Configure Squid proxy for SSL/TLS inspection (HTTPS interception)

Squid proxy

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.

Squid can be configured to make SSL/TLS inspection (aka HTTPS interception) so the proxy can decrypt proxied traffic (Squid calls this feature ssl bump).

Afaik the Squid package included in the Linux distros is not compiled with SSL/TLS inspection support but the good news is that diladele (its github repo and Websafety documentation are useful resources) provides packages for Ubuntu and Centos, recompiled (you can do by yourself) with support for HTTPS filtering and SSL/TLS inspection. This means that we have just to configure Squid. Not an easy task anyway 🙂

I provide to you a working config, follow next steps.

Continue reading “Configure Squid proxy for SSL/TLS inspection (HTTPS interception)”

Ubuntu Terminator bug doubles keystrokes when broadcast option is set

Since Ubuntu 18.10 I’m experiencing a weird bug on Terminator, the terminal I use because of its broadcasting functionality.

The bug is known and tracked on launchpad but not fixed ¯\_(ツ)_/¯ so I found a quick way to fix it, enjoy!

sudo mv /usr/bin/terminator /usr/bin/terminator.SAVE
cat <<TERMINATOR > /tmp/terminator
#!/bin/bash
sh -c "DBUS_SESSION_BUS_ADDRESS='' /usr/share/terminator/terminator"
TERMINATOR
chmod 755 /tmp/terminator
sudo mv /tmp/terminator /usr/bin

#RomHack2019

Long time since last post.

#RomHack2019 attendees

I was very busy organizing the second edition of RomHack, the free cyber security conference made with ❤ by Cyber Saiyan – the non-profit organization I founded 2 years ago – that took place in Rome past 28th of September.

We had an incredible lineup with italian and international speakers coming from around the world and 400 attendees. Not just the conference; at the end of the conf 16 team played the on site Capture The Flag.

Continue reading “#RomHack2019”

Make your own phishing campaign using office macro and Powershell as simple dropper

Dave

Phishing is a common attack characterized by simplicity and effectiveness; phishing emails are used to drop malware, cryptolocker, steal credentials… and they are successfull just because Dave. I suggest reading this page to understand “the existing forms of phishing attacks and the currently available mitigations“.

Companies – hopefully – train their employees with internal phishing campaigns; in this post I show how we can build a simple office document that – once opened – sends information to an external server. We can use the document – along with Gophish or other tools – to build our own phishing campaign and test our organization exposure to phishing, teaching people and rising awareness.

Continue reading “Make your own phishing campaign using office macro and Powershell as simple dropper”

Follow and be notified of any twitter thread reply – a python twitter scraper

I use twitter to follow a lot of good feeds but often I need to follow twitter threads for new replies to have a fast and complete view of complex threads even if I’m not cited or the tweet owner.

I did some search and found a python script from @edu on github that was a good starting point. I learned that twitter API doesn’t allow to get all the replies to a tweet but can be used to search for replies to a given tweet and replies to any reply as well. Good.

So starting from @edu code I wrote Twitter Scraper, a project – made of 2 scripts

  • twitter-scraper.py to get a complete list of twitter threads replies so you can have a fast and complete view of complex threads even if you are not the owner or you are not cited in all the tweet branches [video]
  • tweet.monitor.sh to check and be notified about new twitter threads replies [video]

The project page details the usage and configuration of both scripts with examples (command line and video), so jump and test 🙂

Enjoy!

Raspberry Pi + Pi-hole: a perfect combo

Raspberry Pi 3 B+ from The Pi Hut
Raspberry Pi 3 B+ from The Pi Hut

In our SOC we use Pi-hole to block network ad-serving domains. Benefits of Pi-hole are highlited on their web site

  • Since ads are blocked before they are downloaded, your network will perform better
  • Network-level blocking allows you to block ads in non-traditional places such as mobile apps and smart TVs, regardless of hardware or OS

Pi-hole works on Linux systems and for home usage is common to install it on a Raspberry Pi device.

This is my jurney into installing Pi-hole on my Raspberry Pi. Continue reading “Raspberry Pi + Pi-hole: a perfect combo”

Enable Telegram and WhatsApp web sites behind a proxy

telegram and whatsapp
telegram and whatsapp

In this post I just show what domains you need to enable to authorize access to  telegram and whatsapp web sites behind your corporate proxy. This is useful when you need to allow – like me – just a subset of your users to access it.

Allow following Telegram domains on your proxy

  • web.telegram.org
  • vesta.web.telegram.org
  • telegram.me

Allow following WhatsApp domains on your proxy

  • web.whatsapp.com
  • dyn.web.whatsapp.com
  • w[0-9].web.whatsapp.com (from w0 to w9)
  • pps.whatsapp.net
  • mms.whatsapp.net
  • mmg-fna.whatsapp.net