Scenario :
I wanted logging functionality in burp, so just enabled it by going to :
options tab --> Misc tab --> Logging
By clicking the checkbox, the logging functionality is working fine.
My Question :
The next time I open burp, I want the logging settings to be enabled by default.
How should I set the options in configuration file so that I can pass it while starting burp from terminal.
P.S
I am using Ubuntu-14.04 (32-bit) with Burp Pro v 1.6.
There is no burp.conf file created in ubuntu.
Any help is highly appreciated.
By default burp should remember your settings. You can check burp menu > remember settings
Also why don't you use save / restore state. It is very useful for changing settings easily (proxy, auth methods, logging, intercept options etc ..)
Related
My operating system is Windows 10 64 bits. I use the latest versions of Firefox and Chrome.
I want to save the pre-master keys in order to use them with WireShark.
For this, I have found many tutorials that all recommend using the SSLKEYLOGFILE environment variable.
However, no matter the path I put in this variable, no file is being created by Firefox (normal and developer editions) or Chrome. This is true even when I restart those browsers or the operating system. This is also true when I clear the cache on the browsers.
I found an alternative way of setting the SSLKEYLOGFILE variable with Chrome by launching the browser with the following argument:
--ssl-key-log-file=PATH
And while this argument does create a log file, it is never populated. It remains completely empty.
What makes this problem even more annoying is that I don't know if there's any debug log that would at least let me know what's happening.
Anyone have ideas on how to solve this issue?
Verified in both Chrome and Firefox
Windows 10 64bit [Version 10.0.17763.379]
I would not use the --ssl-key-log-file flag with Chrome. In my testing, it does not have an effect.
Steps to get SSL keylog file
Change your directory to one that you or your programs have access to. I am using the Desktop folder.
C:\> cd $HOME\Desktop
Set the SSLKEYLOGFILE variable. This sets it for the user (HKCU). To set it for the machine (HKLM), add the /m flag to the end of the command.
PS C:\Users\rj\Desktop> SetX SSLKEYLOGFILE "$(get-location)\ssl.log"
Verify that the variable has been set in a separate powershell window (SetX does not apply to the current window).
PS C:\Users\rj\Desktop> Get-ChildItem ENV: | findstr SSLKEYLOGFILE
SSLKEYLOGFILE C:\Users\rj\Desktop\ssl.log
You can also verify that SSLKEYLOGFILE is a user variable by going to the Control Panel > System and Security > System > Advanced System Settings > Advanced tab > Environment Variables > User Variables. You should see a listing like the powershell example where the value is a directory.
Open Chrome/Firefox and go to an https website like https://stackoverflow.com.
You should see an ssl.log show up on your desktop.
Image of end result
Further Reading
2018-12-07, F5, Decrypting SSL traffic: Great article on doing the above, but cross-platform
2019-03-18, Mozilla, NSS Key Log Format
: The SSLKEYLOGFILE format
2018-08-17, Wireshark Bugzilla, Add TLS 1.3 support: Has good test pcap/SSLKEYLOGFILE contents for TLS1.3 (See Comment 83)
You mentioned that you are using Wireshark. If you using it to export a file from a TLS-encrypted stream in a capture, this article may help you.
One thing I ran into is: Chrome doesn't always fully close when you close the window. Sometimes it stays open in the background. Use the Windows Process Explorer to list all the processes and make cure Chrome is closed. Also, after restarting Chrome, you can double click on it in Process Explorer and select the Environment tab to list all the variables set in it's environment. Make sure SSLKEYLOGFILE is shown in that list. Then Chrome will be sending keys to the specified file.
First off all the problem is that the browsers are protected better and that flaw is patched, thats why you cant capture no ssl. I dont know the details. But chrome with --no-sandbox(linux) option on ,when running will enable you to capture ssl/tls key without any issues from the first try, so you can play with decription of packets. Never tried on windows btw..
This worked for me...
set the SSKEYLOG env: variable as normal in Linux.
just point it to your pefererd save location of the sslkey.log
windows system/advance/env vars/user variables.
add SSLKEYLOGfile with the path to your preferred save location C:/user/sslkey.log
close and your done here.
NSS_ALLOW_SSLKEYLOG=1 is what's missing from the Booleans in Firefox's advanced options.
its been also removed from the general release but is still in the dev ops version. just not listed.
download and install the dev ops version of Firefox
open a terminal start it from its exe if on Linux.
windows just open it from the icon.
go to the about:config
create a new Boolean with NSS_ALLOW_SSLKEYLOG=1 and set it to true.
quit
now create a new symbolic/icon link to the new dev version fire fox version
when you run Firefox from the terminal in Linux the sskeylog should be created and start populating.
run it from the task bar icon in Linux and it doesn't make or update the keylog (just in case you dont want it populating every time you open the browser).
in windows, you will have to disable the env var or it will keep populating every time you open any browser that supports sslkey logging.
on that note opera and vivaldi should work with no changes to the advanced option.
lastly.. open wireshark go to
edit/preferences/protocols/tls
and put the path to the sslkey.log in the pre master secret log box.
click ok.
close everything..
start Wireshark
start your browser (from terminal in linux).
you should start seeing sslkeylog start populating and see extra options for decryption in the tabs of Wireshark.
have fun :)
1st solution:
Restart Chrome
2nd solution:
Use Firefox
I'm using PhpStorm to edit files on a live server. When I try to upload the file it tells me "could not close the output stream for file". Note that I'm using "SFTP" ..
