Azure Blob Storage Operation Notes

10/30/2021

This post is to show you the methods how to access your Azure Blob storages, especially under Windows.

You will be able to use NFS 3.0 protocol to mount Blob storage container.

Azure Storage Explorer

Azure Portal, from storage accounts page, you can click "Open in Explorer":

You can use Azure Storage Explorer (Free tool to easily manage your Azure cloud storage resources anywhere, from Windows, macOS, or Linux)

Download link:https://azure.microsoft.com/en-in/features/storage-explorer/

More details can be found from this link: Manage Azure Blob Storage resources with Storage Explorer

Connect to Blob container:

Anonymously access:

Enter your blob container URL: https://teststorage51sec.blob.core.windows.net/testcontainer2

teststorage51sec is storage account name

testcontainer2 is container name

Download an Archived file will be failed, but hot/cool will be ok. Cool download has no delay based on testing.

Change access layer for archive file. It is dehydrate process.

You can choose to upload to a new folder to create a folder under Blob container when uploading files. You also can choose multiple files to upload at one time.

Access Blob Storage Using Linux

References: Mount Blob storage by using the Network File System (NFS) 3.0 protocol

Mounting on Linux is simple, but you’ll need to have an NFS client install first. Some distros have this automatically installed, but others will need to install it.

Once it’s installed, create a mountpoint with mkdir. You may need sudo if you aren’t a root user or don’t have permissions.

mkdir /mnt/mystuff

After creating the mountpoint, mount the Storage Account with the mount command.

mount -o sec=sys,vers=3,nolock,proto=tcp testnfs3sec.blob.core.windows.net:/testnfs3sec/nfs3test /mnt/mystuff

Access Blob Storage in Windows

Mounting Blob Storage using NFS 3.0

Reference link: https://hovermind.com/azure-virtual-machine/mounting-blob-storage.html#points-to-be-noted

Enable cloud shell (https://shell.azure.com.) will cause a small charges since it will requires a storage account with a new resource group to store some information.

Requesting a Cloud Shell.Succeeded.
Connecting terminal...

Welcome to Azure Cloud Shell

Type "az" to use Azure CLI
Type "help" to learn about Cloud Shell


MOTD: Save files to $home/clouddrive for persistence across sessions

VERBOSE: Authenticating to Azure ...
VERBOSE: Building your Azure drive ...
PS /home/netsec>
PS /home/netsec> Register-AzProviderFeature -FeatureName AllowNFSV3 -ProviderNamespace Microsoft.Storage

FeatureName ProviderName      RegistrationState
----------- ------------      -----------------
AllowNFSV3  Microsoft.Storage Registering

PS /home/netsec>
PS /home/netsec> Register-AzResourceProvider -ProviderNamespace Microsoft.Storage

ProviderNamespace : Microsoft.Storage
RegistrationState : Registered
ResourceTypes     : {storageAccounts/encryptionScopes, deletedAccounts, locations/deletedAccounts, storageAccounts…}
Locations         : {East US, East US 2, West US, West Europe…}


PS /home/netsec>

Verify that NFS is registered

PS /home/netsec> Get-AzProviderFeature -ProviderNamespace Microsoft.Storage -FeatureName AllowNFSV3

FeatureName ProviderName      RegistrationState
----------- ------------      -----------------
AllowNFSV3  Microsoft.Storage Registering


PS /home/netsec>

On your VM, install client for NFS.

You will need to enable write access to the NFS share by creating two registry settings. You can do this by launching PowerShell and running the following two commands. Once this is done, you need to reboot or restart the NFS service. Failed to do this step, you will only be able to mount the NFS container, but not able to access it. It will show you error to say no permission.

New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousUid -PropertyType DWord -Value 0

New-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default -Name AnonymousGid -PropertyType DWord -Value 0

Restart client VM.

C:\Users\netsec>mount -o nolock testnfs3sec.blob.core.windows.net:/testnfs3sec/nfs3test *
Z: is now successfully connected to testnfs3sec.blob.core.windows.net:/testnfs3sec/nfs3test

The command completed successfully.

C:\Users\netsec>

Performance:

The uploading speed is about 120Mbps from local to mounted NFS share.

But when using Azure Storage Explorer, it can reach around 430Mbps.

