Fiddler as proxy – and how to clone WordPres locally for testing

I got my local setup working under 127.0.0.1:91/blog. In order to overwrite my server default domain I added locally this to my wp-config.php file:

define('WP_HOME','http://127.0.0.1:91/blog'); define('WP_SITEURL','http://127.0.0.1:91/blog'); define('FORCE_SSL_LOGIN',false); define('FORCE_SSL_ADMIN',false); 

In my Fiddler Web Debugger script I am using this to redirect my browser request to my domain name, to instead go to my local setup:

if (oSession.HostnameIs("my.domain.name")){     oSession.bypassGateway = true;     if (oSession.HTTPMethodIs("CONNECT")){         oSession["x-replywithtunnel"] = "FakeTunnel";         return;     }       oSession["x-overrideHost"] = "127.0.0.1:91";     oSession.fullUrl = "http://127.0.0.1:91" + oSession.PathAndQuery; } 

How can I get WordPress returned page to be rewritten before it gets sent do the browser from 127.0.0.1:91 to my.domain.name; and from http:// to https://? Or is there a smarter way to go about all of this within WordPress?

I tried this in my Fiddler Script but it is not working:

if oSession.oResponse.headers.ExistsAndContains("Content-Type","text/html")){     oSession.utilDecodeResponse();     oSession.utilReplaceInResponse('http://','https://');     oSession.utilReplaceInResponse('127.0.0.1:91','my.domain.name'); } 

I suppose I could setup an Apache proxy rewrite for the pages that get returned, but I am not sure how to go about this.

Power BI Report Server keeps asking for credentials locally

I’ve installed PBIRS on my laptop to do some development.

Each time try to connect it prompts with dialog wanting me to login.

Login

If I try and connect from a remote PC using the same domain login, it recognises me and logs me in without any problems.

What do I need to change so that PBIRS accepts my connection?

PBIRS May 2020 SQL Server 2019 HP Elitebook 16Gb RAM Windows 10.

Security concern on locally stored authentication token

It is a common method on mobile applications to allow users to bypass authentication process by verifying a locally stored token (previously authenticated) on device.

This is to strike a balance between usability (avoiding authentication every time) and security.

  1. Are there any security holes in this process?
  2. What are measures to be taken to strengthen this method?

Best practices for storing long-term access credentials locally in a desktop application?

I’m wondering how applications like Skype and Dropbox store access credentials securely on a user’s computer. I imagine the flow for doing this would look something like this:

  1. Prompt the user for a username/password if its the first time
  2. Acquire an access token using the user provided credentials
  3. Encrypt the token using a key which is just really a complex combination of some static parameters that the desktop application can generate deterministically. For example something like:
value = encrypt(data=token, key=[os_version]+[machine_uuid]+[username]+...) 
  1. Store value in the keychain on OSX or Credential Manager on Windows.
  2. Decrypt the token when the application needs it by generating the key

So two questions:

  1. Is what I described remotely close to what a typical desktop application that needs to store user access tokens long term does?
  2. How can a scheme like this be secure? Presumably, any combination of parameters we use to generate the the key can also be generated by a piece of malware on the user’s computer. Do most applications just try to make this key as hard to generate as possible and keep their fingers crossed that no one guesses how it is generated?

Buffer Overflow Works Locally But Not Remotely

So I made a simple buffer overflow challenge and attempted to host it on a digitalocean droplet. The challenge source is below, and is compiled using gcc welcome.c -fno-stack-protector -no-pie -o welcome.

#include <unistd.h> #include <stdio.h>  int main(void) {     setvbuf(stdout, NULL, _IONBF, 0);     char name[25];     printf("whats your name? ");     gets(name);     printf("welcome to pwn, %s!\n", name);     return 0; }  void flag() {     char flag[50];     FILE* stream = fopen("flag.txt", "r");     fgets(flag, 50, stream);     printf("%s", flag); } 

Locally on the Docker the challenge is running on, I am able to use the exploit seen here. Trying to use it over the netcat connection though, it doesn’t work! All of the files I am using to host the challenge can be found here. Any help or other tips would be appreciated. I have spent a large part of the day confused about this.