Some suggesting that using "passive mode" will solve the issue, but I can't find the settings when I go to: (Tools=>Deployment=>Configuration=>Advanced settings) as suggested!!
Is it even possible to use passive mode with SFTP!?
Passive Mode isn't available for SFTP. This option is only available for FTP and FTPS.
https://www.jetbrains.com/help/phpstorm/2017.1/advanced-options-dialog.html
advanced options in comparison
It could be a PhpStorm/jsch issue: https://youtrack.jetbrains.com/issue/WI-17685.
Please reproduce the issue, open Help > Show Log in ... > idea.log and look for errors. If you'll see the same messages as in aforementioned WI-17685 then you got it.
Google Chrome is ignoring the settings in C:/Windows/System32/drivers/etc/hosts file. Both IE11 and Firefox are installed on the same machine and work as expected.
I've tried all the solutions I could find online including:
Open chrome://net-internals/#dns and click the Clear Hosts Cache button.
Go in Settings, Show Advanced Settings and uncheck the following three options: (X) Use a web service to help resolve navigation errors (X) Use a prediction service to help complete searches and URLs typed in the address bar (X) Use a prediction service to load pages more quickly
Go in Settings, Show Advanced Settings, click the Clear Browsing Data button, selected Cached Images And Files from the beginning of time, and click Clear Browsing Data.
Restart Chrome.exe.
Restart the computer.
Make sure to add http:// to the front of the web address.
Make sure proxy settings are turned off
Run cmd.exe and run ipconfig /flushdns
Uninstall and reinstall Chrome
I'm at a loss... Is there anything I missed that I can try or check?
Seems that Chrome doesn't likes the following extensions for that kind of stuff:
.dev
.localhost
.test
.example
.app
Use .local and the problem seems to disappear.
If anyone stumbles on this problem in 2021, for me the fix was to disable Use secure DNS option from chrome settings. After disabling that, all the options in the hosts file started working.
The option is located under Privacy and Security > Use secure DNS
Link to get there faster:
chrome://settings/security
This has been identified as a "bug" in Chrome, but it appears to be absolutely intentional behavior. Google Chrome does not honor /etc/hosts when connected to the Internet. It always does a DNS lookup to determine IP addresses.
While my references below mostly relate to my expereinces with this on Linux, it is not confined to Linux.
https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/iKXqyc40tW0
https://superuser.com/a/887199/75128
https://bugs.chromium.org/p/chromium/issues/detail?id=117655
Okay I faced the same problem but then I found the solution.
Try this:
Go to history (Ctrl+H) -> In the left pane click on Clear browsing data
In the new window that opens go to Advanced tab
Set Time Range to All Time -> check Cached Images and Files -> click on Clear data
Restart your computer, It should start redirecting addresses mentioned in Hosts file (C:\Windows\System32\drivers\etc\hosts)
Note: This Solution is only for Google Chrome
Try clearing the DNS Cache:
1) run cmd.exe as administrator
2) type: ipconfig /flushdns
I just encountered this tonight and none of these options worked. I discovered that Chrome now hides "www" (https://www.howtogeek.com/435728/chrome-now-hides-www-and-https-in-addresses.-do-you-care/). Chrome was using my hosts file, but I had to add "www." to my hostname in my hosts file since that's what the browser is actually requesting, even if it doesn't show it.
A little late, but after hours i find a solution. It seems that Google Chrome sometimes has problems on recognize the name of the hosts defined en /etc/hosts.
I'm using linux and i'm behind a proxy.
Try adding at the end of the name server: .localhost
Example:
At: /etc/hosts:
127.0.0.1 myservername.localhost
On the virtual-hosts of your server configuration you'll need to rename the server name. In my case, i'm using apache so at /etc/apache/sites-enabled/myserver.conf rename the line of the old server name with:
...
ServerName: myservername.localhost
If you are behind a proxy, you can except all the hosts just adding to the no_proxy vars:
$no_proxy= "localhost"
Finally don't forget to restart the server and try to access on the browser with the new server name.
