mac

SSH and X forwarding

I love SSH, coupled with byobu(an updated GNU screen) it is amazingly powerful.  But sometimes it is really useful to be able to view a GUI application on the remote server end.  Some people think that they need to use VNC to do this.  VNC is terrible, and there is a better way.

Things you will need:

  • An X capable SSH client
    • On Linux you don’t have to worry about this
    • On Windows I recommend MobaXTerm
    • On OS X I think you just need to install something like XQuartz
  • A server that has a graphical environment installed on it
    • Ubuntu Desktop is an easy example
    • Gnome/KDE/XFCE/X11 etc.
  • SSH server installed on the server
  • A GUI application that you want to run over SSH

In my example I’m going to be connecting from a Windows computer, using MobaXTerm, to a Ubuntu Desktop machine, and running WireShark(yes I know about tshark).

Make sure sshd is installed on the Ubuntu machine.

$ sudo apt-get install ssh

Back on the Windows machine, we SSH to the Ubuntu machine. Notice that we are specifying -X which allows us to run X applications over SSH

$ ssh -X username@192.168.1.100

Then we run our application

$ wireshark

And there you have it:
WiresharkOverX

That is Wireshark running on the remote Linux machine.  Notice the GTK/Ubuntu looking buttons, and the Windows colored Window frame.

Thanks for stopping by!

Photo Credit

Decrypting TLS Browser Traffic With Wireshark – The Easy Way!

UPDATE:I’m in the process of migrating my most popular articles and writing some new posts over at redflagsecurity.net. See the latest version of this post at this link.

Intro

Most IT people are somewhat familiar with Wireshark.  It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more.

2015-02-11 22_29_11-

One of the problems with the way Wireshark works is that it can’t easily analyze encrypted traffic, like TLS.  It used to be if you had the private key(s) you could feed them into Wireshark and it would decrypt the traffic on the fly, but it only worked when using RSA for the key exchange mechanism.  As people have started to embrace forward secrecy this broke, as having the private key is no longer enough derive the actual session key used to decrypt the data.  The other problem with this is that a private key should not or can not leave the client, server, or HSM it is in.  This lead me to coming up with very contrived ways of man-in-the-middling myself to decrypt the traffic(e.g. sslstrip or mitmproxy).

Session Key Logging to the Rescue!

Well my friends I’m here to tell you that there is an easier way!  It turns out that Firefox and Chrome both support logging the symmetric session key used to encrypt TLS traffic to a file.  You can then point Wireshark at said file and presto! decrypted TLS traffic.  Read on to learn how to set this up. Read Full Article

Upgrading a 2009 iMac to an SSD

My wife has a 27″ iMac from late 2009. We upgraded her to a more powerful Windows machine about a year ago. The iMac has a beautiful screen and is in good shape, but the performance of it had slowed quite a bit. I took a look at the specs of the machine. It had 4 GBs of RAM and a 1 terabyte hard drive. It also has a Core 2 duo, dual-core processor, which is meh. I figured that there wasn’t a whole lot I could do about the processor, but the hard drive and RAM could be upgraded.

Upgrading RAM on an iMac is supported by Apple and very easy to do on most models. I decided to upgrade it to 8 GBs. I made sure that I bought RAM that was supported by the version of iMac that I was using. I used Crucial’s RAM picker as I have had good experiences with it in the past. On a regular PC I can usually suss out what RAM will be compatible with the motherboard in question. With Macs, I have been burnt by buying RAM that isn’t compatible, so I always check. Actually performing the upgrade was fairly straightforward. I tipped the iMac back so that it was lying horizontal, then unscrewed a panel from the bottom of the monitor housing. As I recall there are some tabs that help you eject the RAM modules. Before you pull the modules out, you may want to take a minute to understand how to put the tabs back before you insert the new modules. It will make it easier to eject the new modules should you ever need to. Also it just looks tidier.
Read Full Article