Month: December 2009

Posted on

Twitter Weekly Updates for 2009-12-27

  • I appear to be tweaking. #
  • And we're back home. As I'm sure everyone will be fascinated to know. Joy. (who stole all the #uksnow ?!?) #
  • Operation keep @thegingerdog awake with coke taste test: regular – ok, diet – yuck, diet citrus – horse semen would prob taste better. #
  • No tcx078l you may not have your luggage. Pls wait more now. #
  • Waiting to board. Rowan seems determined to remain awake. Grr #
  • My last siesta, during which I dreamt of crocodiles daddy! http://twitpic.com/vbc67 (toddler) http://twitpic.com/vbc7z (dangerous sand croc) #
  • Festive sandcastle in st Agustin http://twitpic.com/vbbzd #
  • .@chairmummiaow says I'm turning into my father in law. Perhaps I need to work on the beer gut etc though. #
  • Rowan now greets people with 'hola'. He's doing better than me – "two please…. TWO PLEASE… Thanks!" #
  • Xmas nearly over. Toddler nearly asleep. Beach tomorrow and then eventually home. I miss my bed. Won't miss the bitey insect things. #
  • Getting sun burnt. Day trip a partial failure as there is f. All to do in this town and a v bored toddler. Boat trip cancelled (bad weather) #
  • At Mogan market. Can we barter. Errr no. #
  • Can you hide your feet? http://twitpic.com/uz4yy #
  • Park done. Lots of animals seen. Lovely scenery / setting. Tourist tat bought for toddles and nieces http://twitpic.com/uytzg #
  • I can't sleep… I can't talk…. Feeling hot, hot. hot…. either sunburnt face or virus :-/ palmitos park today – http://bit.ly/7ulTCH #
  • #Mtb – Good route but guide/group slow. Fed up braking. Mud scared them. Heavy rain made for interesting journey. http://free-motion.net/ #
  • Surprised how little bandwidth Twitter /fb/email are using. Must use iPhone more to get value from o2. £50 for 50mb :/. Used ~15mb so far. #
  • On bus, waiting for them to pick up other mtb'ers. Why was I the first? :-/ off to different route, like I care / know any different. #
  • Crossing fingers and hoping I can go
    Mountain biking tomorrow. Got NO kit with me, so I'll suffer and be uncomfortable. Weather permitting!! #
  • Post cards sent, toddler asleep. Weather lovely (sun, warm, wind). To the beach with the sand eater later I think. http://twitpic.com/un7b2 #
  • I eat sand. Nom nom. The parents couldn't stop laughing. http://twitpic.com/uigoa #
  • After 2.5 hours of flying, we finally had this http://twitpic.com/ugrwi thankfullyhe slept to landing despite other kids screams on descent #
  • Fyi parents – I like ice cream, but only with sprinkles AND only from mummy's bowl. http://twitpic.com/ugro5 #
Posted on

Twitter Weekly Updates for 2009-12-20

  • Xmas SMS sent to annoy lots of people. Now to find food in gatwick. #
  • Waiting in duty free. Nothing seems like a bargain or any cheaper. #
  • It's a world of fun, when you're a toddler http://twitpic.com/u5na1 #
  • Stupid car frozen on the inside too…. Hurry up holiday. Don't be closed gatwick. #
  • Snow. Paranoid wife thinking we won't get to go on holiday…. #
  • Toddler vomit; Chinese flavour. Not the best start to bed time. #
  • RT @codepo8: A single sperm has 37.5MB of DNA information in it. That means a normal ejaculation represents a data transfer of 1,587.5TB! #
  • hmm.. sugar rush…. Better not stop eating though #
  • I have an xmas biscuit addiction. #
  • Rowans ELC musical keyboard has dead keys and the microphone does not work. Great. Reminds me of my first computer – zx spectrum +2 (DOA) #
  • RT @garywkfung Ping! is FREE AGAIN! http://bit.ly/eKD52 Get your friends on Ping! iPhone-2-iPhone msging (*Please RT!*) #
  • RT @grifferz http://www.twat.me.uk/ (NSFW language, via prh) #
Posted on

