Archives (2008 - 2023)

mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

mitmdump is the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP.

Intercept and modify HTTP traffic on the fly Save HTTP conversations for later replay and analysis Replay both HTTP clients and servers Make scripted changes to HTTP traffic using Python SSL interception certs generated on the fly

To that end Aesop consists of three main functions and goals:

Pre-compile and package HPHP - The idea here is simple. To get us up and running as quickly as possible I’ve packaged the HPHP binaries in the full download version of Aesop. This means we no longer have to worry about compiling HPHP, which saves time and possible headache. We needn’t use this version though, we can still download a minimal, Aesop only version complete with full source code.

Compile – Compiling HPHP applications from the command line means well, using a command line, setting environmental variables, and so on. Thus, we remove this burden and instead focus on making sure our code-base is acceptable to HPHP.

Aesop builds the file lists HPHP requires for code-compilation, sets environment variables, displays errors, and also manages the results of HPHP for the other main function of Aesop…

Manage Servers – Compiling code is only half the story. Once compiled HPHP has literally created a server-in-a-box for us. It’s a single executable that contains your source converted to C++, a web server, and the full PHP run-time. Aesop manages these executable for us in a nice list format, allowing us to start, stop and delete them at will. Of course setting their properties using GUI controls or a more advanced interface to a so-called HDF file is included as well.

HTML5 Web Security describes issues, vulnerabilities, threat & attack scenarios and countermeasures across 80 pages including numerous well thought-out diagrams, and is backed up with detailed references and an appendix full of attack details.

The main sections are:

2.2 Cross-origin resource sharing 2.3 Web storage 2.4 Offline web application 2.5 Web messaging 2.6 Custom scheme and content handlers 2.7 Web sockets API 2.8 Geolocation API 2.9 Implicit relevant features of HTML5 Web workers, new elements, attributes and CSS, Iframe sandboxing and server-sent events

Crew is a code review tool for git projects. It works with a simple API : you can easily integrate it in your workflow.

Crew is a standalone LAMP project. It is based on web common technologies(symfony 1.x, jQuery and LESS) : you can easily install it on your own server.

Crew is an open-source project. It is published under MIT license : you can use it Like A Boss !

So, what is GitHub Flow?

  Anything in the master branch is deployable   To work on something new, create a descriptively named branch off of master (ie: new-oauth2-scopes)   Commit to that branch locally and regularly push your work to the same named branch on the server   When you need feedback or help, or you think the branch is ready for merging, open a pull request   After someone else has reviewed and signed off on the feature, you can merge it into master   Once it is merged and pushed to ‘master’, you can and should deploy immediately

VeeWee: the tool to easily build vagrant base boxes Vagrant is a great tool to test new things or changes in a virtual machine(Virtualbox) using either chef or puppet. The first step is to download an existing 'base box'. I believe this scares a lot of people as they don't know who or how this box was build. Therefore lots of people end up first building their own base box to use with vagrant.

Veewee tries to automate this and to share the knowledge and sources you need to create a basebox. Instead of creating custom ISO's from your favorite distribution, it leverages the 'keyboardputscancode' command of Virtualbox so send the actual 'boot prompt' keysequence to boot an existing iso.