Categories

Links

License

Creative Commons License

Unless otherwise expressly stated, all original material of whatever nature created by and included in this weblog is licensed under a Creative Commons License.

30.12.2012

Automatic Proxy Configuration via DHCP

To avoid the timeconsuming manual configuration of a proxy server on all computers, phones and tablets, the proxy configuration can be provided automatically via DHCP by using WPAD.

For this setup, the following components are needed:

  1. A DHCP server which announces DHCP option 252 with the URL of the PAC file (wpad.dat).
  2. A webserver which serves the wpad.dat file
  3. A wpad.dat PAC file where the Proxy IP is defined

On a MikroTik system, the DHCP server configuration looks like this:

/ip dhcp-server option
add code=252 name=local-pac-server value="http://192.168.0.2:80/wpad.dat\?"
/ip dhcp-server network
add address=192.168.0.0/24 dhcp-option=local-pac-server dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24

Please note the trailing questionmark in the URL for the PAC file. This is a workaround for yet another occurrence of RFC nitpicking where some implementations might misinterpret the DHCP option and add an encoded NULL-byte character to the end of the URL when requesting the PAC file from the webserver.
With the questinmark at the end of the URL, any additional trailing NULL-byte character will be ignored by the webserver and the PAC file will be loaded just fine.

Following the example above, on the machine 192.168.0.2, we serve the following wpad.dat file:

function FindProxyForURL ( url, host ) {
	return "PROXY 1.2.3.4:8080; DIRECT";
}

With this setup, all systems will use the proxy at 1.2.3.4 and if the proxy is not available try to connect directly to the Internet.
While this is fine for a home network where the proxy is mostly used for adblocking, you probably want to remove the DIRECT part in an enterprise setup.

19:39 | Networking | Permalink

28.08.2012

Stripe CTF 2.0

Stripe: Capture The Flag

11:23 | Networking | Permalink

05.08.2012

icanhazip.com clone with nginx

Thanks to the ngx_echo module, it is trivially easy to build a clone of the icanhazip.com service with nginx:

server {
	listen 80; 
	listen [::]:80;

	location / { 
		echo $remote_addr;
	}   
}

23:58 | Linux | Permalink

How to get a Rootshell on a Cisco WAP121

The Cisco WAP121 runs a Linux based firmware. This is how you get a Rootshell on it:

  1. Login to the Web GUI of the WAP121 and enable the SSH management access
  2. Login with SSH and enter this command: sh

This probably works with the Cisco WAP321 as well (I only tested with the WAP121).
Also when having still only the one 'cisco' user account configured you can directly get a Rootshell via SSH like this: ssh -l root@<WAP121 IP>

20:02 | Networking | Permalink

31.03.2012

Artiphys 2012

After the summer festivals of Sydney, now also the festivals in Switzerland start again.
First one this year: Artiphys 2012

Artiphys 2012

Artiphys 2012

09:04 | Badges | Permalink

14.02.2012

Fix empty Puppet lsbdistcodename on Debian

While playing around with my Puppet configuration I discovered that the 'system facts' returned by the Facter helper tool were not consistent on my Debian boxes.

On some machines Facter properly reported all LSB related facts of the system, while on other machines it did not report any such information.
The problem occurred on about 50% of the hosts, so I excluded a bug introduced by manual over-tuning of the system configuration.

Further investigation showed that Facter uses the lsb_release command to collect the LSB information of the system.
On Debian this command is provided by the lsb-release package which was only installed on half of my systems...

Now my Puppet manifests include the following configuration directive which should prevent this problem in the future :-)

package { 'lsb-release':
	ensure => installed,
}

23:15 | Linux | Permalink

29.01.2012

Big Day Out

One advantage of being in Australia during the swiss winter is that you can go to music festivals in January! And so I did :-)

Last thursday I went to the Big Day Out festival in Sydney.
What is interesting compared to festivals in Europe is that in Australia the festival starts at 11 in the morning and ends at 11:45 in the evening, whereas in Switzerland festivals start around 5 in the afternoon and end around 5-6 in the morning.

I really liked the performances of Parkway Drive, Miss Kittin, Röyksopp, Bassnectar, Kasabian, Soundgarden and Regurgitator.
Also it was nice to catch a glimpse of The Jezabels, Hilltop Hoods, Kitty, Daisy & Lewis and the show of Kayne West.
A bit disapointing was the performance of Cavalera Conspiracy. They even had to fallback to popular Sepultura songs (Refuse/Resist, Roots Bloody Roots) in order to get the crowd moving. On the other hand it was lucky for me, so I got to see a live concert of Sepultura (performed by the founders of Sepultura!), something I didn't think I would ever see after Max Cavalera had left the band.
Unfortunately the last train back was before the end of the festival and so I did miss Nero.

Big Day Out branded Pineapple Drink Big Day Out Sydney Olympic Park Mainstages Big Day Out Ferris Wheel inside the 'Boiler Room' hall Miss Kittin @ Big Day Out Happy Beer @ Big Day Out Regurgitator @ Big Day Out Cavalera Conspiracy @ Big Day Out

13:28 | Music | Permalink

15.01.2012

Keren Ann

Listening to Keren Ann is just perfect when you have to work on a rainy Sunday.
Thank you Metropop for showing me her music.

12:52 | Music | Permalink

07.01.2012

Sydney

Yesterday after work we had some beers at The Local Taphouse (including some fine porter from BrewDog to increase my shareholder value) and then we went on to go out in some clubs, in shorts and flip-flops.
Astonishingly we had no problems getting inside, anywhere else in the world this would not be possible!

This morning then up again for some early surfing at Bondi before all the tourists arrive.
And now chilling in my Kammok under the trees in the frontyard :-)

Frontyard Kammok

12:33 | Misc | Permalink