😊 simple answer 😊
there are 3 workarounds about this:
1- deleting Visited Links binary file (beauty👍)
2- using .local or .app instead of your desired TLD (standard & preferred by chrome docs but i don't like it)
3- restarting your computer (ugly👎)
deleting Visited Links binary:
kill all chrome tasks (close all chrome windows:))
delete C:\Users\[USERNAME]\AppData\Local\Google\Chrome\User Data\Default\Visited Links binary
you can define a function in your shell profile to perform this fast and just by a command whenever you face this issue: e.g:
function respectHosts () {
$path = $HOME + "\AppData\Local\Google\Chrome\User Data\Default\Visited Links";
Remove-Item $path;
}
important Note:
it is suggested that first time after deleting Visited Links binary file, also delete your history cause if you use a url from history, actually you are using the cached dns of that url too:
Running Chrome 105 on Windows 11, nothing seemed to work until I added ::1 (i.e. ipv6) in addition to 127.0.0.1. For example:
127.0.0.1 local.foo.com
::1 local.foo.com
While it was stated that no proxy is being used, I have had the same issue on OS X while using a proxy and the eventual solution was to add a proxy-exception for this domain.
What the OP could try is turn off async DNS via command-line switch as
mentioned here in 2015:
Async DNS: Remove toggle from about:flags
Async DNS is fairly stable at the moment, so we don't really need the
toggle in about:flags anymore. (Note that the --enable-async-dns and
--disable-async-dns command-line flags will still work for now.)
This, however, seems to have no effect in my case, as chrome://net-internals/#dns still displays the internal DNS-client as enabled with no obvious way to turn it off.
Had a similar issue working from a windows based server that had proxy settings. In the proxy advanced settings there are 2 options that can help. Ignore proxy setting for local hosts which is a check box; as well as a list of addresses set off my semi-colons where you can except out certain IP destinations. This fixed my issue.
For me
chrome://net-internals/#sockets
Flush socket pools work wonder, credit: https://superuser.com/a/611712
I am using behat+mink. I wrote some features and am now running tests.
How can I enable xdebug to to stop on breakpoints in phpstorm when running behat tests ?
I have not tried this with Mink yet, but this is configuration that allows me to step through debugging of behat (with behat running on a remote server):
Configure your server with x-debug
Of note, since this is commandline, you need to edit the cli config under /etc/php5/cli/conf.d/20-xdebug.ini.
Set remote_host to the ip of the computer you're using PHPSTORM from
Set autostart = 1
Disable connect_back, you will initiate debugging from the server so there is nothign to connect back to
You can also do this without editing your ini by exporting values as env variables, just remember to do this each time you start a new shell (or add to your .bash_profile file):
export XDEBUG_CONFIG="remote_host=<YOUR IP>"
Configure PHPStorm's Debugger
It seems by default, PHPStorm doesn't understand remote-cli scripts, so we need to add a configuration that tells it to expect a CLI script to trigger xdebug
Open the Run Menu and select "Edit Configurations"
Click the Green "+" to to add a new configuration and select "PHP Remote Debug"
Name the Configuration (E.G. MyServer-Behat)
Under the Servers: menu, select your remote server.
If you haven't configured your remote server yet, then do this by clicking the "..." button on the right
Click the Green "+" to add a server configuration. Give it a name (E.G. MyServer) and fill in it's address under Host
Configure it's Path Mappings. This is important if the path to your source files is different on your PHPStorm computer from your server. You can see in my example that i'm relating my local checkout (~/Work/Symfony/) to my server install (/var/www/). I specifically added mappings for src, bin, web, app, and vendor by clicking in the space to the right under "Absolute path on the server" and typing in the path. I had issues just mapping the root's, so I had to add these paths to get my debugger to work.
Debug!
Once that is setup, select your configuration from the drop down in the debugging tool bar and click the bug icon (you can also use the Run menu) to start the debugger listening. This is similar to the default Telephone Button (circled in yellow), but it tells PHPStorm to use your new configuration.
Now simply run behat like you normally would from your server and your debugger should connect and stop on any breakpoints you've placed.
If you're having doubts about if it's working or not, try toggling the "Break on First Line" in the Run menu, as this should make the debugger break immediately when you run behat (in the bin/behat file)
I am using Sublime Text 2 and the SFTP package.
Unfortunately, at work, they use a firewall that blocks a specific port thats required to upload files. Were working on getting that port opened, but for now, i'd like to go through our companies proxy that will allow me to continue using sublime for the time being.
I've gone to Preferences > Package Settings > Package Control > Settings – Default and added my proxy information, but it doesnt seem to work.
Is there anything I need to do to get it working with SFTP?
Thanks
First, add your proxy setting like:
"http_proxy": "proxy.iiit.ac.in:8080",
"https_proxy": "proxy.iiit.ac.in:8080"
in Preferences > Package Settings > Package Control > Settings – User
And restart it!
If it did not work, try following steps:
open your Internet Explorer
tools →internet options→ advanced tag→ Security → Cancel "Check for Server Certificate revocation"
this checkbox
Restart your Sublime Text and it work!
Hope it can help you.