Archive

Archive for June, 2012

Remove the facebook annoying seen label

June 12, 2012 Leave a comment

Do you like the new facebook “feature” that tell’s you when someone sees your messages?!

I think I can assume that only stalkers like this new feature… 🙂 I don’t like to put any pressure to reply my messages, and I don’t like when someone asks why I’m not replying.

TLDR – here

If you want to know how this is done, it’s very simple!

So every time you see a message your browser sends a request to a facebook page saying that you saw that message.

How do I find this things?!

Simply open chrome in debug mode and switch to Network, next use an account to send a message to you and see what shows when the seen message pops up on the other side. You’ll find something like this…

And this is it… All we have to do is to block this request and it’s done. 🙂

So how do I block this?!

It’s very simple if you are talking about chrome, can’t say about others because I’m not familiar with their extensions, on chrome you just need to filter the request using…

chrome.webRequest.onBeforeRequest

If you check the documentation you have an example that is almost exactly what you need.

chrome.webRequest.onBeforeRequest.addListener(
   function(details) { return {cancel: true}; },
   {urls: ["*://www.evil.com/*"]},
   ["blocking"]);

This simple code blocks any request going to http://www.evil.com , so you need to change this piece of code to match the facebook url found earlier.

Something like this: “*://*facebook.com/ajax/mercury/change_read_status*” and it’s done!

So make your own plugin or download this one available on Chrome web store https://chrome.google.com/webstore/detail/oakagafhajhfmgaeekngfnhlbjjgoddo

Make Chrome your default browser on Debian testing

June 8, 2012 1 comment

I was having a few problems setting chrome to be the default browser, don’t know why but the browser can’t set itself as the default browser. There’s no error this function simply has no effect.

So how do you do it?! It’s very easy and simple…

First you need to set chrome as your default alternative.

sudo update-alternatives –config x-www-browser (Select chrome as default)

If you are using gnome…

At first I thought that this was enough… Well it wasn’t and after one or two reboots I wasn’t able to open links from pidgin, for example.

Here comes the second part…

sudo cp /opt/google/chrome/google-chrome.desktop /usr/share/applications/.

sudo update-menus

And you should be ready to go… 🙂

PasteMiner – a pastebin monitor

Pasteminer is a monitoring tool for pastebin, with the following features:

  • Multi-threaded (But it’s python, these two don’t mix very well)
  • Proxy’s can be used to collect information
  • Filters data using White List or Black List
  • Filters can be a simple keyword, a Word List or a regular expression

TLDR -> pasteminer 🙂

Well this was something I coded a while back, I was doing some experiments with pastebin and used this to collect information about what was being uploaded.

I was doing this experiment for multiple reasons, but mainly to test a few theories. Well, first it’s a good way to keep up-to-date about the trending subjects that pull more users to open or view spam messages or to run virus. The usual and more common subjects are, iPhone jailbreak, movies, music, stollen and premium accounts etc. These guys don’t waste time they are up-to-date on what the users want!

As an example lately pastebin has been flooded with diablo3 “hacks/cracks” nothing more than scam/hacking attempts. So we can say that pastebin is a good source to get the latest malicious software samples about these subjects, to be dismantled and disabled stopping the operators before they manage to hit someone.

Continuing with diablo3 example, blizzard could gain some insight on how these pirates are working by simply keeping an eye on pastebin and other similar sources. Creating patterns and applying them in the “wild web” to detect these scam attempts on their products.

Pastebin is also used by hacking groups to post some of their achievements, usually this is done by posting private information about their targets. If a company is monitoring pastebin and some group posts sensitive information, an alert can be generated sent in matter of seconds, and in these subjects a quick response is everything.

This is the obvious and direct advantage of monitoring these sources, but this is just one among many. For example we can go further by “keeping an eye” at these leaked user data and checking if an employee of our company was a victim. This situation can be a huge security problem, because normally we use the same passwords for different services. When a situation like this is detected the compromised accounts can be disabled and a warning issued to the employee requesting to fix this problem.

While I was testing pasteminer there was an *individual* work submission of a class in my university, and just for fun I tried to see if anyone shared some code from the submission, to be clear I wasn’t attending that class :). Just in a few hours I was successful in this search since it was very easy to search for a couple of keywords.

There are a lot more of uses for a piece of software like this, these are just some of the most simple.

The code is very simple and may have/has some bugs, it’s not a piece of art but does it’s job as a POC very well. 🙂 served it’s purpose well. I wasn’t planing on realeasing it but changed my mind and decided to post this and I ended writing a lot more than I expected 🙂

Thank you for reading this even if it doesn’t have a single line of code!

 

Categories: Tools, Tutorial