Howto use ssh as VPN tunnel

SSH is typically used to log into a remote machine and execute commands, but it also supports tunneling, forwarding TCP ports and X11 connections.

What is SSH Tunneling?

A tunneling protocol may, for example, allow a foreign protocol to run over a network that does not support that particular protocol, such as running IPv6 over IPv4.

SSH tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. … It also provides a way to secure the data traffic of any given application using port forwarding, basically tunneling any TCP/IP port over SSH.

sshuttle

sshuttle is not exactly a VPN, and not exactly port forwarding. It’s kind of both, and kind of neither.

It’s like a VPN, since it can forward every port on an entire network, not just ports you specify. Conveniently, it lets you use the “real” IP addresses of each host rather than faking port numbers on localhost.

On the other hand, the way it works is more like ssh port forwarding than a VPN. Normally, a VPN forwards your data one packet at a time, and doesn’t care about individual connections; ie. it’s “stateless” with respect to the traffic. sshuttle is the opposite of stateless; it tracks every single connection.

Installation

 sudo pip install sshuttle

Example

$ sshuttle --dns -v -r <remote-host> 0/0

ssh-tunnel

* This will forward all connections including DNS requests…

Usage

Working with Spinner in Android (Single Selector)

Spinner

Spinners provide a quick way to select one value from a set then we called it a single selector. A spinner shows its currently selected value from set. In the default state, it shows 0 index value from a set. Touching the spinner displays a dropdown menu or dialog with all other available values in the set, So we can be called it a dropdown.

Dropdown

 

 

 

 

 

 

Let’s check, how we can use it in an application.

Spinner integration has 3 key classes:-

1.  Spinner

2. Spinner Adapter

3. Spinner OnItemSelectedListener

So we will discuss above these classes also, with integration. You can add a spinner to your layout XML file. You can use the below sample code –

Spinner Adapter uses for bind between data set and spinner widget and it manages view for the spinner row item. We can use data as an array of string. See sample code –

Above string array, we will use for the display. So now we need to get reference Spinner which we defined in the XML file. We can use the below sample code –

So now we need to set values in ArrayAdapter. and We set this ArrayAdapter in Spinner. Use below code –

When the user selects an item from the drop-down, the Spinner object receives an on-item-selected event. for manage event, we can use OnItemSelectedListener in the Spinner. Sample code –

onItemSelected gives us a selected position of the spinner.

That’s it. Happy Coding 🙂

Reference:-

https://developer.android.com/guide/topics/ui/controls/spinner#java

Migrate an Existing Project to AndroidX

AndroidX is an open-source project by Google that provides a major improvement to the original Android Support Library. AndroidX is replaced the Support Library. Like support library, Google keeps AndroidX is independently from the Android OS and provides backward-compatibility across Android releases. AndroidX package structure is to encourage smaller and more focused libraries.

AndroidX replaces the original support library APIs with packages in the androidx namespace. Only the package and import names changed. Class, method, and field names did not change in migration.

Example:-

android.support.v7.widget.RecyclerView is changed to androidx.recyclerview.widget.RecyclerView

android.support.v7 is replced by androidx.

Migrating existing project:-

Before start migration, we need to make sure to follow the below things:-

1.  Android studio version should be higher than 3.2, You can check your android studio version from About Android Studio section. also use the latest Gradle version. Check project level Build.Gradle file to change the version.

2. Target SDK version and Compile SDK version should be 28 or greater. Check your app level Build.Gradle file to change target and compile SDK version.

3. Take a backup of your project. 

4. Add below properties to gradle.properties file. You can find this file on Project Level.

A.) android.useAndroidX: set to true, the Android plugin uses the AndroidX library instead of a Support Library. The value is false by default.

B.) android.enableJetifier: set to true, the Android plugin automatically migrates existing third-party libraries to use AndroidX. The value is false by default.

Let’s start migration:-

1.  Click Refactor from the menu in Android studio.

2. Then Click on Migrate to AndroidX from Refactor dropdown.

3. After that, It will ask you to take a backup of the whole project. If you have already taken the backup then ignore this step.

4. After the backup process clicks on Migrate, It will show list all support library where we are using in this project. Just click on Do Refactor and wait for some time.

5. After some time, you can see the project all support library replaced by the AndroidX library. Most of the support library will merge automatically and few we need to replaced manually. If you found any error,  Fix it manually. and test your app carefully. The application could crash due to incorrect auto-correction during migration.

