date:20160225

Re: [PLUG] proxy.pac

2016-02-25 Thread David

On 02/25/2016 08:25 PM, Robert Citek wrote:
> On Thu, Feb 25, 2016 at 7:04 PM, Louis Kowolowski
>  wrote:
>> I don’t know if browsers support a local file for a proxy.pac or not. That 
>> would be the first thing I would investigate.
>
> That's what I was not (and still am not) sure of.  However, the site
> that I originally referenced did have this to say:
>
> "Once you’ve written a proxy auto-config file using the techniques
> above, you can either put it somewhere on your local disk and simply
> point the browser to it, ..."
>
> Unfortunately, it did not elaborate on what browsers or how to point
> the browser to it.
>
> Still googling.
>
> Regards,
> - Robert


Does this link help you?



dafr
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] proxy.pac

2016-02-25 Thread Robert Citek

On Thu, Feb 25, 2016 at 7:04 PM, Louis Kowolowski
 wrote:
> I don’t know if browsers support a local file for a proxy.pac or not. That 
> would be the first thing I would investigate.

That's what I was not (and still am not) sure of.  However, the site
that I originally referenced did have this to say:

"Once you’ve written a proxy auto-config file using the techniques
above, you can either put it somewhere on your local disk and simply
point the browser to it, ..."

Unfortunately, it did not elaborate on what browsers or how to point
the browser to it.

Still googling.

Regards,
- Robert
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] tcpdump whiz?

2016-02-25 Thread Michael Rasmussen


I may be able to wrangle an agreement to install ssldump. 
Life will be easier if I can get it done with tcpdump.

The goal is to capture the SSL handshake packets and then 
check for which devices are not using approved cipher suites.

A make my life really easy solution would spit out the IP address
of the sever and the cipher suite agreed on with the client.

Though in our case both entities are servers or load balancers,
it's not client in the end user sense.


On Thu, Feb 25, 2016 at 07:43:56PM -0800, Martin A. Brown wrote:
> 
> Hi there,
> 
> >I have a group of systems that I need to monitor for use of 
> >approved SSL cipher suites. Wireshark is not available on them. 
> >tcpdump is the tool I need to use.
> 
> >Do you know, or know someone who would know, how to contruct a 
> >tcpdump filter that matches only packets for the SSL handshake?
> >
> >Due to the volume of traffic on the systems I cannot capture 
> >everything and filter later.
> >
> >The most useful hint found so far is at: 
> >http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter
> 
> I'll take a stab at your question from a slightly different angle.  
> 
> Rather than trying to get the BPF just right for something that is a 
> few layers higher in the stack (and requires some stream 
> reassembly logic), perhaps you could try a tool that operates on the 
> stream.
> 
> I know you mentioned that wireshark was not available.  Are you able 
> to install software on these systems?  If so, then you may find that 
> the ssldump program [0] provides you output detail that is closer to 
> your desired question.
> 
> I have never used ssldump in production, but it seems a handy little 
> tool:
> 
>   ssldump  -i "${INTERFACE}" -P
> 
> The -i specifies interface.  The -P says, don't get promiscuous. 
> Hopefully it is in your upstream distribution.  I find it in the 
> stock repositories for both OpenSUSE-13.2 and Ubuntu-14.04.3.
> 
> Need to capture the textual output?  Use, tee, maybe?
> 
> Die, RC4, die [1].
> 
> -Martin
> 
>  [0] http://ssldump.sourceforge.net/
>  [1] https://tools.ietf.org/html/rfc7465
> 
> -- 
> Martin A. Brown
> http://linux-ip.net/
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 

-- 
  Michael Rasmussen, Portland Oregon  
Be Appropriate && Follow Your Curiosity
The weak can never forgive. Forgiveness is the attribute of the strong. 
~ Mahatma Gandhi 
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] tcpdump whiz?

2016-02-25 Thread Martin A. Brown


Hi there,

>I have a group of systems that I need to monitor for use of 
>approved SSL cipher suites. Wireshark is not available on them. 
>tcpdump is the tool I need to use.

>Do you know, or know someone who would know, how to contruct a 
>tcpdump filter that matches only packets for the SSL handshake?
>
>Due to the volume of traffic on the systems I cannot capture 
>everything and filter later.
>
>The most useful hint found so far is at: 
>http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter

I'll take a stab at your question from a slightly different angle.  

