Fiddler Web Debugging Proxy

Here's a useful tool for debugging web apps specifically running in IE versions 8 and below. This is not just limited to applications running on the browser though, it can listen to any application utilizing HTTP / HTTPS. You do not need to configure your proxy settings to redirect traffic, it just works on the fly.

IE 9 has Developer Tools in it, more info [here] just like FireBug for Firefox and Chrome Developer Tools.

It does not mean that we can not use it though. I would still recommend it for debugging HTTP / HTTPS communication to avoid looking at 3 different tools.

Number of Simultaneous Connections in IIS

So I have reached the testing phase of the anti CSRF / CSS / SQL Injection fixes for a classic ASP web application at work. Luckily it didn’t take me long enough to learn the language. My machine will be used for quality assurance purposes. I have encountered an error regarding the number of simultaneous connections made to my local IIS webserver while running OWASP CSRFTester Project.

The fix is simple; just increase the number of simultaneous connections for IIS using the command below:

Assuming your PWD is inetpub\adminscripts

cscript adsutil.vbs set w3svc/MaxConnections 40
iisreset

Repair Windows 7 System Files

8 out of 10 average PC users have their box’s system files altered by malwares, viruses, etc. We usually reinstall the OS if the antivirus and anti malware software did not perform their job well. Here’s one way to fix the corrupted system files without the need of restarting your Windows 7 box.

1. Run the Command Prompt as Administrator
2. Type the following command

C:\Windows\system32\> sfc /scannow

3. After the verification phase, you will receive a message about your system files’ integrity

Windows Resource Protection did not find any integrity violations.

Android Intent

What is an Android Intent?

- functions like a verb
- something like “open contacts manager”, “search contacts”, “call contact”, and etc.
- I see it something like a description of a method / action to be performed
- used for starting other Activities

You can read more about this here: Android Intent

Android Activity

What is an Android Activity?

- one of the building blocks of an Android application
- used for rendering user interfaces that can respond to events
- a single screen
- can return a value to the previous activity
- pushed into a stack every time a new activity starts

You can read more about this here: Android Activity

Let’s help Japan

Help The Victims of the 8.9 Earthquake in Japan by Spreading Awareness and Aid. Visit http://goo.gl/wjZQz to donate.

HTTPS in Tomcat 6.0 Server

1. Create a self-signed server certificate using keytool. Take note of the keystore password, you will need it later on for setting up the server.

keytool -genkeypair -alias tomcat -keyalg RSA -keysize 1024
-dname "CN=localhost, OU=Group, O=Company Name, L=City, S=Region,
C=PH" -validity 365 -keystore keystore

2. Move the generated certificate file (keystore) to Tomcat’s conf directory.

3. Modify conf/server.xml

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https"
secure="true" clientAuth="false"
sslProtocol="TLS"
keystoreFile="conf/keystore" keystorePass="your password" />

4. Restart Tomcat.

5. Visit this link https://localhost:443/. You will receive a warning about the self-signed certificate. If you want to get away with this warning, purchase a commercial certificate.

My New Android 1.6 / Debian Tablet Splash Screen

Logos are registered trademarks of their respective owners.

Created using The GIMP.

MD5 Hash Function for Oracle

Basically there are 2 functions needed. Some people prefer the raw hash instead of the hex equivalent.
1. md5raw - for encoding text in raw md5 hash
2. md5 - for converting raw md5 hash to hex.

Here’s the code for the md5raw function.

create or replace
function md5raw (text in varchar2)
return varchar2 is
hash_value varchar2(20);
begin
   hash_value := dbms_obfuscation_toolkit.md5 (input_string => text);
   return hash_value;
end;

and the code for the md5 function.

create or replace
function md5(text in varchar2)
return varchar2 is
hash_value varchar2(32);
begin
    select lower(rawtohex(md5raw(text)))
    into hash_value
    from dual;
    return hash_value;
end;

Now you can do something like this.

select md5('koala') from dual;
 
|---------------------------------------|
|MD5('koala')                           |
|---------------------------------------|
|a564de63c2d0da68cf47586ee05984d7       |
|---------------------------------------|

Access VirtualBox Shared Folder in Ubuntu Guest

I have been doing this for quite some time now but I failed to document it. First, install the VirtualBox Guest Additions on your host. Then you create a mount point (assuming it is /media/shared).

$ sudo mkdir /media/shared

You may change the path if you want. Mount the shared folder using the command below.

$ sudo mount -t vboxsf <folder> /media/shared

Replace the <folder> above with the correct shared folder name. Enjoy.

Welcome 2011!

Happy New Year! Prospero Ano Nuevo!