100% Private Proxies – Fast, Anonymous, Quality, Unlimited USA Private Proxy!
Get your private proxies now!
I’m working on a project using EntityFramework with SQL Database, a WCF Service and a WPF Client wich consumes the Service, i want to use the MVVM pattern. After a lot of thinking i ended up with this architecture, would this be a good and safe approach for this project?
Working on 2 layer security in the cloud (AWS). Have multiple clients pushing files to S3 document storage which are then retrieved by one EC2 instance.
Multiple external customers each requiring their own encryption (PUT files to S3). Have 1 internal instance that must be able to GET files from S3 and decrypt.
How can we manage multiple keys in an easy way?
3 legs of our problem
Is it possible for each client to encrypt (CSE), transport and then decrypt by S3 which then encrypts (SSE)? Any other thoughts or references that might help?
I’m having some difficulties debugging this error. I’m running nginx as an api gateway built to make a sub-request to kerberos whenever an endpoint gets called using the SPNEGO method. But whenever I attempt to make a requests with TGS ticket in the header I get the error TCP client 192.168.112.4.51658 wants 1195725856 bytes, cap is 1048572 then the connection closes.
I’ve tried printf "\xff\xff\xff\xff" | netcat krb_address 88 and it triggers the above error and if an instance of \xff is removed then no error.
What I’m struggling with figuring out is:
I’ve never worked with nginx and kerberos before so not sure of any better questions I could be asking other then the basics.
Some insight into previous experience with this error or perhaps some additional techniques I could use to uncover some more insights into what is causing the error would be very much appreciated!
Is it possible to force a client (browser or host machine or etc) to only make https connections to a specific URL/domain?
(preferably non-admin/root fixes if possible)
Here is a fabricated scenario:
Lets say someone hosted a website, and they didn’t put in an http -> https redirect and the web-server is serving requests on both 80/443 http/https respectively.
We are the client machine we work at a company and they wont fix the web-server for one reason or another. We do not have other machines to use as a proxy and have no control over the network. Now we could just make a bookmark (or other form of workflow that forces our actions to always reach https) but there has to be a way built in to browsers that can, say, “Do not connect to this domain/url unless using this protocol”.
This would be my preferred approach if possible.
This is very frustrating for people who are security focused as accidentally hitting the http version will leak your session ID and if you login there RIP password.
I searched online but surprisingly found nothing.
I have an employer-provided Google Drive account with almost 1 TB of data on. Basically everything I work on is on the Google Drive. It functions as a sort of live backup. Also, I’m running Ubuntu.
Now, back in the days on Windows, there was a Google Drive client that synced selected folders to my hard drive, which worked great, because I didn’t have to wait for the client to download every single file when opening them.
Currently on Ubuntu, I’m using google-drive-ocamlfuse which is real steady, but extremely slow.
So I was thinking about using a syncing tool, e.g. unison, to sync files from my google-drive-ocamlfuse folder to a regular folder, so I can access files on the fly, but still have them uploaded to my Google Drive “live”.
Is this a great idea, or a prescription for disaster?
I am trying to execute an attack that requires a full-duplex MiTM position. This is the reason why I choose to use Ettercap. I have picked DHCP spoofing as the attack of choice.
The problem that I am facing is that Ettercap executes the attack as half-duplex, meaning that I can only intercept messages coming from the client. I also want to intercept the messages coming the other way i.e. I need a full-duplex MiTM.
From what I understand, Ettercap acts as a gateway router in this scenario. The client thinks that I am the gateway so it sends me a request whose destination is not on the subnetwork, expecting that I will forward the layer 3 packet appropriately. Ettercap does this. However, when the response is received by the actual gateway router, it sends it immediately to the client (victim) because that is where the request packet originated from (source IP). This is shown in Figure 1.
What I basically want is to stop Ettercap from doing anything after the initial DHCP spoofing attack. Then I will add my own script that will make the same request as the client did, effectively acting like a forward proxy. This way, when the response is received by the actual gateway router, it will be sent to me. Then I can change things as I like and forward the changed response to the client. This is shown in Figure 2.
I hope that everyone understands what I meant to say. Does anyone know how this can be achieved?
Thank you! Cheers.
I’m actually wondering what are the pros and cons of these two ways to handle client side validations / verifications.
Let’s imagine an application where there is a contact form that needs these information:
I have in mind two ways to handle these format verifications:
At the form level
The “usual” way to handle this: we put some verifications based on user inputs and validate / invalidate the information.
