Hacks, code and random thoughts
Mikhail Gusarov contacted me today about my iRiver story findings.
He’s involved in openinkpot, a Linux e-reader distro. Based on my initial findings he’s been able to execute arbitrary code based on the elisamake_sh script
You can read more about his findings and details here
I hadn’t heard of openinkpot before. It looks like a interesting and useful project that I’ll be following closely, even though the iRiver story won’t be supported for a while.
I’m knee deep in web development. I also always like to look at websites from a security point of view. This often means I end up looking at http headers, source code, error pages and so on to see what software a site is running and what its vulerabilities might be.
Eventhough this may sound like an odd hobby, I bet there are other people who do something similar, and to save me and those others some time I’ve written two tools to help in figuring out what kind of software a site is running: Fetch, a tool to fetch and analyze HTTP headers / responses and Guess, a tool to detect the web software stack used on a site
I hope these tools can be of use to web developers, SEO consultants and security consultants, or just anyone who’s interested in seeing what’s happening behind the (browser) screens
All of this has also allowed me to develop a powerful toolkit to scan/analyze websites which I plan to use for other future projects, SEO and security related, but I can for example also imagine an ISP may find it useful to analyze what kind of software their users are actually running
FetchI’ve blogged about Fetch before so I won’t get into too much detail. It’s basically the web equivalent of telnet host.tld 80 and doing a GET or HEAD by hand, but then a lot more user friendly, verbose and feature-rich.
Guess analyzes a site and tries to figure out what Webserver, language and framework a site is running. If possible, it will also attempt to find the versions used
Guess is learning about new software stacks each day and it already has an impressive hit rate (at least the sites that I usually try it on), though some very obvious systems still aren’t detected.
I’ve also planned much more features such as
Currently, it detects a large range of CMS’s and frameworks, open and close source, such as:
Both tools can be used as bookmarklets, simply copy the url to your bookmarks toolbar and clicking it will open the site you have open a new window with either Fetch or Guess
I’m also planning on developing simple Chrome and Firefox extensions, but adding more software stacks and features have a higher priority; the bookmarklets actually work really well.
I’ve moved my old blog to a new domain and new software. Popular postings have been migrated, the rest remains at the old blog/site as an archive. As a bonus, comments are now finally supported.
blog.m3r.nl started as a quick hack - I just wanted to share some thoughts and code, but it’s time to give it a more appropriate name and more suitable software. The old blog ran Plone and eventhough there are sufficient blogging products for it it’s always pretty hard to not make it look like Plone anymore.
I wanted the new blog to run some sort of Python blogging software. I have considered Django Mingus, but it looks too alpha for easy deployment. I ended up using Zine which seems pretty mature and feature complete. However, now that I am using it there are some things I’d like to improve, such as:
Usually I end up considering writing my own variation of the software. Lack of time is what keeps me from reinventing these wheels over and over again :)
All of these things can be accompilished using Zine’s plugin mechanism so it’s worh looking into that. Unfortunately, documentation is seriously lacking.
My old blog is dead, it won’t get updates. You can unsubscribe from the RSS feed and subscribe to this blogs Atom feed in stead.