Rather than trying to get the BPF just right for something that is a 
few layers higher in the stack (and requires some stream 
reassembly logic), perhaps you could try a tool that operates on the 
stream.

I know you mentioned that wireshark was not available.  Are you able 
to install software on these systems?  If so, then you may find that 
the ssldump program [0] provides you output detail that is closer to 
your desired question.

I have never used ssldump in production, but it seems a handy little 
tool:

  ssldump  -i "${INTERFACE}" -P

The -i specifies interface.  The -P says, don't get promiscuous. 
Hopefully it is in your upstream distribution.  I find it in the 
stock repositories for both OpenSUSE-13.2 and Ubuntu-14.04.3.

Need to capture the textual output?  Use, tee, maybe?

Die, RC4, die [1].

-Martin

 [0] http://ssldump.sourceforge.net/
 [1] https://tools.ietf.org/html/rfc7465

-- 
Martin A. Brown
http://linux-ip.net/
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] tcpdump whiz?

2016-02-25 Thread Michael Rasmussen

On Thu, Feb 25, 2016 at 07:15:50PM -0600, Louis Kowolowski wrote:
> From the link you posted:
> 
> tcpdump -i any -s 1500 (tcp[((tcp[12:1] & 0xf0) >> 2)+5:1] = 0x01) and 
> (tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16)
> 
> This captures the SSL handshake (0x16), and the hello (0x01). Seems 
> reasonable that you could delete the expression for hello and end up with:
> 
> tcpdump -i any -s 1500 (tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16)
> 
> Does this not work?

No, it's too promiscuous. 


-- 
  Michael Rasmussen, Portland Oregon  
Be Appropriate && Follow Your Curiosity
When man invented the bicycle he reached the peak of his attainments. Here
was a machine of precision and balance for the convenience of man. And
(unlike subsequent inventions for man's convenience) the more he used
it, the fitter his body became. Here, for once, was a product of man's
brain that was entirely beneficial to those who used it, and of no harm
or irritation to others. Progress should have stopped when man invented
the bicycle.
~ Elizabeth West, Hovel
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] proxy.pac

2016-02-25 Thread Louis Kowolowski

I don’t know if browsers support a local file for a proxy.pac or not. That 
would be the first thing I would investigate.


> On Feb 25, 2016, at 8:48 PM, Robert Citek  wrote:
> 
> On Thu, Feb 25, 2016 at 1:14 AM, Louis Kowolowski
>  wrote:
>> I’m making some assumptions here, and if they’re not true, you can either 
>> correct me, or if the functionality i describe is what you want, take a look 
>> at https://www.cryptomonkeys.com/2014/07/automatic-http-proxy/ where I 
>> detail how to set this up.
>> 
>> Presumably you have:
>> a) a web server that is passing the proxy.pac file out, and generating logs
>> b) configured the browser’s proxy settings to “auto”
>> 
>> When you start/load the browser, you should be able to see in the 
>> webserver’s logs that its pulling a copy of the proxy.pac file. If this 
>> isn’t the case, that’s likely to be your problem. The site you mention is a 
>> little light on details for all this, so I’m not sure if you only have a 
>> partial setup, or if you’ve misconfigured something.
> 
> A bit more detail: I recently got a Chromebook (nope, I haven't
> installed Linux/Crouton on it, yet).  So this system does not have a
> web server on it, which is what I would normally use.  And I don't
> want to set up a remote webserver.  Instead, my hope it to have the
> proxy.pac file reside locally on the Chromebook itself.  So the URL to
> the proxy.pac file would be something like
> file:///home/chronos/.../proxy.pac.  But thus far, that does not seem
> to be working.
> 
> Thanks for the feedback thus far.
> 
> Regards,
> - Robert
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

--
Louis Kowolowskilou...@cryptomonkeys.org
Cryptomonkeys:   http://www.cryptomonkeys.com/

Making life more interesting for people since 1977



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] proxy.pac

2016-02-25 Thread Robert Citek

On Thu, Feb 25, 2016 at 1:14 AM, Louis Kowolowski
 wrote:
> I’m making some assumptions here, and if they’re not true, you can either 
> correct me, or if the functionality i describe is what you want, take a look 
> at https://www.cryptomonkeys.com/2014/07/automatic-http-proxy/ where I detail 
> how to set this up.
>
> Presumably you have:
> a) a web server that is passing the proxy.pac file out, and generating logs
> b) configured the browser’s proxy settings to “auto”
>
> When you start/load the browser, you should be able to see in the webserver’s 
> logs that its pulling a copy of the proxy.pac file. If this isn’t the case, 
> that’s likely to be your problem. The site you mention is a little light on 
> details for all this, so I’m not sure if you only have a partial setup, or if 
> you’ve misconfigured something.

