| . |
|
Bitland.Net Security Notes
Comments? email jwilkins-at-bitland*net
More information on the author at Jonathan Wilkins's home page RSS feed available at http://www.bitland.net/index.rss 
|
| Archives: 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000 |
| |
| |
| Fixing the Firefox profile selection dialog | (2007/05/18 14:00) |
If you have a bunch of profiles, then the non-resizable profile selection dialog that pops up when you launch Firefox is a bit of an annoyance. To fix this: On *nix - edit /usr/share/firefox/chrome/toolkit/content/mozapps/profile/profileSelection.xul around line 91
<listbox id="profiles" rows="10" seltype="single"
ondblclick="onProfilesDblClick(event)"
onkeypress="onProfilesKey(event);">
</listbox>
On Windows you have to jump through a few more hoops. Go to \Program Files\Mozilla Firefox\chrome and unzip toolkit.jar, then edit content\mozapps\profile\profileSelection.xul the same as above. I also changed the dialog style (around line 60) to read: style="width: 30em; height:400px;" Then re-zip using store instead of deflate and replace the existing toolkit.jar file.
You can also download my firefox-2-toolkit.jar, if you don't want to do it yourself. All Firefox sessions have to be closed in order to replace toolkit.jar.
|
| +digg | +del.icio.us | [Tools ] | Permanent link |
| |
| Running Multiple Instances of Firefox | (2006/09/17 20:30) |
I find it really useful to be able to run multiple instances of Firefox in order to do web testing as well as to support running things like Tor. Firefox doesn't support this out of the box, but there's a quick tweak you can use to enable this. You need to do the following:
I also use a different theme for each profile so I have a visual hint which profile I'm running. |
| +digg | +del.icio.us | [Tools ] | Permanent link |
| |
| Norman Sandbox | (2005/12/16 10:00) |
Thorsten Holz recently pointed out the Norman Sandbox on Dave Aitel's Daily Dave mailing list This tool analyzes random malware and tells you what it does. You upload it and it prints out stuff like: [ Network services ] * Looks for an Internet connection. * Connects to "lazy.irwanmartin.com" on port 6667 (TCP). * Connects to IRC server. * IRC: Uses nickname |521508. * IRC: Uses username mlraczsp. * IRC: Joins channel #bin with password 64b5e2Nb. * IRC: Sets the usermode for user |521508 to -x-i. Looks quite handy. |
| +digg | +del.icio.us | [Tools ] | Permanent link |
| |
| GoogleSweep | (2005/05/17 11:00) |
Robert McGrew just announced an interesting discovery tool called GoogleSweep It does Google queries on a given address space and hopes to find interesting things like web statistics, posts to mailing lists (to harvest usernames, etc) entries in log files and the like. It's written in python, so it's quite hackable too. You can get some really interesting results, especially if you use an IP range that a company uses for it's proxy servers. |
| +digg | +del.icio.us | [Tools ] | Permanent link |
| |
| HTTPS Testing tools | (2003/05/31 18:00) |
Testing straight HTTP pages is easy. Just fire up netcat and go. (Actually, this gets a bit more complicated with IIS6 as it doesn't accept \n's in leiu of \r\n's, which is bloody annoying) Testing HTTPS is a bit harder. You have to throw something that speaks SSL in the way. This comes up on the various SecurityFocus mailing lists every once in a while, so I thought I'd aggregate some of the suggestions. OpenSSL OpenSSL comes with a command line tool that allows you to put arbitrary TCP streams over SSL. This can be combined with netcat easily. @Stake's WebProxy WebProxy 2.1 is way better than previous versions. It will do SSL MITM for proxied connections. I don't know anything about the following tools, they were recommended on the lists. Exodus HTTPPush Sleuth Sleuth 1.36 (free, Linux) SSL-Proxy |
| +digg | +del.icio.us | [Tools ] | Permanent link |
| |
| L3Edit Tool Released | (2003/02/02 22:56) |
I wrote a tool to allow direct manipulation of ethernet frames. It's handy for testing binary protocols. It has two modes, the first allows automatic randomizing of frames and the second allows manual editing. It's available Here Comments are welcomed.. email me: jwilkins at bitland dot net |
| +digg | +del.icio.us | [Tools ] | Permanent link |
| |
| RSS feed available at http://www.bitland.net/index.rss |