So, running around a remote war driver makes little sense if you can't see what it is finding. I attempted to use kismet2html running on lighttpd last night. I kept running into some weird issue that prevented the php files to render at all though. It works great on a full blown php install, but I think the php5 package for openwrt has some issues. So instead I'll just take a page out of webif's methods and do some shell scripting to render the HTML. Not the sexiest method, but it will work.
Wednesday, April 18, 2007
New Router, New Batteries
I still don't know what caused the WRTSL54GS to die, but with only a few weeks until the end of the semester I had to continue on. I broke out the spare WRTSL54GS and installed it on the tank over the weekend. There were a number of modifications made this time to the assembly. First, the router was installed on thicker grommets to lift it further from the plexiglass base. Second, I bought two 12 volt lead sealed batteries to replace the 7.2 volt packs I had before. Last, and most unexpectedly, I broke the plexiglass base while drilling out the holes to hold the larger batteries. **sigh** So off I ran to Home Depot to by another sheet of plexiglass to mount everything to.
Here's the tank part way through reassembly.
Finally put back together. The problem I have now is that it is too front heavy with the new batteries and gets a bit bouncy because of it. So, I'll be moving the batteries closer to the center shortly.
Here's the tank part way through reassembly.
Finally put back together. The problem I have now is that it is too front heavy with the new batteries and gets a bit bouncy because of it. So, I'll be moving the batteries closer to the center shortly.
Tuesday, April 17, 2007
Scanning Source Code for Vulnerabilities Before Checkin
I was sitting in #webappsec today when zn- made the comment that he really wanted something to check code for security vulnerabilities as code was being checked into source control. Then if something was found it could refuse the code or do whatever the group had decided to do with it. This got me thinking a bit about it. The company I work for does an extremely basic check of this nature for things like inline SQL in web code. If the code has something that matches its pattern, then it checks the code in and notifies engineering management of the issue. Now this isn't the most robust check in the world, so how could this be improved?
The Web Application Security Consortium has an article up about using security frameworks in web development. It refers to a few different frameworks such as The Java Validation Library and Microsoft's anti-xss library. So it brings up an interesting idea. How would someone do some scripting on their source control server that would run the checked in code against these libraries? What would be the issues that you would run into. At home I use Subversion on UNIX. How would I check code developed for the Microsoft platform against there anti-xss library from my UNIX host? Would it be possible? Or would the library be totally unusable for the purpose of doing automated code audits. I admit, I don't know much about either of these libraries at this time, but it would be REALLY cool to be able to call some method that runs the code through a security framework for potential issues. I think I might be playing around with this some in the future. If nothing else, I need another couple of units at school to graduate and this might make a good project to play with.
The Web Application Security Consortium has an article up about using security frameworks in web development. It refers to a few different frameworks such as The Java Validation Library and Microsoft's anti-xss library. So it brings up an interesting idea. How would someone do some scripting on their source control server that would run the checked in code against these libraries? What would be the issues that you would run into. At home I use Subversion on UNIX. How would I check code developed for the Microsoft platform against there anti-xss library from my UNIX host? Would it be possible? Or would the library be totally unusable for the purpose of doing automated code audits. I admit, I don't know much about either of these libraries at this time, but it would be REALLY cool to be able to call some method that runs the code through a security framework for potential issues. I think I might be playing around with this some in the future. If nothing else, I need another couple of units at school to graduate and this might make a good project to play with.
Wednesday, April 11, 2007
Death of a Router
Well, I guess it had to happen at some point, but I've finally had my first major setback on the project. I'm not sure when it occurred, but my WRTSL54GS bit the dust some where along the line. Friday and Saturday I mounted the routers to the car and all looked well. Sunday I ran ping tests until the batteries died on both routers. I was feeling really good about it all. I didn't mess with the machine for a couple of days, but I took it to work to show it off. Today I noticed that the router hadn't initialized the USB drive on the SL54GS, but I figured it was some kind of boot error. Not so. The router no longer responds to pings and either I botched the console head block install, or it isn't handing out console output either. The end result is that the thing is dead. Multiple failures at resetting to fail-safe mode and trying to tftp to it. **sigh**
So now what? I have my spare router, but I have a couple of questions about this whole thing. Here are the only things I can think of that caused the issue.
So now what? I have my spare router, but I have a couple of questions about this whole thing. Here are the only things I can think of that caused the issue.
- I shorted the router out at some point and didn't notice. Definitely possible and I will be doing more to insulate the mounting screw beneath the board to make sure.
- The battery test killed it when the voltage dropped too low. This seems kinda unlikely to me. Why would low voltage brick the thing? Wouldn't it just shut down? Still something to consider.
- One of my kids got to it between Sunday's testing and my demos today. Not all together unlikely either.
Tuesday, April 10, 2007
What I did over Easter weekend....
Just a quick post to show off the wardriver. I spent most of Friday and a chunk of Saturday assembling the monstrosity. It was way too much fun. Here's the basic recipe so far.
- A single Blizzard EV
- 3 - 7.2 volt battery packs
- 1 - Linksys WRTSL54GS Router
- 1 - Linksys WRT54GL Router
- 1 - Airlink 101 Omni-directional antenna for 10 dBi gain
- 1 - 1 GB USB drive
- Add plexiglass, four right angle brackets, assorted hardware and cabling
- Mix well, charge the batteries and...
Subscribe to:
Comments (Atom)