Espen Fjellvær Olsen

Oct 272013
 

As I have been dealing more and more with web page related security I have found the need for a tool that can crawl a web page and search for potential malicious data.
Many of you might already know urlquery.net and the services they provide. It is a great site which loads your web page and tries to find malicious content which might not be visible to the end user.
It does this by loading the web page in firefox, and passing the traffic through Snort, and a couple of other analysis engines. It will also create a graph over the HTTP requests as well as a and overview over the HTTP headers.

Having a real Firefox, with real plugins loading your site proves to be very useful as more and more malware is getting quite sneaky, and will only serve malware to a very limited amount of visitors to avoid detection.

All these features is gold for anyone working with web page security (eg. a hosting provider).

The only problem for me is that urlquery.net isnt open source, which means that every test I do will become public, which I might not be ready for.

I looked into Thug, but lacking a web interface/report viewing interface, I did not find it perfect enough for my use.
I had therefore to create something on my own.
This has resulted in FjoSpidie, a now Open Source Spider/Honey Client.

This spider runs Firefox through Selenium and records the traffic with tcpdump which is passed through Snort to search for known, malicious content.

Features:

  • Runs Firefox through Selenium with a custom User Agent for maximal malware hit rate.
  • Processes the traffic from the Firefox session with Snort to find potential malicious content.
  • Stores information about each request and response along with their respective headers.
  • Creates a graph over all requests made.
  • Downloads and saves downloads offered by the site.

A scan of a malicious site will look like this in the web interface:

FjoSpidie

The Web interface is based on Bootstrap 3, Perl and Catalyst MVC and will let you submit new analysis jobs, and will give you a nice overview over the reports that has been generated.

FjoSpidie can be found here: github.com/espenfjo/fjospidie
The web interface here: github.com/espenfjo/fjospidie-interface

May 092011
 

As many of you know Spotify crashes when showing the new EULA under Wine.

The “fix” is quite easy to do:

Step1: Do a clean install of Spotify under Windows
Step2: Accept the new EULA under Windows
Step3: Copy the files c:\users\\Application Data\Roaming\Spotify to ~/.wine/drive_c/users//Application Data/Spotify
Step4: Copy the files c:\users\\Application Data\Local\Spotify to ~/.wine/drive_c/users//Local settings/Application Data/Spotify
Step5: Start Spotify and crash
Step6: Start Spotify and all is good.

ps. if it doesnt work, try and copy both the windows folders, to both of the wine-application data folders.

See my other post How i made Spotify 0.4 play local mp3 files on Linux
Update: A lot of you have commented that facebook connection also have to be turned off.

Dec 272010
 

I have lately noticed that my Ubuntu crash when unplugging the power cord from my Laptop. This seemed to have something with the disk or disk controller since i would get ATA and file system kernel oops, and eventually a full crash.

After a bit testing i found that this came from acpid calling pm-utils (power management utilities) when unplugging the power cord.
A bit more testing revealed that it was the sata_alpm script which was the problem.
From the sata_alpm file it says it does the following:

This hook tries to save power by allowing SATA controllers to
reduce power usage when the SATA subsystem is otherwise idle.
This adds a little bit of latency to drive accesses in
exchange for moderate power savings if you are not using the drive.

I was able to circumvent this issue by doing sudo touch /etc/pm/power.d/sata_alpm.
Immediately after this i am able to unplug my power cord just as i please.

I have not given any time to solving the underlying cause for the freeze in the first time, as this lies in the part of the kernel telling the OS and file system that the drive has gone away sleeping.

Some information about the commit causing this problem: http://kerneltrap.org/mailarchive/git-commits-head/2009/12/8/15922

Apr 272010
 

This is a very short, and “simple” explanation how i made Spotify 0.4 play local MP3 files under Linux with Wine.
I have not tested this elsewhere, and i can not guarantee that everyone has to do the same steps as me.

If you want to try my finished file you can download it here: winemp3.acm.so (x86 only)
Place it in /usr/lib/wine/ (x86) or /usr/lib32/wine/ (x64).

Or if you need to do things a tad more automatic you can try this script which will do everything automatically for the ones of you on x86: winefix.sh

For those of you who want the technical details: continue reading 🙂

You should try and skip step 3 if possible, but if Spotify just hangs and max out your CPU you should do step 3.

