redirects to her site. She has had 975,000 page views so far this month. That's also not right.

While looking that over, I checked my flickr stats. 900 flickr views so far today on really odd referrers, like "http://www.flickr.com/photos/xrayspx/with/9093592988/", usually I do around 50-100/day, not that busy.

Right now I'm flipping a quarter until it lands on its edge. Later I'm gonna go buy some lottery tickets.

Update:

Mmmmmm, cookies, hundreds of thousands of cookies:

POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 500
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: nataliecurtiss.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: SS_MID=162751ed-f2cf-4fdd-8b7c-814881282033hiwadjls

3No6hNrnQwi3zWrY/ZWMWh2SJnHKBItrrv+v3wpU3Jd1+I0hy9KM995Po4TM8f+m
4rMZ+hJt9O4MWe5VdHOzMfFmLZsISqrff6cdnnWEIzGWS8szILditQVvkUGdB2kH
B15aLXiROS4ZZ6RZpeMgfUJbzXCwwGL5RBQcaZDKF2VnMtY8A/VnXsTo0OiT9oQ8
Prnijbzg6O9GMr2gT6sNsNCikOjqy073b8z2NbCGUaYog+1qVHgoLOgTNtRM1PFD
8Zxv4qxjHIImJDBUZPbzceycZ1qP79xVkIemkBWTLt1mu8KvuzMty9AzWyhQDi7X
3wa6vfTr4bwcZNq3zm4U8G1CxtyAJiIMVMLhVSUK/6dGELU5o8YIWiDsq6faey7G
blZlukaXQjr5OKNzklqsuL5Pcor2pAOJ7zyB/LP+z/8SttCi+XGemUo3mxdgVPjn
XKj0ArRJCIy0RvngpOabPewOdEtgSFO8Gjs=

Fixed Tags:
xrayspx's picture

Two Angles on the Country Badass

Music: 

Circle Jerks - American Heavy Metal Weekend

From Mike Ness:

To The Cramps:

I remember reading a record review for a rockabilly compilation (Which we own, and which is awesome) in which the writer claims it's disingenuous for the compilers to draw a line from 50's rockabilly to punk. He said in effect that punk owed nothin' to no one. Anyway, Johnny Cash came up followed by Hasil Adkins in iTunes just now and reminded me of that obvious music hater's review of a really good compilation. The review seems to have gone down the memory hole.

A Short list:

Sid Vicious covered an Eddie Cochran song, and it was popular.

Elvis Costello covered an an entire person. That was popular too.

The Cramps are a thing which exists

The Misfits, Ramones and Clash are also things which exist.

Jim Heath has a career.

As does Hank III.

GG Allin closes some sort of loop.

Fixed Tags:
xrayspx's picture

Hmm. So that's how it is in their family

Music: 

Shriekback - Malaria

TL;DR: Here is how to restore DJ to iTunes, as much as possible

A few months ago, Apple maliciously broke iTunes in several really specific ways, one of which was to drop the DJ functionality, which is basically how I would listen to music.

Reading a thread on JWZ's site this issue, among others, I posted my somewhat-fix for the issue. And it is. A "somewhat" fix. It acts pretty much like DJ used to act, but for two problems. You can't drag things from a window with your whole collection into your "DJ" window (Cause hey, ONLY ONE WINDOW NOW), and besides, I had to create a Smart Playlist to fix it, and you can't add to a smart playlist anyway. There is "Play Next", which I guess works.

My other main gripe with this is that when I hit Next to skip a track, usually it removes it from the top of the playlist, but often enough to annoy the fuck out of me, it doesn't, and I have to go back in and clean up the top of my list a few times a day. Worse, songs I've skipped will come back up in the mix sooner than I would otherwise want them to, since iTunes doesn't know I've skipped them.

I remember reading somewhere that there was a discussion once about how to make iTunes mark something as "Skipped", or at least what the secret parameters are that cause things not to become "Skipped". So tonight it annoyed me enough to hunt around, and of course, the very first hit was back to a different JWZ post from exactly three years ago this week, complaining about this exact skipping thing.

Of course he didn't get a satisfactory answer, because he almost never gets a satisfactory answer to exactly what he asked. It looks like if you skip between 2 and 20 seconds into the song, and don't hit pause ever, it will show as Skipped. Neat.

His Herp Derp checkbox was the only thing that made any of this sane for me in this case.

To mostly restore iTunes DJ, do the following:

Click + at the bottom left of the iTunes window and create a new Smart Playlist. I named mine "DJ-ish".

Match All of the following rules:

  • Last Played not in the last 1 days -- Or however long you want to go between repeats
  • Last Skipped not in the last 2 days -- This will make iTunes clean up most songs you skip using the Next button.
  • Limit to 100 items selected by Random -- or however many upcoming tracks you want it to pull at a time
  • Match only checked items -- Unless you want iTunes to randomly play songs you've explicitly told it you don't want to hear by un-checking them
  • Live Updating

It's pretty simple to get most of that functionality back, but you know what would have been simpler? NOT REMOVING IT.

xrayspx's picture

Facebook Hoax Denouement

Music: 

The Clash - Hateful

Of course, according to the natural law of maximum irony, my very next Facebook post resulted in this screenshot.

In my withering defense, I rate anything I read based on the relative historical trustworthiness of the writer. Ebert, Gibson, my wife, rate very high and are near-unimpeachable sources. William Gibson rated a cursory check of Google News to see that, yeah, there are other headlines from other sources telling the same story.

That said, don't do the crime if you can't do the good natured time :-)

Previously

Since Facebook sucks at telling time, the meat all happened within ten minutes of the tweet I read

Fixed Tags:
xrayspx's picture

Howto: Avoid Facebook Ridicule

As anyone who knows my Facebook history knows, the most callous hoaxes about things like sick, dying and abused children with some photo stolen from wherever makes me mildly angry at my friends for being dupes and spreading lies without thinking it through.

Invariably, when you rail them on it (semi-politely, using a private message and a link to Snopes or somesuch hoax site), they will say "But it doesn't hurt anything, it's something for people to think about"/"makes people happy"/"could happen some day".

All of that shit is false.

I don't even read this stuff anymore, if someone shares a photo with ALLCAPSMISSPELLEDPOORLYPUNCTUATEDTEXT under it, I just do this...

The attached video shows how you can take quite literally 15 seconds of your time and avoid being the One Friend. I encourage you to share it, paste it into hoax threads as they come up, show people how easy it is to not be the butt of jokes:

Fixed Tags:

Pages

Subscribe to RSS - Internet