A bit more detail: I recently got a Chromebook (nope, I haven't
installed Linux/Crouton on it, yet).  So this system does not have a
web server on it, which is what I would normally use.  And I don't
want to set up a remote webserver.  Instead, my hope it to have the
proxy.pac file reside locally on the Chromebook itself.  So the URL to
the proxy.pac file would be something like
file:///home/chronos/.../proxy.pac.  But thus far, that does not seem
to be working.

Thanks for the feedback thus far.

Regards,
- Robert
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] tcpdump whiz?

2016-02-25 Thread Louis Kowolowski

From the link you posted:

tcpdump -i any -s 1500 (tcp[((tcp[12:1] & 0xf0) >> 2)+5:1] = 0x01) and 
(tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16)

This captures the SSL handshake (0x16), and the hello (0x01). Seems reasonable 
that you could delete the expression for hello and end up with:

tcpdump -i any -s 1500 (tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16)

Does this not work?

> On Feb 25, 2016, at 6:08 PM, Michael Rasmussen  wrote:
> 
> I have a group of systems that I need to monitor for use of approved SSL 
> cipher suites.
> Wireshark is not available on them. tcpdump is the tool I need to use.
> 
> Do you know, or know someone who would know, how to contruct a tcpdump filter 
> that matches
> only packets for the SSL handshake?
> 
> Due to the volume of traffic on the systems I cannot capture everything and 
> filter later.
> 
> The most useful hint found so far is at:
> http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter
> 
> 
> 
> --
>  Michael Rasmussen, Portland Oregon
>Be Appropriate && Follow Your Curiosity
> People play badly for various reasons; the most common one is failure
> to judge what they currently produce as inadequate.
>~ Tony Pay (on a Clarinet discussion list)
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

--
Louis Kowolowskilou...@cryptomonkeys.org
Cryptomonkeys:   http://www.cryptomonkeys.com/

Making life more interesting for people since 1977



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] tcpdump whiz?

2016-02-25 Thread Michael Rasmussen

On Thu, Feb 25, 2016 at 04:24:34PM -0800, Ishak Micheil wrote:
> Jim Hassing knows.
No he doesn't. We've already chatted about it.

For those of you scratching your heads over that exchange, Jim, Ishak, and I 
share a common employer.


> On Feb 25, 2016 16:11, "Michael Rasmussen"  wrote:
> 
> > I have a group of systems that I need to monitor for use of approved SSL
> > cipher suites.
> > Wireshark is not available on them. tcpdump is the tool I need to use.
> >
> > Do you know, or know someone who would know, how to contruct a tcpdump
> > filter that matches
> > only packets for the SSL handshake?
> >
> > Due to the volume of traffic on the systems I cannot capture everything
> > and filter later.
> >
> > The most useful hint found so far is at:
> >
> > http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter
> >
> >
> >
> > --
> >   Michael Rasmussen, Portland Oregon
> > Be Appropriate && Follow Your Curiosity
> > People play badly for various reasons; the most common one is failure
> > to judge what they currently produce as inadequate.
> > ~ Tony Pay (on a Clarinet discussion list)
> > ___
> > PLUG mailing list
> > PLUG@lists.pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 

-- 
  Michael Rasmussen, Portland Oregon  
Be Appropriate && Follow Your Curiosity
Too often we enjoy the comfort of opinion without the discomfort of thought.
~ John F. Kennedy
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] tcpdump whiz?

2016-02-25 Thread Ishak Micheil

Jim Hassing knows.
On Feb 25, 2016 16:11, "Michael Rasmussen"  wrote:

> I have a group of systems that I need to monitor for use of approved SSL
> cipher suites.
> Wireshark is not available on them. tcpdump is the tool I need to use.
>
> Do you know, or know someone who would know, how to contruct a tcpdump
> filter that matches
> only packets for the SSL handshake?
>
> Due to the volume of traffic on the systems I cannot capture everything
> and filter later.
>
> The most useful hint found so far is at:
>
> http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter
>
>
>
> --
>   Michael Rasmussen, Portland Oregon
> Be Appropriate && Follow Your Curiosity
> People play badly for various reasons; the most common one is failure
> to judge what they currently produce as inadequate.
> ~ Tony Pay (on a Clarinet discussion list)
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] tcpdump whiz?