Concretely, on the change (or submit, anyway) event of the input we verify the field value with some regexp and modify the current component state to display an error accordingly.
The “backend DDD” way
The idea is to rely on the following statement:
When creating an object, it should always be in a good and consistent shape so that you don’t have to tweak for specific computations everywhere in the app
The idea is to enforce the verifications using schemas and to always rely on consistent objects that we don’t have to tweak in multiple places like modifying one of its internal attributes by hand (implying multiple sanity verifications etc…).
In a concrete world, I would simply rely on a Email.create(rawInputValue) that may throw an error concerning a bad format exception or something like this. Email would be a class definition that owns information on how to build a valid email address.
After this bit of context, I’m wondering what are the pros / cons of these system? Which one do you use and why?
I am using sharepoint hosted add in to create custom web parts and my requirement is to add the inside Client Web Part(A template to create custom web parts in visual studio) pages
I wonder if database for magento 2 website can be accessed from ssh client or not? If not then may I know how to access the database?
So I’m trying to set up Apache 2.4 mutual authentication on a virtual host configuration.
Given the below environment, what am I missing?
Server is: Slackware 14.2 x64, Apache 2.4.39, OpenSSL 1.0.2r
Client is: Windows 8.1 x64, Firefox Quantum 66.0.3 (64-bit)
So far I have:
/usr/local/share/ca-certificates/, and ran # update-ca-certificates -vCertificate Manager, Authorities.Certificate Manager, Your Certificates.To test certificates I ran:
# openssl s_client -connect www.example.com:443 \ -cert ./client.crt \ -key ./client.key \ -CAfile ./CA/ca.crt \ -state -debug Witch ends with Verify return code: 0 (ok) but with no sign of client certificate in the output.
Full output later.
All this resulted in an error: AH01797: client denied by server configuration
Apache VirtualHost Configuration:
<VirtualHost www.example.com:443> ServerName www.example.com ServerAdmin webmaster@example.com DocumentRoot "/home/username/local/www/php-dev" ErrorLog /home/username/local/www/log/example.com-username.error.log TransferLog /home/username/local/www/log/example.com-username.access.log SSLEngine on #SSLVerifyClient none SSLCertificateFile "/etc/httpd/certs/www.example.com.crt" SSLCertificateKeyFile "/etc/httpd/certs/www.example.com.key" #SSLCACertificatePath "/etc/httpd/certs" SSLCertificateChainFile "/etc/httpd/certs/ca.crt" SSLCACertificateFile "/etc/httpd/certs/ca.crt" <Directory "/home/username/local/www/php-dev"> Options +Indexes +FollowSymLinks +MultiViews -Includes #RewriteEngine on #RewriteBase / AllowOverride None #AllowOverride AuthConfig Order allow,deny Require all granted # require a client certificate which has to be directly # signed by our CA certificate in ca.crt SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +FakeBasicAuth #SSLRequire (%{SSL_CLIENT_S_DN_Email} eq "hostmaster@example.com") # Use this option to match on DNS (This is working) #Require forward-dns client.example.com #Require valid-user </Directory> </VirtualHost> OpenSSL test output:
# openssl s_client -connect www.example.com:443 -cert ssl-ca/acer-64bit-firefox-auth.crt -key ssl-ca/acer-64bit-firefox-auth.key -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 0x1cdb1a0 [0x1dcc6e0] (305 bytes => 305 (0x131)) 0000 - 16 03 01 01 2c 01 00 01-28 03 03 0f 0b 13 4d 54 ....,...(.....MT ( **CUT** ) 0120 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01 ................ 0130 - 01 . SSL_connect:SSLv2/v3 write client hello A read from 0x1cdb1a0 [0x1dd1c40] (7 bytes => 7 (0x7)) 0000 - 16 03 03 00 42 02 00 ....B.. read from 0x1cdb1a0 [0x1dd1c4a] (64 bytes => 64 (0x40)) 0000 - 00 3e 03 03 3e 28 62 eb-32 a9 4d 87 b7 93 f9 f1 .>..>(b.2.M..... ( **CUT** ) 0030 - 0b 00 04 03 00 01 02 00-23 00 00 00 0f 00 01 01 ........#....... SSL_connect:SSLv3 read server hello A read from 0x1cdb1a0 [0x1dd1c43] (5 bytes => 5 (0x5)) 0000 - 16 03 03 07 23 ....# read from 0x1cdb1a0 [0x1dd1c48] (1827 bytes => 1827 (0x723)) 0000 - 0b 00 07 1f 00 07 1c 00-03 da 30 82 03 d6 30 82 ..........0...0. 0010 - 03 3f a0 03 02 01 02 02-01 1a 30 0d 06 09 2a 86 .?........0...*. ( **CUT** ) 0700 - bb 65 62 8d a1 03 94 54-5a f8 23 07 ed 35 c8 36 .eb....TZ.#..5.6 0710 - 06 a4 35 82 54 22 76 b7-8d c0 c7 e5 4c ee 17 b9 ..5.T"v.....L... 0720 - 43 2a 58 C*X depth=1 C = DK, ST = Denmark, L = Copenhagen, O = Company Name, OU = Certification Services Division, CN = Company Name Root CA, emailAddress = hostmaster@example.com verify return:1 depth=0 C = DK, ST = Denmark, L = Copenhagen, O = Company Name, OU = Secure Server, CN = www.example.com, emailAddress = hostmaster@example.com verify return:1 SSL_connect:SSLv3 read server certificate A read from 0x1cdb1a0 [0x1dd1c43] (5 bytes => 5 (0x5)) 0000 - 16 03 03 01 4d ....M read from 0x1cdb1a0 [0x1dd1c48] (333 bytes => 333 (0x14D)) 0000 - 0c 00 01 49 03 00 17 41-04 dc 35 93 bc 84 e3 52 ...I...A..5....R 0010 - 7a c8 fa 92 fe 6f b3 23-fe 6d d6 fe 3b 07 d9 3a z....o.#.m..;..: ( **CUT** ) 0130 - a8 67 ac 50 95 4f 85 1a-48 cd 8b 86 c3 8a 38 b6 .g.P.O..H.....8. 0140 - 6c 2e b8 0c b2 a6 a8 6b-3f c1 c0 82 47 l......k?...G SSL_connect:SSLv3 read server key exchange A read from 0x1cdb1a0 [0x1dd1c43] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 04 ..... read from 0x1cdb1a0 [0x1dd1c48] (4 bytes => 4 (0x4)) 0000 - 0e 00 00 00 .... SSL_connect:SSLv3 read server done A write to 0x1cdb1a0 [0x1ddbae0] (75 bytes => 75 (0x4B)) 0000 - 16 03 03 00 46 10 00 00-42 41 04 37 fa 53 36 d6 ....F...BA.7.S6. ( **CUT** ) 0040 - 34 dd e5 bc 6d 93 d8 40-81 d5 71 4...m..@..q SSL_connect:SSLv3 write client key exchange A write to 0x1cdb1a0 [0x1ddbae0] (6 bytes => 6 (0x6)) 0000 - 14 03 03 00 01 01 ...... SSL_connect:SSLv3 write change cipher spec A write to 0x1cdb1a0 [0x1ddbae0] (45 bytes => 45 (0x2D)) 0000 - 16 03 03 00 28 9d 77 45-e7 4f 6b 4d 6c 93 9c 74 ....(.wE.OkMl..t 0010 - 46 b5 a0 ba e2 e2 1a c8-67 ab 7e 64 27 2c 40 9d F.......g.~d',@. 0020 - 1b ed 20 7f d2 e7 a9 a3-e3 d1 12 3c 2b .. ........<+ SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data read from 0x1cdb1a0 [0x1dd1c43] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 ca ..... read from 0x1cdb1a0 [0x1dd1c48] (202 bytes => 202 (0xCA)) 0000 - 04 00 00 c6 00 00 01 2c-00 c0 b8 fc d9 d3 b5 2e .......,........ 