Twitter Weekly Updates for 2009-12-13

  • /me hopes tonight is peaceful and uninterrupted. #
  • The toddler lost the battle. Now what do I so with no earphones on the sofa with him asleep on me? #
  • Rowan isn't too keen on the idea of sleeping :-/ #
  • Interesting 2 days training the devs behind the BBC's glow javascript library in php / zend framework etc. Now home for the weekend 🙂 #
  • Stupid woman. Trying to pay for the bus with an inadequate supply of what seems to ve 5p coins. #
  • I wish $idiot would stop trying to recover the password for gingerdog @ gmail. While I'm at it – stop using my address to signup to stuff. #
  • Well that rocked. Thanks dominion theatre and cast 🙂 #
  • We will, we will…. Rock you. (waiting for the performance to start) #
  • Well I jumped into the river, too many times to make it home, I'm here on my own, drifting all alone….. #gnr #
  • Fuckit – water bottle has leaked in my bag; laptop + adaptor appears to have escaped TFFT. 2nd time for this to happen. Had better learn! #
  • Support call with mr paranoid cookie hater *sigh*. #
  • s/Firefox/Chromium/g perhaps…. seems much quicker at least, and now has required extensions. Shame it didn't import passwords from FF. #
  • Wonders if anyone on bromsgrove freecycle passed GCSE English. #
  • My nose should win an award for the volume, various colours,range of consistencies and stamina in snot production. #fedup #wanttransplant #
  • Well at least rowan seems awake and happy this morning. #
  • My iPhone is only 4(?) months old yet the case is cracked. Think I need to encase it in something rigid. #
  • I hate post office queues #
  • Right own up! Who gave Rowan speed? He's been hyper hyper super hyper toddler since being home from nursery. #
  • Think I, or bromsgrove missed some heavy rain today. No great loss. #
  • iPhone gun app discovered. Suspect we may not get to use our phones much when we next see the nieces. (literal) Banana gun vs bazooka…. #
  • Good episode of stargate universe (s1e10). #
Posted on

Twitter Weekly Updates for 2009-12-06

  • Mcvities light chocolate digestives are rubbish. Biscuit too hard. #sundaylunchfail #
  • The instore asda radio started telling me about @asda today. Is Twitter too mainstream? Does it matter? Might as well 'subscribe' for now. #
  • Aiming a virtual kick at a London data centre. #
  • Stupid m6 and m1. All crawling #
  • Arrived in milton Keynes; I still couldn't find my way without the gps. Too many roundabouts. #
  • Number 2 is due for 11th June 2010. Now you all know. There will be no more. #
  • RT @greensql GreenSQL-FW: 1.2.0 has just been released! Now with #postgresql support. #security http://www.greensql.net/node/889 #
  • Daiseychain nursery fail. #
  • Haha <marquee> hahaha #
  • I hate hardware. Stupid motherboard with a broken SAta controller. Grrr #
  • Christmas shopping nearly complete. Thank —- #
  • Sleeping on a towel …. *sigh* stupid virus and sweat eager body #
Posted on

wapiti – web application vulnerability scanner (super quick review/intro)

Today, I finally looked at Wapiti, which is a web application vulnerability scanner. It operates on a black box basis (i.e. it doesn’t see the underlying PHP/ASP/Java source code), and effectively tries to ‘break’ any forms on a page.

In order to get it to do anything useful, you’ll probably need to provide it with a cookie file to use. Unfortunately, I couldn’t originally get the provided ‘getcookie.py’ file to work, as the application in question just posted the login form details to ” (i.e. <form action=” method=’post’>)…. after a bit of hacking I fixed this, but it took some time.

Installation is relatively easy – download the .zip file, extract it and change directory into it (e.g. cd wapiti-2.0.X)

Anyway, given we have “webapp” installed at http://orange/webapp, and we wish to test it, we might do something like the following :

  1. cd src/net
  2. python getcookie.py ~/cookie.txt http://orange/webapp/login.php
  3. Enter username/password etc as required to complete the login form
  4. Script exists, check the contents of ~/cookie.txt – it will look something like :

#LWP-Cookies-2.0
Set-Cookie3: PHPSESSID=3d20841af5de43c718732d80e5d78fe3; path=”/”; domain=”orange”; path_spec; expires=”2010-01-04 22:42:47Z”; version=0

Now we can use wapiti to test any urls ‘behind’ the login screen (as it were) :

wapiti http://orange/webapp/search.php –cookie ~/cookie.txt -v 2 -o ~/report -x http://orange/webapp/logout.php

(We need to exclude the logout page, else our session will get destroyed when wapiti spiders that page…)

Depending on how good the application is, you may see output like :

Found permament XSS in http://orange/webapp/search.php
attacked by http://orange/webapp/search.php?area=on&client_id=on&county=on with fields county=crzbl79tqr&status=x57cjl7m14&website=vk59qqbgmp&name=<script>alert(’11byq04xd1′)</script>&client_id=on&region=on

and similar for the other vulnerabilities.

If I point my web browser at file:///home/david/report I’ll see a nice HTML report listing the vulnerabilites and so on – similar to the below…

report output etc
report output etc

Wapiti appears to detect:

  • SQL Injection holes
  • Cross Site Scripting (XSS) holes
  • File inclusion (local/remote)
  • Command execution vulnerabilities
  • and others

I’m a bit annoyed I’ve only found this tool now – but also glad I’ve finally found it. I’ve been looking for something that can pick up XSS holes for ages (SQL Injection stuff I could already test using SQLMap, and ensuring I only ever used prepared statements).

Update (July 2011) – cookie file format has changed to xml – 

<?xml version="1.0" encoding="UTF-8"?>
<cookies>
  <domain name="uk">
    <domain name="co">
      <domain name="palepurple">
        <domain name="david">
            <cookie name="PHPSESSID" path="/" value="vmabdv5giph334aq33vb0add67" version="0"/>
            <cookie name="globdisc" path="/" value="yes" version="0"/>
          </domain>
      </domain>
    </domain>
  </domain>
</cookies>