That’s it. Enjoy Coding using AndroidX. 🙂

Reference:-

https://developer.android.com/jetpack/androidx/migrate

Shell script wrapper function for sending messages through Pushover

Pushover makes it easy to get real-time notifications on your Android, iPhone, iPad, and Desktop (Android Wear and Apple Watch, too!)

You can use this shell function anywhere in your script.

Example:

Note: you need to update API tokens and title above

Fetch Contacts From Native Phonebook

Import Contacts In iOS

Contacts are We are going to use built in Contacts.framework to import all contacts in our app. To display a list of contacts, you must have access to the user’s address book. Apple does a great job of protecting the user’s privacy, so you can’t read any of their contacts’ data without asking the user for permission. Similar restrictions apply to access the user’s camera, location, photos, and more.

Whenever we need access to privacy-sensitive information, you are required to specify this in your app’s Info.plist file. This file keeps track of many of your app’s properties, such as its display name, supported interface orientations, and, in the case of accessing a user’s contacts, Info.plist also contains information about why you need access to the user’s contacts.

Let’s go step by step:-

  • Add usage description in Info.plist file for contacts.

Open Plist file and click on plus button to add new row for contact usage description.

Add Privacy – Contacts Usage Description in key

Select Type as String

Write the usage purpose of contacts in your app.

  • Import Contacts Framework in your class.

 

  •  Request for Contact permission

 

Above two function will check Contact authorisation status. If not determined it will show alert for contact permission. Keep in mind you can ask Contact permission only once. Once user denied you can just open Setting screen for enable Contact permission.

  • Fetch Contact Using CNContactStore:-

 

We create a CNContactStore instance and this object is used to communicate directly with the Contacts system on iOS. In this method, we wrap our code in a do-catch statement because two of the methods we use are throwing methods.We can retrieve different values using different Keys like first name, last name, contact image, mobile number, address, emails etc. We then create an array that contains a number of constant keys. These keys directly relate to the information your app has access too.

There is different container Group in Native phonebook. We can retrieve Contacts from different Container according our need. Here we are retrieving contacts of all Groups using store.containers(matching: nil) and iterate it one by one to fetch contacts.

store.unifiedContacts will return array of CNContact which you can store in Your app data or in your app’s database and display contacts In your own tableview Format.

Important:-

In iOS 13, apple have added a new entitlement that is needed if you wish to access the notes for contacts. The entitlement is com.apple.developer.contacts.notes. You can request permission to use this entitlement for an app being put in the App Store.

The reason it was added is primarily for privacy reasons — the notes field can contain any information you might have on the contact; and a lot of times this information is significantly more sensitive than just the contact information.

 

Happy Coding.

Still Confused With SMTP, IMAP, POP Ports?

Configuring SMTP, IMAP and POP ports can be confusing. Users and sometimes even system administrators aren’t sure when to use port 25, 587, or 465.

This article will clarify all ports related to the mail server.

SMTP 25
SMTP-SSL/TLS 587,465
IMAP 143
IMAP-SSL/TLS 993
POP3 110
POP3-SSL/TLS 995

IMAP uses port 143, but SSL/TLS encrypted IMAP uses port 993.

POP uses port 110, but SSL/TLS encrypted POP uses port 995.

SMTP uses port 25, but SSL/TLS encrypted SMTP uses port 465.

587 vs. 465
These port assignments are specified by the Internet Assigned Numbers Authority (IANA):

Port 587: [SMTP] Message submission (SMTP-MSA), a service that accepts submission of email from email clients (MUAs). Described in RFC 6409.
Port 465: URL Rendezvous Directory for SSM (entirely unrelated to email)
Historically, port 465 was initially planned for the SMTPS encryption and authentication “wrapper” over SMTP, but it was quickly deprecated (within months, and over 15 years ago) in favor of STARTTLS over SMTP (RFC 3207). Despite that fact, there are probably many servers that support the deprecated protocol wrapper, primarily to support older clients that implemented SMTPS. Unless you need to support such older clients, SMTPS and its use on port 465 should remain nothing more than a historical footnote.

Howto list all instances in all regions from mutliple accounts using awscli – AWS

AWS Cloud spans 69 Availability Zones within 22 geographic regions around the world, with announced plans for 9 more Availability Zones and three more Regions in Cape Town, Jakarta, and Milan.

If you are using more than one region it takes much time to browse through all regions in a browser and check which instances are running.