0010 - d2 59 2a 66 46 e8 c6 bd-b3 de ea 93 78 d8 11 9f .Y*fF.......x... ( **CUT** ) 00b0 - ca 8b 37 58 77 18 57 0c-b7 3e 20 43 a0 a3 25 25 ..7Xw.W..> C..%% 00c0 - 2e 3a a9 da 07 b4 a7 e6-9e 59 .:.......Y SSL_connect:SSLv3 read server session ticket A read from 0x1cdb1a0 [0x1dd1c43] (5 bytes => 5 (0x5)) 0000 - 14 03 03 00 01 ..... read from 0x1cdb1a0 [0x1dd1c48] (1 bytes => 1 (0x1)) 0000 - 01 . read from 0x1cdb1a0 [0x1dd1c43] (5 bytes => 5 (0x5)) 0000 - 16 03 03 00 28 ....( read from 0x1cdb1a0 [0x1dd1c48] (40 bytes => 40 (0x28)) 0000 - 77 ac ab 69 7c e6 7f e7-04 47 6d 1d 0b 21 0d 37 w..i|....Gm..!.7 0010 - 5e a5 9a 8b 2b f7 40 9b-b3 f1 e4 53 18 4e ef 84 ^...+.@....S.N.. 0020 - 2b ad dc 68 07 b7 cc 28- +..h...( SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=DK/ST=Denmark/L=Copenhagen/O=Company Name/OU=Secure Server/CN=www.example.com/emailAddress=hostmaster@example.com i:/C=DK/ST=Denmark/L=Copenhagen/O=Company Name/OU=Certification Services Division/CN=Company Name Root CA/emailAddress=hostmaster@example.com 1 s:/C=DK/ST=Denmark/L=Copenhagen/O=Company Name/OU=Certification Services Division/CN=Company Name Root CA/emailAddress=hostmaster@example.com i:/C=DK/ST=Denmark/L=Copenhagen/O=Company Name/OU=Certification Services Division/CN=Company Name Root CA/emailAddress=hostmaster@example.com --- Server certificate -----BEGIN CERTIFICATE----- MIID1jCCAz+gAwIBAgIBGjANBgkqhkiG9w0BAQsFADCBwzELMAkGA1UEBhMCREsx EDAOBgNVBAgTB0Rlbm1hcmsxEzARBgNVBAcTCkNvcGVuaGFnZW4xGDAWBgNVBAoT ( **CUT** ) h6Bxy9YXljo0WbpKbr97MC7N8KzG9WWNyRWrhMdCqz5prL4wIzjoGK2Kmn+EMueF 7B2ok8wsc6HVpaPfS+K4EMlEMosdwRnbZiU= -----END CERTIFICATE----- subject=/C=DK/ST=Denmark/L=Copenhagen/O=Company Name/OU=Secure Server/CN=www.example.com/emailAddress=hostmaster@example.com issuer=/C=DK/ST=Denmark/L=Copenhagen/O=Company Name/OU=Certification Services Division/CN=Company Name Root CA/emailAddress=hostmaster@example.com --- No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2508 bytes and written 431 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 454F4761410ECE47B266860E6F300E9AA9D27AF747B280C7030480CE73B9447C Session-ID-ctx: Master-Key: 9EC9F06ADA02FAB9EC1B7A43D15047730A93DF8DAA322F92134A9673D6B8BC059AF1E7EF39FAF1F254C27BEA0C920203 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - b8 fc d9 d3 b5 2e d2 59-2a 66 46 e8 c6 bd b3 de .......Y*fF..... 0010 - ea 93 78 d8 11 9f 3d be-63 6b 18 d4 36 73 75 18 ..x...=.ck..6su. ( **CUT ) 00a0 - c4 9a eb d2 04 19 ca 8b-37 58 77 18 57 0c b7 3e ........7Xw.W..> 00b0 - 20 43 a0 a3 25 25 2e 3a-a9 da 07 b4 a7 e6 9e 59 C..%%.:.......Y Start Time: 1555651633 Timeout : 300 (sec) Verify return code: 0 (ok) --- read from 0x1cdb1a0 [0x1dd1c43] (5 bytes => 5 (0x5)) 0000 - 15 03 03 00 1a ..... read from 0x1cdb1a0 [0x1dd1c48] (26 bytes => 26 (0x1A)) 0000 - 77 ac ab 69 7c e6 7f e8-30 5b 8e cd fb b6 90 69 w..i|...0[.....i 0010 - 01 5e 7f 48 f2 e2 58 c1-ab 7c .^.H..X..| SSL3 alert read:warning:close notify closed write to 0x1cdb1a0 [0x1dd6193] (31 bytes => 31 (0x1F)) 0000 - 15 03 03 00 1a 9d 77 45-e7 4f 6b 4d 6d 8a df 5a ......wE.OkMm..Z 0010 - a5 3d 1b ac b5 12 3f cb-fb 9d 1a 2b 1c 07 30 .=....?....+..0 SSL3 alert write:warning:close notify 
Free Proxy List SchoolProxiesList Stay Anonymous Proxy List The Power Of Ninja Proxy List UNubstruct Free proxy sites Free proxy sites