References

via Blogger http://blog.51sec.org/2021/10/azure-blob-storage-operation-notes.html
October 30, 2021 at 09:22PM Cloud

0 Comments

Azure Storage Studying Notes

10/30/2021

0 Comments

Azure Storage Studying Notes
Azure Storage is a Microsoft-managed cloud service that provides storage that is highly available, secure, durable, scalable and redundant. Whether it is images, audio, video, logs, configuration files, or sensor data from an IoT array, data needs to be stored in a way that can be easily accessible for analysis purposes, and Azure Storage provides options for each one of these possible use cases.

Within Azure there are two types of storage accounts, four types of storage, four levels of data redundancy and three tiers for storing files.

image alt text

Storage Accounts

An Azure storage account contains all of your Azure Storage data objects: blobs, file shares, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that's accessible from anywhere in the world over HTTP or HTTPS. Data in your storage account is durable and highly available, secure, and massively scalable.

Azure Document : How to create a storage account.

A storage account provides a unique namespace in Azure for your data. Every object that you store in Azure Storage has an address that includes your unique account name. The combination of the account name and the Azure Storage service endpoint forms the endpoints for your storage account.

The Azure Storage platform comprises the following data services:

Azure Blobs are an immensely scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2.
Azure Files are organized file shares for cloud or on-premises deployments.
Azure Queue is a messaging store for consistent messaging between application components.
Azure Tables are NoSQL store for schema-less storage of structured data.
Azure Disks are block-level storage volumes for Azure Virtual Machines.

Type of Storage Accounts:

Standard general-purpose v2
Premium block blobs
Premium file shares
Premium page blobs

Note: https://cloud.netapp.com/blog/azure-anf-blg-azure-storage-limits-at-a-glance

Resource	Regions	Limit per Storage Account
Number of storage accounts per region	N/A	250
Maximum storage capacity	All	5 PB
Maximum request rate	All	20,000 requests per second
Maximum ingress	US and Europe	10 Gbps
Maximum ingress	Other Regions	5 Gbps**
Maximum egress	US	50 Gbps*
Maximum egress	Other Regions	10 Gbps**
Maximum number of virtual network rules	All	200
Maximum number of IP address rules	All

Container

A container organizes a set of blobs, similar to a directory in a file system. A storage account can include an unlimited number of containers, and a container can store an unlimited number of blobs.

Azure Blob Storage

Blob storage includes three types of resources explained below:

Diagram showing the relationship between a storage account, containers, and blobs

The following points describe the use case scenarios:

Serving images or documents directly to a browser
Storing Files for distributed access
Streaming video and audio
Writing to log Files
Storing data for backup, restore, disaster recovery and archiving
Storing data for analysis by an on-premises or Azure-hosted service

Azure storage offers various access tiers, which allows storing the blob object data in a very cost-effective manner. The available access tiers include:

Hot– Augmented for storing frequently accessed data.
Cool– Optimized for storing less frequently accessed data, and the storage period lasts for at least 30 days.
Archive– Enhanced for storing rarely accessed data and the storage period lasts for at least 180 days with flexible latency requirements

Speed Performance:

A single blob supports up to 500 requests per second. If you have multiple clients that need to read the same blob and you might exceed this limit, then consider using a block blob storage account. A block blob storage account provides a higher request rate, or I/O operations per second (IOPS).

You can also use a content delivery network (CDN) such as Azure CDN to distribute operations on the blob. For more information about Azure CDN, see Azure CDN overview.

Limits for Blob storage:

Resource	Type of Blob	Limit
Maximum size of single blob container		5 PB
Maximum number of blocks	Block / Append	50,000
Maximum block size	Block	100 MB
Maximum total block size	Append	4 MiB
Maximum total blob size	Block	Approx. 4.75 TB
Maximum total blob size	Append	Approximately 195 GB
Maximum total blob size	Page	8 TB
Maximum stored access policies per container	All	5
Target request rate for blob	All	500/second
Target throughput for blob	Page	60 MB/s
Target throughput for blob	Block	Depends on storage account ingress/egress limits

Azure Storage Files

Azure Files provide fully managed File shares in the cloud that are approachable via the industry-standard SMB. Azure File shares can be attached parallelly by cloud or on-premises deployments of Windows, Linux, and macOS. It can be cached on Windows servers with Azure File Sync for quicker access. It permits the user to set up highly obtainable network file shares that can be accessed by using the standard Server Message Block (SMB) protocol. Multiple VMs can share similar files with both read and write permissions.

image alt text

The only contrast between Azure Files and files on a corporate file share is, user can access the files from anywhere by using a URL that points to the file and contains a shared access signature (SAS) token. SAS tokens can be generated by the user; they allow specified access to a private asset for a specific time period.

