Simple Aol Reader Google Chrome App

After the Google reader suicide, all the people is finding a new tool to replace it. I am testing a lot of tools, but, by the way, Aol Reader seems like a good option. The tool is in beta status, and doesn’t  have native applications to access it (Aol said that are in development).

For my needs, I wrote a small app to work as a “launcher” from Google Chrome, can be downloaded from here:

The installation is very easy, download, unzip and follow this steps:



Patch to compile Skipfish 1.27b in OSX

Yeah, I am obsessed with skipfish 😉

This is the patch to compile version 1.27b in OSX.

Now, i am working in one patch that the developer could make a definitive part of the source code to facilitate the compilation.

This was a great day for science!

Skipfish 1.26b is out and working in OSX

Hey, good news, Skipfish 1.26b is out!

Changelog from 1.19b:

Version 1.26b:

  – phtml added to the dictionary.

  – Yet another workaround for MALLOC_CHECK_. Grr.

Version 1.25b:
  – A limit on the number of identically named path elements added. This 
    is a last-resort check against endless recursion (e.g., for ‘subdir’
    -> ‘.’ symlinks).

Version 1.24b:

  – XSS detection now accounts for commented out text.

Version 1.23b:

  – A minor improvement to XHTML detection.

  – HTML vs XHTML mismatches no longer trigger a warning.

Version 1.22b:

  – URL parser now accounts for its own . injection pattern.

Attempt to compile as it is downloaded (without the patch).

My patch to 1.19b works fine in 1.26b too.

$ patch < skipfish.patch 
patching file Makefile
patching file report.c
patching file Info.plist

This was a great day for science!

Skipfish running!

The tool is very nice and useful.

Some recommendations:

1.) Execute it in a terminal with a background color, the app runs with black and white color fonts.



2.) The tool doesn’t understand the dot (.) as PATH (if you want save the report in the current folder).

3.) The USER-AGENT of Skipfish is sfish (useful to check the task in the webserver log file).

4.) Some test (with the complete.wl) may take a long time, be patient.

Scan time : 1:03:20.0777
   HTTP requests : 1722046 sent (453.23/s), 1107756.62 kB in, 378751.66 kB out (391.11 kB/s)

5.) Check with detail the options of the command and naturally, the final report.

Compiling Google Skipfish 1.19b on OSX

The past friday March 19, Google Inc announced on its official blog, the active web application security reconnaissance tool: Skipfish.

Some important things about Skipfish by the developer (lcamtuf):

    • High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, the tool easily achieves 2000 requests per second with responsive targets.

    • Ease of use: the tool features heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
    • Cutting-edge security logic: we incorporated high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors.

      Now, how i can build it on OSX?

      You need:

      2.) Fink or Mac ports 

      Ready? Go!

      1.) Install libidn from fink/macports

      $ sudo fink install libidn

      $ sudo port install libidn

      Remember the prefix paths: Fink store all files in /sw/ and macports in /opt/

      2.) Download Skipfish 1.19b (last available now) from here and uncompress in any path, by the example: /usr/local/src

      3.) Download my patch: skipfish-osx.patch and copy it in /usr/local/src/skipfish

      4.) Apply the patch:

      # patch < skipfish-osx.patch 
      patching file Makefile
      patching file report.c
      patching file Info.plist

      5.) Compile with:

      # make



      Quick and easy 😉