Showing posts with label proxy. Show all posts
Showing posts with label proxy. Show all posts

Sunday, March 21, 2021

OWASP ZAP: A quick introduction

OWASP ZAP or Zed Attack Proxy is an open source dynamic application security testing (DAST) tool. It is available here and has a website with documentation here. I recently encountered it when looking for open source security test tools to embed in a CI/CD pipeline (here). I was surprised by how versatile this tool is. In this blog post I'll summarize several ways how you can use it. 

Read more »
Posted by at No comments:
Labels: , , , , , , , , , , ,

Sunday, February 23, 2020

Secure browsing using a local SOCKS proxy server (on desktop or mobile) and an always free OCI compute instance as SSH server

Oracle provides several services as 'always free'. In contrast to Azure and Amazon, these include compute instances which remain 'forever' free to use. Although there are some limitations on CPU, disk, network resources, these instances are ideal to use as a remote SSH server and with a little effort a connection target for a locally running SOCKS proxy server. When you configure a browser to use that SOCKS proxy, your web traffic will be send through a secure channel (SSH tunnel) towards the OCI instance and the OCI instance will appear as your browsers client IP for remote sites you visit.

An SSH server in combination with a locally running SOCKS proxy server allows you to browse the internet more securely from for example public Wifi hotspots by routing your internet traffic through a secure channel via a remote server. If you combine this with DNS over HTTPS, which is currently at least available in Firefox and Chrome, it will be more difficult for other parties to analyse your traffic. Also it allows you to access resources from a server outside of a company network which can have benefits for example if you want to check how a company hosted service looks to a customer from the outside. Having a server in a different country as a proxy can also have benefits if certain services are only available from a certain country (a similar benefit as using a VPN or using Tor) or as a means to circumvent censorship.

Do check what is allowed in your company, by your ISP and is legal within your country before using such techniques though. I of course don't want you to do anything illegal and blame me for it ;)

Read more »
Posted by at No comments:
Labels: , , , ,

Friday, July 13, 2018

Securely access remote content using a proxy server accessed with SSH

There are numerous occasions that I was limited in my work because of connectivity which could not be trusted. For example;
  • I could not download large installers due to a proxy anti virus tool which manipulated downloads causing files to become corrupted.
  • I needed to visit a website to find a solution to a problem, but the local proxy server found the content offensive and disallowed me to visit the site. 
  • I have stayed in hotels in which I was not sure that my internet traffic was not being monitored. I was hesitant to access remote services which required credentials.
  • At the airport, the public Wifi can sometimes not be trusted. Someone could run a local hotspot with the same name and become a man in the middle intercepting credentials of people connecting to it.
The method described in this blog allows you to access external resources with few limitations in a relatively secure way. It makes it easy to circumvent most content scanning/manipulation. Do mind that this method might be a violation of certain rules/regulations/policies. When in doubt, first confirm you're allowed to use it.

In short what you do is
  • Run an SSH server on a different location on port 443
  • On the same server which runs an SSH server, run your own HTTP/HTTPS proxy server (or use the SSH server itself as SOCKS proxy)
  • Connect to the SSH server
  • Map the proxy port to your local machine
  • Use the configured port as proxy server in your browser configuration. 
This might seem complex but it is easier than you might think and once setup, it is easy to re-use. Also it is easier, more flexible and in some cases also more secure than using a VPN.

Read more »
Posted by at No comments:
Labels: , , , , , , , , ,

Saturday, May 28, 2016

Integration Cloud Service (ICS): Execution Agent proxy issue: NumberFormatException

Integration Cloud Service (ICS) offers an Execution Agent which you can download and install on-premises. This provides a local ICS instance. The Execution Agent is useful in several situations. When you have an ICS trial, it is valid only for a period of 30 days. After initial installation (which does require an ICS subscription), you can use the Execution Agent indefinitely. Secondly, you have full control over the Execution Agent since it is a local installation and not managed by Oracle such as the Oracle Cloud instances. This means you can for example log all requests and replies, install and test a custom Cloud Adapter or browse the Service Bus log files and deployments in case something goes wrong. Currently this is not possible in the Oracle Public Cloud without creating SR's. This blog post is based on the below version of ICS and might not be valid in future versions.


You can download the Execution Agent from the Agents page:


The installation requires Oracle Enterprise Linux 6 UC4 or above. Read the documentation here.
Read more »
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)