You can also use an hex editor to change WINE-MPEG3 to LAME-MPEG3 in /usr/lib/wine/winemp3.acm.so to try before doing the, for me, crucial step number three.

Step 1: Download the wine source code.
Step 2: run configure to create the appropriate Makefiles
Step 3: edit dlls/winemp3.acm/mpgl3.c and change the following:

if (dpos > *ndst) break;
} while (ret != MPG123_ERR && ret != MPG123_NEED_MORE);
*ndst = dpos;

To this:


if (dpos >= *ndst) break;
} while (ret != MPG123_ERR && ret != MPG123_NEED_MORE);
*ndst = dpos;

Step4: Change the following:

add->cFilterTags = 0;
add->hicon = NULL;
MultiByteToWideChar( CP_ACP, 0, "WINE-MPEG3", -1,
add->szShortName, sizeof(add->szShortName)/sizeof(WCHAR) );

To this:

add->cFilterTags = 0;
add->hicon = NULL;
MultiByteToWideChar( CP_ACP, 0, "EFO", -1,
add->szShortName, sizeof(add->szShortName)/sizeof(WCHAR) );

Step 5: Run make to compile the new codec.
Step 6: copy the codec to /usr/lib/wine/ (ubuntu atleast)
Step 7: Run Spotify and enjoy.

This worked for me, but it is not recommended as i changed some code in the MP3 library in Wine.
If you use Wine with other programs which utilizes the mpeg3 library they might break.

UPDATE 1: It seems like my hack will give some problems with automatic changing of songs. The codec does not understand that the song is finished, and will just generate noise.

UPDATE 2: Ok, new fix. This time it does infact end where it should, and continues to the next track. Step 3 is updated. Same with the binary file, and scripts.

UPDATE 3: Moved around some text in this post.

Apr 062009
 

For some time now i have been searching for a way to use the GPS on my Windows Mobile HTC Touch Diamond on Linux.

I tried several solutions to make it communicate and send raw NMEA output to the Linux gps-daemon.
Even wrote some small programs to read directly from the raw serial port on the HTC, but that was just crashing.
Then i found gps2blue which is a small program running under Windows Mobile and reading raw data from the GPS, and sending the data either over TCP/IP or Bluetooth.
Since my main laptop doesn’t have Bluetooth i use the TCP/IP options. Here, there are several choices how to connect the phone to your computer. Either by using RNDIS and a USB cable, or WIFI network.
You can even create a AD HOC network on Linux and have the phone and computer communicate where there are no other available WIFI network.

But then again i had the problem of getting gpsd to read that data, since gpsd mainlyread its data from a serial device.
I searched a bit around and found a tool called socat
Description: multipurpose relay for bidirectional data transfer
Socat (for SOcket CAT) establishes two bidirectional byte streams
and transfers data between them. Data channels may be files, pipes,
devices (terminal or modem, etc.), or sockets (Unix, IPv4, IPv6, raw,
UDP, TCP, SSL). It provides forking, logging and tracing, different
modes for interprocess communication and many more options.
.
It can be used, for example, as a TCP relay (one-shot or daemon),
as an external socksifier, as a shell interface to Unix sockets,
as an IPv6 relay, as a netcat and rinetd replacement, to redirect
TCP-oriented programs to a serial line, or to establish a relatively
secure environment (su and chroot) for running client or server shell
scripts inside network connections.

So to use this with gps2blue i ran the following command socat tcp4-listen:31873 pty This will create a new device in /dev/pts/.
Atleast with my udev enabled ubuntu.

Then i could fine run gpsd /dev/pts/3 and use what client i wanted.

The same principle also works on Windows, but there you need to use HW VSP instead of socat.

Apr 042009
 

I have for a long time now been thinking about upgrading my HTC Touch Diamond to Windows Mobile 6.5, and have been watching several custom cooked rooms over at XDA.
I am currently using this This build, but already looking at some newer ones.

Windows Mobile 6.5

Windows Mobile 6.5

The upgrade went flawlessly, and rolling back the backup made from Sprite Backup also worked flawlessly. Yay!

As you see from the picture above the new main Today plugin is quite more organized than Manilla3D. You get a nice, clear overview over new messages, the time, emails, appointments, the calendar and more.