Xplico is a NFAT or Network Forensics Analysis Tool that is designed to either capture traffic in real time sessions or to provide an interface to upload PCAP (Packet Capture Data) files for analysis. The current version in Backtrack Linux 5 release 3 is 0.7 however the latest Xplico version is Xplico 1.0.1. I believe…
If you have ClientExec installed in a sub-directory say /clientexec and want to require HTTPS only for ClientExec the easiest way to accomplish this is by putting a .htaccess file inside of the sub directory itself. There are numerous solutions to this posted as CE Knowledge Base Articles and within the CE forums but many…
Network stress testing is taken for granted sometimes however it is extremely useful in many aspects of a network. Typically when someone is thinking of stress testing something technology related they are thinking of stress testing a web application of some sort however it is beneficial to also stress test every piece of network hardware…
When testing websites it may be beneficial to spoof the referer URL. I have used these methods in the past to locate bugs in code or files that have been infected with forms of search engine click jacking. The two easiest methods that I have found are using the Google Chrome extension called Spoofy or…
The other day while configuring a Asus RT-N16 wireless router we had installed DD-WRT software on I decided to turn off HTTP access to the web admin interface. After making this change I got pulled away to test something else and never tested it so I was surprised when I attempted to login today and…
This is going to be a little bit of a different style post then we usually do on Question-Defense. I have been completely amazed lately at the amount of unsecured web interfaces on the Internet and I figure another post cant hurt. I am assuming every one knows that when you buy a new piece…
I recently installed the Youtube With Fancy Zoom WordPress plugin on one of my personal web sites so I could upload and display videos of my daughters. This plugin allows you to upload videos to the YouTube, reference them in your WordPress admin, and then display them in a nice pop up window on your…
I have been having a problem with the media browser uploader for a couple days since I enabled FORCE_SSL_ADMIN in my wp-config.php file. I finally got some time tonight to look into the issue and I am embarrassed it took me so long to resolve. This was a classic example of trying to make something…
LiteSpeed web server uses the same Rewrite engine that Apache uses so most of the information you will find on the Internet relates to Apache and not LiteSpeed. One of the projects I am working on redirects all web traffic that hits each virtual host from HTTP to HTTPS without exception. Recently it came up…
I have a Linksys WRT54G wireless router running DD-WRT open source firmware. A lot of the work I do requires providing access to clients or coworkers to various devices on my local network. I also view the DD-WRT web interface regularly on the Linksys WRT54G to see what devices it can see on the network…