Scott vs. Regex

I built a blog several years ago to record my lessons-learned in programming, so although I built this blog to record my findings on computer security, I’m still in the business of programming, and am still finding a lot to say. That other blog is way behind, and I want to consolidate, so I’ll be talking about lessons in programming here as well.

One of my ambitions with programming is to become a regex master. Text parsing is one of the funnest things about programming. You may find that strange, but I know I am not alone.

Anyway, I was working on my XML Formatter and was inserting functionality to check for self-contained tags, such as <br />. I was getting very frustrated because my expression simply was not matching any self-contained tags, which were always getting the status of ‘text’ and getting their tag markings stripped out. (I have four classifications – open tags, closed tags, self-contained tags, and text)

My regex worked fine on some of the Javascript regex testing websites, so I figured there must be some subtle difference between how Python and Javascript parse regular expressions. But then I tried doing some tests in the Python command line and those appeared to be working! It must have been because I was using findall to match multiple expressions at once, and something was getting lost in the match-by-match.

I went through the gamut of looking online and finding that regex is not a great way to build an XML parser, but I was not building this to parse XML, I was building it to format XML, because my inner designer hates seeing poorly formatted XML and HTML. But maybe the people were right and I was going to find myself in a forest dark where the straightforward path had been lost. I think I put it off fixing it for a whole week.

Until this morning. After about an hour, I decided that something must be correct about my expression, so maybe the problem was further up.

Then I saw it.

breakdown = (re.findall(OPENSIG + ‘|’ + CLOSESIG + ‘|’ + ‘CONTSIG’ + ‘|’ + TEXTSIG, testString))

 

I had put CONTSIG in quotes. Making it a string literal. Causing the pattern to never match my test string.

Well, here’s my sign.

I’m hoping today to finish up the last piece, allowing for file input. But here’s to nearing the very end of a project!

Burp Suite Session Poisoning

I am unfortunately not talking about poisoning a session to which you are connected – I’m taking about poisoning yourself during a session capture. I use Ice Weasel on Kali Linux, and since it is essentially the same thing as Fire Fox, it copies the default behavior of showing you previews of other websites whenever you open a new tab. So I would open a new tab to try another page in isolation and would watch the site map explode with all sorts of annoying websites such as jquery, Microsoft, add sites, even Facebook, so I changed the settings to show a blank page instead.

I won’t knock on Offensive Security for not wanting to custom compile their own settings into Ice Weasel for every distribution, but if you are using Kali, you may want to think about this before doing any application testing. It’s merely an annoyance at first, but I’m recording it so I don’t forget next time (I have some version of Kali on almost every device I own, whether as a dual-boot option, a virtual machine, or the base operating system).

Check Your Hash Values

I fully converted my Windows 8.1 virtual machine into a server box today and set up a default C#.NET website that can be accessed over my local network. In wanting to learn Burp Suite for application testing, I wanted to make sure I could build and test vulnerable applications, since I learn better that way.

Well, I realized there were a lot of things I would want to test over the network from my Windows laptop, but setting up the appropriate testing programs on the laptop just was not feasible. I had a Kali virtual machine installed, but loading it would often bring the system to a crawl, so I decided that dual booting Kali would be the best solution.

Several failed installs, two wasted DVD-Rs, and several hours later, I realized that the Kali ISO I was using was a partial download on my Linux box that had caused me some trouble in the past. And I had forgotten to delete it. My go-to ISO was on my other Windows box (you can tell I enjoy operating systems, no?), and it has the proper SHA1SUM.

Oh, and for the record, that sum for the 64-bit 2016.1 version is deaa41c5c8f26b7854cafb34b6f1b567871c4875 . I had to use the wayback machine to get this, since they recently released the 64-bit 2016.2 version, which has a hash of 25cc6d53a8bd8886fcb468eb4fbb4cdfac895c65 . Finding that online was nearly impossible, which is surprising to me but a good reminder that I am responsible for my own documentation.

Just one…

sudo dd if=<myfolder>/kali-linux-2016.1-amd64.iso of=/dev/sdf

…later, and things are happy.

So I just wanted to share, please check your hash values. And while you’re at it, don’t leave corrupted files around.