modest 2.9.2 – response body: transformed: dechunked

I would appreciate if someone can point me to the right way solving this

Have a POST for a refresh token and modsec closes the connection(?) — the browser goes into an endless loop back and forth ; using apache 2.4.6 and modsec 2.9.2 in centos 7.

  1. Can I disable modsec engine completely for this request?

  2. Doesn’t say “rule matched” in the H header and K section in audit lists so many rules to post here (but can post if someone needs it)


--522ec87e-F-- HTTP/1.1 400 Bad Request X-Frame-Options: SAMEORIGIN Cache-Control: no-store Pragma: no-cache X-Frame-Options: SAMEORIGIN Access-Control-Expose-Headers: Access-Control-Allow-Methods Access-Control-Allow-Origin: https://mysite.com Access-Control-Allow-Credentials: true Content-Type: application/json Content-Length: 69 X-XSS-Protection: 1; mode=block Connection: close     --522ec87e-H-- Apache-Handler: proxy-server Stopwatch: 1585504125443097 26443 (- - -) Stopwatch2: 1585504125443097 26443; combined=7503, p1=367, p2=6899, p3=71, p4=124, p5=41, sr=64, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.9.2 (http://www.modsecurity.org/); OWASP_CRS/3.0.0. Server: Apache Engine-Mode: "ENABLED"  --522ec87e-Z-- 

Increase of Googlebot response time after CDN implementation

Problem: We have a site hosted in Germany that is suffixed with “.de”. Recently, we implemented a CDN with Cloudflare. Shortly after our Googlebot response times increased from 60-100ms to 400-500ms. We noticed that the origin from Googlebot requests come from the US. However, this is the usual case as we learned.

There are solution to overcome this, e.g. Caching. However, our goal is to understand the underlying change that led to the increase. We have reviewed a lot of our config in the last days and haven’t yet understood the problem. Cloudflare uses anycast ips, thus a website can not necessarily be geolocated.

Our current hypothesis: The Googlebot takes into account that a site is hosted on a different continent and subtracts a certain amount of response time.

Question aim: Receive hints what to look for to understand the underlying cause.

Why does Chrome show 304 in Response Headers section but 200 in Status code?

Might be a silly question, but I haven’t found any clear answer yet. Why does Chrome show 304 in Response Headers section but 200 in Status code? Why doesn’t it show 304 in Status code (BTW, that is NOT 200 memory cache.)?

If it shows 200 I can’t know it is actually 304 without looking into request detail.

enter image description here

Compared to Firefox (the same request), 304 in status code.

enter image description here

What does this server ssh response mean?

I attempted to pown my first lab box and I got the following response from the server after providing correct user/pwd for ssh login.

no matching key exchange method found. Their offer: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

What is this response and do I provide the correct method?

When using the Augury spell, how good or bad does the outcome of the course of action have to be to justify a response of Weal / Woe?

My players are planning to use Augury to decide whether to enter a dungeon, and I’m trying to decide what the outcome of the spell should be.

I can see that some extremes should be obvious: for example, if the dungeon contains four ancient dragons that will annihilate them, it’s Woe. If the dungeon contains a pile of platinum and no dangers at all, it’s Weal. But what if it’s a ‘typical’ dungeon with monsters and traps but also treasure? Does that count as Weal, Woe, Weal and Woe, or neither? What if, again as is often the case, there is danger first before there’s treasure? What if there’s a tough puzzle that might cause them to quit after taking damage but before finding treasure?

If it makes a difference, which I think it might, I would like them to explore this dungeon, and I think they have the skills to survive it and find the treasure. I’ve seen people suggest that Augury is really a way for the PCs to communicate with the DM, and if that’s the case, I would be tempted to say Weal, as code for ‘yes, please do it’. But I don’t want them to feel betrayed when they get (non-lethally) hurt.

As pointed out in comments, Augury only covers events in the next 30 minutes. I’d be interested in answers for both of the following situations:

1) This is a very short dungeon which can be cleared in less than thirty minutes; or

2) The players ask only about whether they should enter the first room of the dungeon – I think this exacerbates the problem because it’s even less clear whether this will be good or bad.

Hijacking Websocket – it is possible to change the server response?

i read every available hijacking websocket guide/explanation there is in the wild but i still don’t understand one thing.

In a CSWSH it is possible to custom requests to the server and retrieve sensitive information that an attacker can steal, also perform sensitive state-changing actions like a normal CSRF.

But, is it possible to send the normal/default request to the server and change the server’s response?

Lets say a website that uses websockets to receive prices of items,

a sample request would be:

{Price: apple} 

A simple response would be

Price apple: 100 

i want to know if it would be possible just to change the response from the server and say that apple is worth 5 or 500 instead of 100, without changing the request to the server… just the response

How to prevent Cross-site Scripting in ajax response

I have a page(parent.php) from where i am calling a another page(result.php) through jquery ajax that is returning a response in html format. This response is showed on the parent.php page in a div. How can i secure my ajax response from xss attack. Here is the code snippet of parent.php page

$  .ajax({         type: "POST",         url: "getResult.php",         data:{search_in:search_in},           beforeSend:function(){           $  ("#search_result").html('Loading..');      },        success: function(result)     {         $  ("#search_result").html(result);         $  ("#search_result").show();      } }); 

in the getResult.php page i am quering database based on the parameter and returning some result in html form like table. How can i prevent cross site attack

Response seems to get redirected if SQL injection query succeeds, if not then it doesn’t get redirected

Under the authorization of my friend, I am testing his website against potential vulnerabilities.

I was trying to find if I was able to inject a SQL query into a POST request parameter hi' or 1=1 --:

query=hi'%20or%201%3d1%20-- 

I found that the document prints out:

<div class="error">index job,query: syntax error, unexpected '-' near '-'</div> 

while with ' or 0=0 -- I get:

<div class="error">index job,query: syntax error, unexpected '|' near ' | 0=0) --'</div> 

does this mean that it’s vulnerable to SQL Injection? If yes, how can I make it print server system data (like information, etc.)? By the way, if the string is correct it gets redirected to another webpage (I think that’s why SQLMap tells me the parameter is not SQL-injectable).

I can see the query works just if the URL gets redirected, but I won’t see the query output. If the URL doesn’t get redirected, I can see these SQL query errors. I’m trying to see how to get the output and do something more useful to attack the website, or even make it detectable from sqlmap.

The current command I’m using is sqlmap -r thework.txt -p query --dbs. thework.txt contains the full valid POST request.

Can you twin Counterspell in response to a Counterspell counter chain?

Scenario:

Four spellcasters: 2v2 (Notation 1A 1B vs 2A 2B)

  • 1A tries to cast a spell
  • 2A uses his reaction to cast Counterspell to counter that spell
  • 1B uses his reaction to cast Counterspell to counter 2A’s Counterspell

Can 2B twin Counterspell to counter both 1A’s spell and 1B’s Counterspell? I can’t think of a use for doing this, other than if 1B got some advantage from successfully countering a spell.

Alternative routes for Incident Response approach other than Windows Event Viewer?

I am currently developing an Incident Response Plan for a computer that has been hacked (no malware installed, just a system hack). My plan is to look through Windows Event Viewer to try and detect any unusual behaviour to the machine.

However, if an attacker has changed the contents of the log file or altered the time, what are the alternative routes for developing an IRP other than Windows Event Viewer?