Everything, Everything

Earlier this month, I used Burp's Session Handling Rules to get around an anti-CSRF token in order to get sqlmap working. Sqlmap does have native support for anti-CSRF tokens, but when the parameter it needs to update is part of a multipart form it appears that sqlmap fails to find the parameter that will be updated and it just gives up with an error message.

By configuring sqlmap to use Burp's proxy, and configuring a session handling rule in Burp to acquire and update the token, sqlmap doesn't even need to know about the CSRF protection. I stumbled across the idea based on this article.

It turns out that none of the fields were vulnerable to SQL injection (which I sort of knew from manual testing), but it was an interesting challenge.

These 6 albums were released almost two decades ago and yet I've already listened to tracks from 5 of them in 2016. https://t.co/aZQUTfNp3X

Heard extra instruments in the background of Zero 7's Out Of Town. I do love my new headphones.

I was looking for this the other day and discovered that it had been removed from Wikipedia. Thankfully Jonathan Parker took the time to grab the information from the way back machine so it's not lost forever. It's probably getting out of date now, but it's better than having nothing.

I tried following a couple of guides on how to setup VPN access using Windows Server 2012 R2. The first guide for PPTP was going well until I logged into the new Azure portal and tried to add the necessary endpoints - you can only add TCP and UDP ports; you can't add protocols! I switched to using SSTP, which means exposing HTTPS with IIS, and got a lot further. I temporarily installed the self-signed certificate as a trusted root certificate on my computer, otherwise Windows 10 complains about it (and Windows won't let you ignore any certificate errors). I initially tried using the default DHCP setting for IPv4 assignment but it seemed happier with a static pool.

Then I realised that nothing was being routed. It turns out neither of the two guides I'd looked at covered installing Routing and enabling NAT on a public interface so that I can use the VPN connection to talk to other hosts on the Internet, which was the point of my little exercise. After adding the extra role and following the second step in a TechNet article, things appear to be working. If I try and access Netflix or Yahoo it thinks I'm in another part of Western Europe. Presumably if I spin up another Azure VM in America I could make them think I'm based there (although they release shows like Better Call Saul, House of Cards, and Love at the same time as the UK so I'm not too concerned). Bandwidth isn't too expensive either, with Tier 1 costing about £5 for 100GB of traffic.

YES! F**KING YES! :D #AFC

Wow, Drinkwater probably should be off the pitch for that awful foul on Ramsey.

Giroud's flick gives Walcott the chance to score without over thinking. Thankfully he does, with our first shot on target.

Monreal's leg might have been slightly out, but Vardy ran into him instead of following the ball. Will Arsenal finish with 11 men?

They're making another Bourne movie with Matt Damon! https://t.co/iaoffMmkZh

No ticket restrictions today. Also, there are no trains. Okay, maybe a few. You'll all fit on if you squeeze in tight.

Mozilla to end development on Firefox OS for smartphones after the version 2.6 release. Not too surprising. https://t.co/i5gJF3rE2N