Intercepting Outbound DNS Queries (BASH)

I run a DNS server within my LAN, which overrides certain domains/zones (for things like adblocking etc), as well as allowing me to monitor for signs of malware etc.

Some devices and apps, though, insist on ignoring the DHCP provided DNS server and instead use Google's public DNS service. Rather than letting these queries sneak out, I opted to intercept them at the router

It's also useful, in some cases, when pentesting as it allows you to demonstrate the ability to use a router as a pivot point to silently send traffic to your "malicious" DNS server

This snippet details how to intercept and redirect DNS queries using iptable's NAT table on Linux

Read more…

Handle Google Verification files within NGinx Configuration (NGinx)

When adding a site to Google's Webmaster tools (or analytics etc), they'll usually ask you to publish a verification file - and to leave it there.

I run a distributed edge, which means a request back to origin whenever Google decides to check my verification file is still there - not a massive overhead, but still feels wasteful. I handle select other resources at the edge too, so decided to have NGinx generate a response directly rather than fetching a file from origin

This snippet shows how to generate a HTTP 200 response and set the body content from with NGinx's configuration - you can do this for any file, but I'd only ever use it for very small static files personally

Read more…

Getting WhatsApp Rich Snippet Previews Working (Misc)

This is something that catches me out from time to time, as I have to worry about it so infrequently. When setting up Opengraph metadata on a new site, snippets might display correctly on Facebook's Opengraph debugger but when you share a link on WhatsApp you don't get a link preview (or do and the image is missing).

The metadata required is listed below, but 9 times out of 10 it's because I've not included itemprop="image" on the og:image declaration (something which Facebook's OG debugger won't flag).

Read more…

FFMPEG - Convert WebM (or other) to X264 (BASH)

There are a lot of video codecs out there, and some of them are far, far more efficient than H.264. But, as efficient as HEVC or WebM might be, they're frustrating to stumble across if your playback device is a Raspberry pi which has neither the hardware support, nor the processing capabilities required to deal with those codecs without stuttering

It is, however, incredibly simple to convert to X264 with ffmpeg, the below snippet creates a utility script to do so by just passing in the input filename and the destination file to create

Read more…

Enable the Key-ID FIDO-U2F token on Linux (Misc)

Key-Id's FIDO U2F token is a (very) small conveniently sized 2nd factor token, supporting FIDO U2F for 2FA/SSV on various sites. I find it a useful accompaniement to my Yubikey

In order to be able to use it with U2F on Linux though, you'll probably need to add a udev rule so that the device is correctly detected. This documentation details the rule to use.

For reference, this is the detail provided for these dongles by lsusb

Bus 001 Device 031: ID 096e:0850 Feitian Technologies, Inc. 
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               1.10
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        64
  idVendor           0x096e Feitian Technologies, Inc.
  idProduct          0x0850 
  bcdDevice           53.01
  iManufacturer           1 FS
  iProduct                2 ePass FIDO
  iSerial                 0 
  bNumConfigurations      1

Read more…

Dumping MySQL query results out to a CSV (MySQL)

Sometimes, you want to query a database and dump the result out to a CSV so that you can process the results with simple text tools like awk and sed.

This post shows you how to tell MySQL to write the results of a query out to a named file in CSV format, as well as how to deal with an increasingly common error response when secure files is enabled

Read more…