teenage mutant ninja hero coders

Find the URLs of HTTP requests rtouted through your machine with this python snippet:

import pcap, time, sys

p = pcap.pcapObject()
net, mask = pcap.lookupnet("xl1")
p.open_live("xl1", 1600, 0, 100)
p.setfilter("tcp port 80 or port 8080 or port 3128" , 0, 0)

dupecache = {}

def print_deduped(data):
    if data not in dupecache:
        print data
        sys.stdout.flush()
    dupecache[data] = time.time()

def print_packet(pktlen, data, timestamp):
    if not data or pktlen > 1400:
        return
    # remove minimum IP / TCP header
    data = data[54:]
    pos = data.find("GET")
    if pos < 0:
        pos = data.find("HEAD")
    if pos < 0:
        return
    data = data[pos:]
    l = data.split("\n")
    reqstr = l[0]
    reqstr = reqstr[reqstr.find(" ")+1:reqstr.rfind(" ")]
    if reqstr[:1] != "/":
        reqstr = "/%s" % reqstr
    host = referer = None
    for x in l:
        if x.startswith("Host: "):
           host = x[6:].strip()
        if x.startswith("Referer: "):
           referer = x[9:].strip()
    if not reqstr.endswith(".gif") and not reqstr.endswith(".jpg") and \
        not reqstr.endswith("css") and not reqstr.endswith("js") and \
        not reqstr.endswith("swf"):
        print_deduped("http://%s%s" % (host, reqstr))
    if referer:
        print_deduped(referer)

while 1:
    p.loop(1, print_packet)

Posted in c0re, hack the planet! | No Comments »

grep -rh http:// \
~/Library/Application\ Support/Shrook2/Channels \
~/Library/Safari/History.plist \
~/Library/Safari/Bookmarks.plist \
~/Library/Mail/Mailboxes/ \
~/Library/Application\ Support/NetNewsWire/Cache* \
| perl -npe 's|http://|\nhttp://|g;s|[ ><"#}]+|\n|g;' | \
grep http:// | sort -u -r

Posted in c0re, hack the planet! | No Comments »

Just learned that you can’t encode Control Characters in UTF-8. Which makes xml-rpc extremely fragile, unless you go for binary encoding all the time, which makes it again extremely uncomfortable.

Posted in c0re | No Comments »

I love all the extensions for Firefox. Especially dozens of tools facilitating pen-testing and slogger to keep what I once have seen.

Now there is a coming up a whole slew of Safari Extensions: Safari Extender, CutX for Safari, LiveDictionary and the somewhat more established Pith Helment.

While all of the stuff seems to be commercial software the author of Pith Helmet is giving out the source – possibly a good starting point.

Posted in c0re | No Comments »

Posted in c0re, this is broken | No Comments »

Posted in c0re | No Comments »

Posted in c0re, this is broken | No Comments »

In a promotional mail by Miles & More there was the usual “click here to be removed” link. Clicking there the day after the mail arrived gave an “link not any longer valid” error message.

Posted in c0re | No Comments »

Posted in c0re | No Comments »

Posted in c0re | No Comments »