Bonus question, why does the binary hang after completion on the remote server until the user hits enter? Maybe my setvbuf is incorrect? If someone could explain this that would be great! I am fairly new to this stuff.

How did YouTube know I watched a locally stored file on my computer?

I ripped a few videos from YouTube (using y2mate) about a week ago of guitar lessons from a player named John Redbourne in case they disappear. I saved them on my local hard drive in a folder called “Redbourne Guitar” and the files are named after after the songs, like “Salisbury.mp4” etc.

Anyway, I just watched one of the videos off my hard drive, and lo and behold, when I logged into YouTube, my recommended feed was full of John Redbourne videos. I haven’t searched or done anything online related to John Redbourne since I downloaded the videos. How did YouTube know I watched it?

Using Windows 10, Firefox, and played video with default “Movies and TV” app that comes with Win 10.

Is there any official documentation on the AdSense data-adtest=”on” parameter to test locally?

On many places over the internet you can find people suggesting the data-adtest="on" parameter to test ads on your local environment.

<ins className="adsbygoogle"   style={{display:"inline-block", width:"360px", height:"180px"}}   data-ad-client="XXXXX"   data-ad-slot="XXXXX"   data-adtest="on"         // <----------------------------- > </ins> 

I could make it work with trial and error. Some sites even suggest that the proper name is data-ad-test.

But is there an official documentation about this?

I there is, I still haven’t found.

Can I test ssl connection locally with a valid certificate (CA) with local dns?

I have a wildcard valid certificate signed by Certificate Authority. Is it possible to test the https locally from the server without a registered DNS?

My idea is to bind the domain name with 127.0.0.1 in /etc/hosts.

The HTML is running on Nginx container and I am using centos 7.

Is it possible to make an SSL handshake with curl https://<dnsname>.<name>.com:443 or it needs to be public DNS?

Note: ICMP is disabled but the server is connected to internet

Does user need to keep updated with the certificates locally when using TLS with smtp?

HOWTO: Install/Configure msmtp and mutt on ubuntu

I got GTS CA 1O1 as the common name instead of Google Internet Authority G2. What is the difference between the two.

So GTS CA 1O1 refers to the one listed here https://pki.goog/?

I see GTS CA 1O1 valid until Dec 15, 2021. So by Dec 15, 2021, I should regenerate the local crt file by openssl x509 -inform DER -in GTS1O1.crt -outform PEM -out gmail-smtp.crt

$   msmtp --serverinfo --tls=on --tls-starttls=off --host=smtp.gmail.com SMTP server at smtp.gmail.com ([172.217.195.108]), port 465:     smtp.gmail.com ESMTP a10sm3703146oic.46 - gsmtp TLS session parameters:     (TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM) TLS certificate information:     Owner:         Common Name: smtp.gmail.com         Organization: Google LLC         Locality: Mountain View         State or Province: California         Country: US     Issuer:         Common Name: GTS CA 1O1         Organization: Google Trust Services         Country: US     Validity:         Activation time: Tue Nov  5 15:45:23 2019         Expiration time: Tue Jan 28 15:45:23 2020     Fingerprints:         SHA256: 50:E7:13:03:7B:A8:D8:28:3C:D2:66:AC:58:E3:76:6D:BB:DB:E2:9D:B6:8F:54:38:10:BC:A5:93:67:25:7D:4D         SHA1 (deprecated): F4:D9:49:8F:FA:F0:06:D1:B8:D7:AE:A8:56:A3:36:B4:FB:76:3E:32 Capabilities:     SIZE 35882577:         Maximum message size is 35882577 bytes = 34.22 MiB     PIPELINING:         Support for command grouping for faster transmission     AUTH:         Supported authentication methods:         PLAIN LOGIN OAUTHBEARER  

Files are not showing when i mapped Library locally for particular folders

I have mapped a SharePoint document library to Local PC using the option “Add Network Location”.

One of the folder in the Library has 9000 PDF files. When I go to the web mode I am able to see the PDF files, but when I tried to view the same PDF files using Windows Explorer it is not showing files, instead showing an error: “The Folder is Empty”.

I have attached the image.

Is this the expected behavior due to 9 K files in the folder?

Please suggest

enter image description here