Patrizio Tufarolo | proxy, http_proxy, transparent proxy, iptables, linux, redsocks, cntlm, ntlm, microsoft, cloudflare, cloudflared, libvirt, docker, networking

#FuckYouHTTPProxy | How to use an HTTP proxy system-wide on Linux | How to do transparent proxying with corporates' HTTP proxies

Preamble:

  • Corporates use HTTP proxies.
  • HTTP proxies suck.
  • HTTP proxies implementation on Linux sucks than everything.
  • I have no control of the shitty proxy I'm talking about

Problem:

HTTP proxies suck and corporates use HTTP proxies.
Ok, I already said that.
In the company I'm working in as security consultant, all machines connected to the intranet can't reach the internet. The only way to do so, is to use an internal HTTP proxy that does deep inspection of the internet traffic in order to block "malicious" sites, control downlodaded contents and so on. It's a mess, because also security related websites are blocked too.
The big problem comes when you are also involved in system operations, particullary with Linux systems: handling the proxy in Unix-like systems is a nightmare.
Yes, there is the http_proxy environment variable, you set it and almost every software will use its content to proxy network requests.
Almost.
And what if you need to do some routing, for example to run Docker containers or virtual machines, or proxy-unaware applications?
It happens that, if you don't specify the http_proxy variable inside every single container or vm, they won't reach the internet.
Now, from

Patrizio Tufarolo | docker, imunes, networking, networking laboratory, network simulator, slides, university, sdn, linux, bash

Networking Laboratory - Lessons archive updated - Scripts published

I've uploaded on GitHub the latest version of the slides I made for the networking laboratory class which I've supported during the a.ys. 2015/2016 and 2016/2017.
The slides are available here.

Also I've published some scripts to solve the exercises proposed in the slides.
You can find them here.

Bye :)

Patrizio Tufarolo | snippet, wsl, bash on windows, cdw

[#snippet] How to reach and browse Windows paths rapidly using Bash on Windows (a.k.a. Windows Subsystem For Linux)

Hi,

Here is a simple snippet I've put in my WSL .bashrc file to rapidly reach Windows paths when on Bash for Windows.

cdw() {
    local winpath="$1"
    winpath=$(echo $winpath | sed -e 's/\\$//g' -e 's/C\:/\/mnt\/c/g' -e 's/\\/\//g')
    cd "$winpath"
}

Place it in your .bashrc, then you can type cdw 'C:\What\Ever\Path' and you will reach /mnt/c/What/Ever/Path.

Hint:
You can use the command echo $winpath | sed -e 's/\\$//g' -e 's/C\:/\/mnt\/c/g' -e 's/\\/\//g' alone to translate the Windows path into the corresponding WSL path in your scripts.

Patrizio Tufarolo | pihole, raspberry pi, QubesOS, dns, ad blocker, security, dnsmasq, debian, fedora, xen, virtualization, proxy

How to configure PiHole in QubesOS (ProxyVM)

Pi Hole is a framework that aims to block advertisements on your network using a sinkhole approach on known advertisements domains.

PiHole is based on Raspberry PI, a device that almost all computer enthusiasts have in their home, it is built on top of DNSMasq weaponized with community-maintained blacklist and can be backed with your favorite DNS servers.

But PiHole is not just and adblocker: it provides also a DHCP server and a dashboard for configuration, monitoring and tracking visited urls, allowing the PI owner to detect suspicious behaviors in the network.
Is very convenient to use it, because you have a central point in the network in which ads are conveyed avoiding the usage of addons that act browser-level, and preventing anti ad-blockers mechanisms.
Furthermore, it's open-source and available on GitHub
If you like to play with dedicated hardware, you can adopt a standard approach buying a cheap Raspberry Zero, installing PiHole on it, configuring it to be recognized as an USB ethernet adapter and play with NAT on your machine to give connectivity to him.

The annoying thing comes when you use to use a laptop: you don't have your Raspberry PI in your pocket and, if you

Patrizio Tufarolo

Google Apps Script to automatically tag emails with date-based labels

I use to automatically tag my e-mails with time based labels, on Gmail.
Can I simply use filters?
Maybe yes, but I didn't get to make them work when specifying only dates as criterias.
Maybe I'm idiot, but Gmail simply doesn't allow me to specify such filters.
So I tricked him with a small Google Apps Script, that tags emails with a current year and a current month nested labels.
Please note that it just works for 2017 and month names are in Italian.
I scheduled it to run once a minute.

function labelAllMessages() {
  
  var label2017 = GmailApp.getUserLabelByName("2017");
  
  var months = ["gennaio", "febbraio", "marzo", "aprile", "maggio", "giugno", "luglio", "agosto", "settembre", "ottobre", "novembre", "dicembre"];
  
  var getNumberOfDaysByMonth = function(i) {
    return (i==1) ? 28 : (  !(i>=7 ^ !(i&1)) ? 30:31  );
  };
  
  
  var getDateRangeForMonth = function(ind) {
    var month = months[ind];
    var range = {
      start: new Date(2017, ind, 1).valueOf(),
      end: new Date(2017, ind, getNumberOfDaysByMonth(ind)).valueOf(),
      label: GmailApp.getUserLabelByName("2017/" + month)
    };
    return range;
  };
  
  
  var threads = GmailApp.search('-label:2017 -label:"before 2017"