I currently have transmission-daemon installed to debian, set up password protection to it but now i want fail2ban to limit how many times one can try to input username/password before fail2ban bans the ip.
I know that i should config /etc/fail2ban/jail.local but i cant seem to find any information how should i set up a rule to check certain port for excessive login attempts.
Has anyone done this? If yes, please post guide how to do it.
Related
Hi,
There is any way to capture HTTPS Decrypted data on a ROOTED device? I want to check what my phone is sending to app developer servers...
Thanks.
Hi,
couldn't imagine there's an easy way to do it, naturally. A passive MITM using tcpdump won't work AFAIK, but here are some other ideas (without thinking in detail):
1. active MITM
You'd need to have some kind of proxy on your phone acting as a SSL-server for the app and a SSL-client for the original server. But this only works, if the app is really lazy regarding security, which is pretty much unlikely. (I wouldn't even try it)
2. hooking into SSL
To really read end-to-end-encryption, you need to be one of these 'ends', so you could somehow try to modify the libraries responsible for en/decryption (OpenSSL?) and log the data somewhere. (much work, but promising)
3. using strace
You could try to use strace (maybe there's an Android-version out there) with the apps process, maybe there's some readable data. (I'd try this first)
BR,
deep blue
Please use the Q&A Forum for questions Thanks
Moving to Q&A
Hi,
I'm searching how to use strace if it can help... if someone know some other way, i'do like.
Hi,
I just did a test observing the browser with strace...unfortunately it doesn't help, you can also only see encrypted stuff there, if SSL is used.
Sorry,
deep blue
Hi Folks,
My company is importing some Android-based TV boxes from China, and we're experiencing a strange bug with some apps we are developing to run on them. I'm trying to find a specific solution that I can tell them to implement in a firmware upgrade, but I am not sure where to look, so I hope someone here can help!
Anyway here is the problem. In some apps (especially Adobe AIR-based ones), there seems to be a limit to concurrent HTTP requests to a web server. On an earlier ICS 4.0.4 firmware for these devices, this did not cause any problems. But they recently released a JB 4.1.1 firmware, and this problem occurs.
Let's say an app requests 20 items by HTTP from a web server (XML files, PNG or JPG images). What will happen is about 2/3 of these will be sent back, and the rest just remains blank, as if in a perpetual waiting status.
Looking at the web server's logs, there is no requests at all for these missing items.
And, it's totally random. If you re-launch the app, the missing items will be different ones.
So, I am guessing the app can only request so many things at the same time.
No, does anyone know of a system property that could be adjusted to solve this?
BTW I am unable to replicate this bug on any other device. The TV boxes in question are based on Rockchip 3066 SoC's
Using modern HTTP (i.e. HTTP/1.1), you should never open an excessive amount of sessions. Never more than four simultaneous. Using HTTP/1.1 keep-alive, all requests are sent using those four sessions interleaved. If opening one session per object, and doing this in parallel, you'd most certainly lose things due to resource starvation, e.g. the server gets out of worker forks.
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
eTiMaGo said:
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
Click to expand...
Click to collapse
Not blocked, but replied with a TCP reset. Run tcpdump to see what's going on.
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
eTiMaGo said:
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
Click to expand...
Click to collapse
Dump all packets between the hosts: tcpdump -i ethx -s1500 -w packets.pcap host host.nr.one and host host.nr.two
Run the app, then analyze the packets.pcap file for any anomalies (tcpdump -r packets.pcap).
Hi all, I usually dont post on here as I am usually able to figure most things out myself including rooting, harware replacements, app installs using apks and data, generally overall quite proficient but I find myself lost on this one. Thats where the wonderful brains of XDA come in. Basically I have an issue where a certain application uses a login at launch. The application actually redirects to a website to verify the username and password combo. During the first login attempt, it will produce a username and password error. If you close the application and attempt to log in again, same issue. The username/password error is produced in a pop up window with an ok option on it to acknowledge error. Heres where things get a little interesting. If you do not exit the application and hit ok on the error window, you then have the option to try to log in again without relaunching app. This will work every single time. So basically what I am trying to figure out is a way to trace the app on both instances to verify where the application may be failing along the network and using the second instance where it works to cross reference to see failure point. I have tried packet sniffer to no avail. Any other suggestions would be greatly appreciated!
Hi there, this is a fairly specific issue I'm running into. I've tried the official forums for the app in question (Hearthstone) as well as the associated subreddit. So far no luck with either of those. Being that this is a more technical forum I figured someone here might have an idea as to what could be causing my problem.
For anyone unfamiliar with Blizzard games, they have a separate app that generates random 8-digit numbers as a 2-step authentication. When logging into the app I can input e-mail/password, it then takes me to the page for the 8-digit number. However once I put the number in, it immediately sends me back to the e-mail/password page with no indication as to why. I tried purposefully entering an incorrect 8-digit number and it does generate an error message. I then tried to log in to Blizzards game service site (Battle.net) and ran into the exact same issue. Being that both places I have run into are the same company I am not sure if it is something on their end or something on my tablet that might be causing it.
Anyways any thoughts or suggestions would be greatly appreciated as I have yet to find anything that would give me a clue as to what is causing this.
Rooted SM-G900T. Need to run a SIP client connected to a back-end SIP gateway, by using a specific cert. The cert installation only works with PIN as screen lock, not pattern. Pattern gets disabled as option in settings, after cert install. Clearing the credentials - of course - makes the pattern available again, but that is not what I want
Found this article, which I am planning to try next, unless someone here has some other ideas on how to make the pattern work AFTER the normal cert install, rather than the instructions in the article I am referencing here. Maybe my search patterns tried so far did not capture the right articles, but I am little surprised about not having some related issues in these forums - so pointers or RTFF(orum) with appropriate links will be appreciated, also, if I missed such.