Tunneling socks via http/s

Nowadays many govermental authorities or network administrators think that blocking all the network traffic for security reasons is a good idea. One common approach is to block everything, but allow some traffic that is whitelisted. Thus it is not possible to do all the interesting stuff that the firewall prevents to do. But by blocking http or https no webserver would be available any more. So normally these ports are open and thus this is the way to go. Continue reading

How to debug encrypted HTTP traffic

When developing software, sometime it’s necessary to sniff the traffic that is transmitted between two computer systems. For that purpose tools like wireshark or tcpdump may be useful. Wireshark is a great tool, but when handling encrypted connections it is not possible to decrypt the traffic without having the key used for encryption. When sniffing http traffic the private key of the certificate is required to decrypt the information. But when talking to a foreign server, without having its private key another approach is necessary. Continue reading

Generating secure passwords

Normally for each device, service and software there should be used a unique password. As this isn’t an easy tasks, many people use a default password for a number of services and devices. But using Linux there is a small smart tool that generates passwords easily. This tool is called apg. Furthermore storing all the passwords in a safe enhances comfort and security dramatically.
Continue reading