2016-02-25 Thread Atom Powers

Shameless Promotion Alert:

The best person I know to answer that is Mike Pennacchi, who is teaching
"Deep Packet Inspection" at CasITConf next month.
http://casitconf.org/casitconf16/tutorials/

On Thu, Feb 25, 2016 at 4:11 PM Michael Rasmussen 
wrote:

> I have a group of systems that I need to monitor for use of approved SSL
> cipher suites.
> Wireshark is not available on them. tcpdump is the tool I need to use.
>
> Do you know, or know someone who would know, how to contruct a tcpdump
> filter that matches
> only packets for the SSL handshake?
>
> Due to the volume of traffic on the systems I cannot capture everything
> and filter later.
>
> The most useful hint found so far is at:
>
> http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter
>
>
>
> --
>   Michael Rasmussen, Portland Oregon
> Be Appropriate && Follow Your Curiosity
> People play badly for various reasons; the most common one is failure
> to judge what they currently produce as inadequate.
> ~ Tony Pay (on a Clarinet discussion list)
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
-- 
Perfection is just a word I use occasionally with mustard.
--Atom Powers--
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] tcpdump whiz?

2016-02-25 Thread Michael Rasmussen

I have a group of systems that I need to monitor for use of approved SSL cipher 
suites.
Wireshark is not available on them. tcpdump is the tool I need to use.

Do you know, or know someone who would know, how to contruct a tcpdump filter 
that matches
only packets for the SSL handshake?

Due to the volume of traffic on the systems I cannot capture everything and 
filter later.

The most useful hint found so far is at:
http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter



-- 
  Michael Rasmussen, Portland Oregon  
Be Appropriate && Follow Your Curiosity
People play badly for various reasons; the most common one is failure
to judge what they currently produce as inadequate.
~ Tony Pay (on a Clarinet discussion list)
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] proxy.pac

2016-02-25 Thread Louis Kowolowski

I’m making some assumptions here, and if they’re not true, you can either 
correct me, or if the functionality i describe is what you want, take a look at 
https://www.cryptomonkeys.com/2014/07/automatic-http-proxy/ where I detail how 
to set this up.

Presumably you have:
a) a web server that is passing the proxy.pac file out, and generating logs
b) configured the browser’s proxy settings to “auto”

When you start/load the browser, you should be able to see in the webserver’s 
logs that its pulling a copy of the proxy.pac file. If this isn’t the case, 
that’s likely to be your problem. The site you mention is a little light on 
details for all this, so I’m not sure if you only have a partial setup, or if 
you’ve misconfigured something.


> On Feb 24, 2016, at 8:45 PM, Robert Citek  wrote:
> 
> Greetings all,
> 
> I have created a SOCKS proxy on a remote server that listens on port
> :5150 and have manually configured my browsers (Chrome, Firefox) to
> use it.
> 
> As the next step, I would like to create a proxy.pac file to
> automatically configure my web browsers to use the SOCKS proxy.  I
> have created a proxy.pac file similar to the one on this page:
> 
> https://mikewest.org/2007/01/auto-configuring-proxy-settings-with-a-pac-file
> 
> which looks like this:
> 
> function FindProxyForURL(url, host) {
>  return "SOCKS 10.1.2.10:5150";
> }
> 
> It seems to work.  Except, that when I change the proxy port on the
> remote from :5150 to :5151, my browser still is able to connect to
> remote sites.
> 
> I have a number of questions, but foremost is, how can I tell if the
> browser is using the proxy or not?
> 
> Regards,
> - Robert
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

--
Louis Kowolowskilou...@cryptomonkeys.org 

Cryptomonkeys:   http://www.cryptomonkeys.com/ 


Making life more interesting for people since 1977



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] proxy.pac

Re: [PLUG] proxy.pac

Re: [PLUG] tcpdump whiz?

Re: [PLUG] tcpdump whiz?

Re: [PLUG] tcpdump whiz?

Re: [PLUG] proxy.pac

Re: [PLUG] proxy.pac

Re: [PLUG] tcpdump whiz?

Re: [PLUG] tcpdump whiz?

Re: [PLUG] tcpdump whiz?

Re: [PLUG] tcpdump whiz?

[PLUG] tcpdump whiz?

Re: [PLUG] proxy.pac

13 matches

Site Navigation

Mail list logo

Footer information