Simple Aol Reader Google Chrome App

After the Google reader suicide, all the people is finding a new tool to replace it. I am testing a lot of tools, but, by the way, Aol Reader seems like a good option. The tool is in beta status, and doesn’t  have native applications to access it (Aol said that are in development).

For my needs, I wrote a small app to work as a “launcher” from Google Chrome, can be downloaded from here:

http://db.tt/2X5RHzwa

The installation is very easy, download, unzip and follow this steps:

http://superuser.com/questions/247651/how-does-one-install-an-extension-for-chrome-browser-from-the-local-file-system

1

Enjoy!

Patch to compile Skipfish 1.27b in OSX

Yeah, I am obsessed with skipfish ;)

This is the patch to compile version 1.27b in OSX.

Now, i am working in one patch that the developer could make a definitive part of the source code to facilitate the compilation.

This was a great day for science!
skipfish1.27b-osx.patch

Skipfish 1.26b is out and working in OSX

Hey, good news, Skipfish 1.26b is out!

Changelog from 1.19b:

Version 1.26b:
————–

  – phtml added to the dictionary.

  – Yet another workaround for MALLOC_CHECK_. Grr.

Version 1.25b:
————–
  
  – A limit on the number of identically named path elements added. This 
    is a last-resort check against endless recursion (e.g., for ‘subdir’
    -> ‘.’ symlinks).

Version 1.24b:
————–

  – XSS detection now accounts for commented out text.

Version 1.23b:
————–

  – A minor improvement to XHTML detection.

  – HTML vs XHTML mismatches no longer trigger a warning.

Version 1.22b:
————–

  – URL parser now accounts for its own . injection pattern.

Attempt to compile as it is downloaded (without the patch).

Picture_8
My patch to 1.19b works fine in 1.26b too.

$ patch < skipfish.patch 
patching file Makefile
patching file report.c
patching file Info.plist

Picture_7
This was a great day for science!

Skipfish running!

The tool is very nice and useful.

Some recommendations:

1.) Execute it in a terminal with a background color, the app runs with black and white color fonts.

picture_8

 

2.) The tool doesn’t understand the dot (.) as PATH (if you want save the report in the current folder).

3.) The USER-AGENT of Skipfish is sfish (useful to check the task in the webserver log file).

4.) Some test (with the complete.wl) may take a long time, be patient.

Scan time : 1:03:20.0777
   HTTP requests : 1722046 sent (453.23/s), 1107756.62 kB in, 378751.66 kB out (391.11 kB/s)

5.) Check with detail the options of the command and naturally, the final report.
Skipfish_report

Compiling Google Skipfish 1.19b on OSX

The past friday March 19, Google Inc announced on its official blog, the active web application security reconnaissance tool: Skipfish.

Some important things about Skipfish by the developer (lcamtuf):

    • High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, the tool easily achieves 2000 requests per second with responsive targets.

    • Ease of use: the tool features heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
    • Cutting-edge security logic: we incorporated high quality, low false positive, differential security checks capable of spotting a range of subtle flaws, including blind injection vectors.

      Now, how i can build it on OSX?

      You need:

      2.) Fink or Mac ports 

      Ready? Go!

      1.) Install libidn from fink/macports

      $ sudo fink install libidn

      $ sudo port install libidn

      Remember the prefix paths: Fink store all files in /sw/ and macports in /opt/

      2.) Download Skipfish 1.19b (last available now) from here and uncompress in any path, by the example: /usr/local/src

      3.) Download my patch: skipfish-osx.patch and copy it in /usr/local/src/skipfish

      4.) Apply the patch:

      # patch < skipfish-osx.patch 
      patching file Makefile
      patching file report.c
      patching file Info.plist

      5.) Compile with:

      # make

      Picture_8

       

      Quick and easy ;)