Oct 272013
 

As I have been dealing more and more with web page related security I have found the need for a tool that can crawl a web page and search for potential malicious data.
Many of you might already know urlquery.net and the services they provide. It is a great site which loads your web page and tries to find malicious content which might not be visible to the end user.
It does this by loading the web page in firefox, and passing the traffic through Snort, and a couple of other analysis engines. It will also create a graph over the HTTP requests as well as a and overview over the HTTP headers.

Having a real Firefox, with real plugins loading your site proves to be very useful as more and more malware is getting quite sneaky, and will only serve malware to a very limited amount of visitors to avoid detection.

All these features is gold for anyone working with web page security (eg. a hosting provider).

The only problem for me is that urlquery.net isnt open source, which means that every test I do will become public, which I might not be ready for.

I looked into Thug, but lacking a web interface/report viewing interface, I did not find it perfect enough for my use.
I had therefore to create something on my own.
This has resulted in FjoSpidie, a now Open Source Spider/Honey Client.

This spider runs Firefox through Selenium and records the traffic with tcpdump which is passed through Snort to search for known, malicious content.

Features:

  • Runs Firefox through Selenium with a custom User Agent for maximal malware hit rate.
  • Processes the traffic from the Firefox session with Snort to find potential malicious content.
  • Stores information about each request and response along with their respective headers.
  • Creates a graph over all requests made.
  • Downloads and saves downloads offered by the site.

A scan of a malicious site will look like this in the web interface:

FjoSpidie

The Web interface is based on Bootstrap 3, Perl and Catalyst MVC and will let you submit new analysis jobs, and will give you a nice overview over the reports that has been generated.

FjoSpidie can be found here: github.com/espenfjo/fjospidie
The web interface here: github.com/espenfjo/fjospidie-interface

May 092011
 

As many of you know Spotify crashes when showing the new EULA under Wine.

The “fix” is quite easy to do:

Step1: Do a clean install of Spotify under Windows
Step2: Accept the new EULA under Windows
Step3: Copy the files c:\users\\Application Data\Roaming\Spotify to ~/.wine/drive_c/users//Application Data/Spotify
Step4: Copy the files c:\users\\Application Data\Local\Spotify to ~/.wine/drive_c/users//Local settings/Application Data/Spotify
Step5: Start Spotify and crash
Step6: Start Spotify and all is good.

ps. if it doesnt work, try and copy both the windows folders, to both of the wine-application data folders.

See my other post How i made Spotify 0.4 play local mp3 files on Linux
Update: A lot of you have commented that facebook connection also have to be turned off.

Apr 272010
 

This is a very short, and “simple” explanation how i made Spotify 0.4 play local MP3 files under Linux with Wine.
I have not tested this elsewhere, and i can not guarantee that everyone has to do the same steps as me.

If you want to try my finished file you can download it here: winemp3.acm.so (x86 only)
Place it in /usr/lib/wine/ (x86) or /usr/lib32/wine/ (x64).

Or if you need to do things a tad more automatic you can try this script which will do everything automatically for the ones of you on x86: winefix.sh

For those of you who want the technical details: continue reading 🙂

You should try and skip step 3 if possible, but if Spotify just hangs and max out your CPU you should do step 3.

You can also use an hex editor to change WINE-MPEG3 to LAME-MPEG3 in /usr/lib/wine/winemp3.acm.so to try before doing the, for me, crucial step number three.

Step 1: Download the wine source code.
Step 2: run configure to create the appropriate Makefiles
Step 3: edit dlls/winemp3.acm/mpgl3.c and change the following:

if (dpos > *ndst) break;
} while (ret != MPG123_ERR && ret != MPG123_NEED_MORE);
*ndst = dpos;

To this:


if (dpos >= *ndst) break;
} while (ret != MPG123_ERR && ret != MPG123_NEED_MORE);
*ndst = dpos;

Step4: Change the following:

add->cFilterTags = 0;
add->hicon = NULL;
MultiByteToWideChar( CP_ACP, 0, "WINE-MPEG3", -1,
add->szShortName, sizeof(add->szShortName)/sizeof(WCHAR) );

To this:

add->cFilterTags = 0;
add->hicon = NULL;
MultiByteToWideChar( CP_ACP, 0, "EFO", -1,
add->szShortName, sizeof(add->szShortName)/sizeof(WCHAR) );

Step 5: Run make to compile the new codec.
Step 6: copy the codec to /usr/lib/wine/ (ubuntu atleast)
Step 7: Run Spotify and enjoy.

This worked for me, but it is not recommended as i changed some code in the MP3 library in Wine.
If you use Wine with other programs which utilizes the mpeg3 library they might break.

UPDATE 1: It seems like my hack will give some problems with automatic changing of songs. The codec does not understand that the song is finished, and will just generate noise.

UPDATE 2: Ok, new fix. This time it does infact end where it should, and continues to the next track. Step 3 is updated. Same with the binary file, and scripts.

UPDATE 3: Moved around some text in this post.