To save time, we are using awscli command in a shell script which will list all instances from all regions. You can use multiple profile names.

scrot

 

You can specify multiple profile names as follows:

This will run jobs in parallel and exit when all jobs are completed.

Locking your bash script against parallel execution

Sometimes there’s a need to ensure only one copy of a script runs, i.e prevent two or more copies running simultaneously. Imagine an important cronjob doing something very important, which will fail or corrupt data if two copies of the called program were to run at the same time. To prevent this, a form of MUTEX (mutual exclusion) lock is needed.

The basic procedure is simple: The script checks if a specific condition (locking) is present at startup, if yes, it’s locked – the script doesn’t start.

This article describes locking with common UNIX® tools.

Method 1

setting the noclobber shell option (set -C). This will cause redirection to fail, if the file the redirection points to already exists (using diverse open() methods). Need to write a code example here.

 

Method 2

A simple way to get that is to create a lock directory – with the mkdir command. It will:

create a given directory only if it does not exist, and set a successful exit code
it will set an unsuccessful exit code if an error occurs – for example, if the directory specified already exists
With mkdir it seems, we have our two steps in one simple operation. A (very!) simple locking code might look like this:

In case mkdir reports an error, the script will exit at this point – the MUTEX did its job!

Howto reverse proxy in nginx

Proxying is typically used to distribute the load among several servers, seamlessly show content from different websites, or pass requests for processing to application servers over protocols other than HTTP.

When NGINX proxies a request, it sends the request to a specified proxied server, fetches the response, and sends it back to the client. It is possible to proxy requests to an HTTP server (another NGINX server or any other server) or a non-HTTP server (which can run an application developed with a specific framework, such as PHP or Python) using a specified protocol.

1. To pass a request to an HTTP proxied server, the proxy_pass directive is specified inside a location. For example:

 2. This address can be specified as a domain name or an IP address. The address may also include a port:

3. To pass a request to a non-HTTP proxied server, the appropriate **_pass directive should be used:

  • fastcgi_pass passes a request to a FastCGI server
  • uwsgi_pass passes a request to a uwsgi server
  • scgi_pass passes a request to an SCGI server
  • memcached_pass passes a request to a memcached server

4. Passing Request Headers

 

5. To disable buffering in a specific location, place the proxy_buffering directive in the location with the off parameter, as follows:

 

 

Openvas installation in CentOS 7

What is Openvas?

OpenVAS (Open Vulnerability Assessment System, originally known as GNessUs) is a software framework of several services and tools offering vulnerability scanning and vulnerability management.

All OpenVAS products are free software, and most components are licensed under the GNU General Public License (GPL). Plugins for OpenVAS are written in the Nessus Attack Scripting Language, NASL.

The primary reason to use this scan type is to perform comprehensive security testing of an IP address. It will initially perform a port scan of an IP address to find open services. Once listening services are discovered they are then tested for known vulnerabilities and misconfiguration using a large database (more than 53000 NVT checks). The results are then compiled into a report with detailed information regarding each vulnerability and notable issues discovered.

Once you receive the results of the tests, you will need to check each finding for relevance and possibly false positives. Any confirmed vulnerabilities should be re-mediated to ensure your systems are not at risk.

Vulnerability scans performed from externally hosted servers give you the same perspective as an attacker. This has the advantage of understanding exactly what is exposed on external-facing services.

Step 1: Disable SELinux

sed -i 's/=enforcing/=disabled/' /etc/selinux/config

and reboot the machine.

Step 2:  Install dependencies

yum -y install wget rsync curl net-tools

Step 3: Install OpenVAS repository

install the official repository so that OpenVAS works appropriately in the analysis of vulnerabilities.

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

Step 4: Install OpenVAS

yum -y install openvas

Step 5: Run OpenVAS

Once OpenVAS is installed, we continue to start it by executing the following command:

openvas-setup

Once downloaded it will be necessary to configure the GSAD IP address, Greenbone Security Assistant, which is a web interface to manage system scans.

Step 6: Configure OpenVAS Connectivity

We go to our browser and enter the IP address of the CentOS 7 server where we have installed OpenVAS, and we will see that the following message is displayed:

Openvas dashboard

 

Automatic NVT Updates With Cron

35 1 * * * /usr/sbin/greenbone-nvt-sync > /dev/null
5 0 * * * /usr/sbin/greenbone-scapdata-sync > /dev/null
5 1 * * * /usr/sbin/greenbone-certdata-sync > /dev/null