Azure Storage Files

Storage tiers

Azure Files offers four different tiers of storage, premium, transaction optimized, hot, and cool to allow you to tailor your shares to the performance and price requirements of your scenario:

Premium: Premium file shares are backed by solid-state drives (SSDs) and provide consistent high performance and low latency, within single-digit milliseconds for most IO operations, for IO-intensive workloads. Premium file shares are suitable for a wide variety of workloads like databases, web site hosting, and development environments. Premium file shares can be used with both Server Message Block (SMB) and Network File System (NFS) protocols.
Transaction optimized: Transaction optimized file shares enable transaction heavy workloads that don't need the latency offered by premium file shares. Transaction optimized file shares are offered on the standard storage hardware backed by hard disk drives (HDDs). Transaction optimized has historically been called "standard", however this refers to the storage media type rather than the tier itself (the hot and cool are also "standard" tiers, because they are on standard storage hardware).
Hot: Hot file shares offer storage optimized for general purpose file sharing scenarios such as team shares. Hot file shares are offered on the standard storage hardware backed by HDDs.
Cool: Cool file shares offer cost-efficient storage optimized for online archive storage scenarios. Cool file shares are offered on the standard storage hardware backed by HDDs.

Limitations related to file shares

Resource	Standard file shares	Premium file shares
Minimum share size	N/A	100 GB
Maximum share size	5 TB by default, can be increased up to 100TB	100 TB
Maximum file size	1 TB	4 TB
Maximum IOPS	1,000 IOPS* - Can be increased to 10000 IOPS	100,000 IOPS
Maximum stored access policies**	5	5
Target throughput**	60 MB/sec** - can be increased to 300MB/S	Ingress 4,136 MB/s Egress 6,204 MB/s
Maximum number of share snapshots	200	200
Maximum directory/file name length (chars)	2,048	2,048
Maximum hard links	N/A	178

Azure Blob Storage vs File Storage

Azure Blob Storage and File Storage, both services have their own defined properties and are implemented in different scenarios. Azure Files provides fully managed and organized cloud file shares that can be accessed from anywhere. Azure Blob Storage permits the storage of unstructured data and it can be accessed at a massive scale

Consider a development environment where every developer needs access to IDE and tools without using the internet to download it. In this situation, Azure Blob Storage would meet the need and using which the developer can only store development tools then give a link to the team to access the Blob location.

For implementing a File server in an organization, the user should choose the Azure Files option. A File server is used to share Files across departments in an organization. When it comes to File sharing, end user should not be allowed to access the copies of the file from its URI and need to be mapped locally in the computers. This is when Azure File Storage fits the organization’s need.

Azure Storage Queues

Azure Queue storage is an Azure service that implements cloud-based queues. Each queue maintains an inventory of messages. Application components access a queue employing a REST API or an Azure-supplied client library. Typically, you’ll have one or more sender components and one or more receiver components. Sender components add messages to the queue. Messages are retrieved from the front of the queue for processing by receiver components. The subsequent illustration shows multiple sender applications adding messages to the Azure Queue and one receiver application retrieving the messages. Storage Queues are part of the Azure Storage infrastructure, feature a simple REST-based GET/PUT/PEEK interface, providing reliable, persistent messaging within and between services.

Concepts of Queue service

User Case:

Imagine the user works as a developer for a major news organization that reports breaking news alerts. The company employs a worldwide network of journalists that are constantly sending updates through a web portal and a mobile app. A middle tier web service layer then takes those alert updates and publishes them online through several channels. However, it’s been noticed the system is missing alerts when globally significant events occur.

The middle tier provides plenty of capacity to handle normal loads. However, a look at the server logs revealed the system was overloaded when several journalists tried to upload larger breaking stories at the same time. Some writers complained the portal became unresponsive, and others said they lost their stories altogether. The user has spotted a direct correlation between the reported issues and the spike in demand on the middle tier servers.

Clearly, user needs a way to handle these unexpected peaks. At such a situation user doesn’t want to add more instances of the website and middle tier web service because they are expensive and, under normal conditions, redundant. They could dynamically spin up instances, but this takes time and they would have the issue waiting for new servers to come online.

This problem can be solved by using Azure Queue storage. A storage queue is a high-performance message buffer that can act as a broker between the front-end components and the middle tier. The front-end components place a message for each new alert into a queue. The middle tier then retrieves these messages one at a time from the queue for processing. At times of high demand, the queue may grow in length, but no stories will be lost, and the application will remain responsive. When demand drops back to normal levels, the web service will catch up by working through the queue backlog.

Azure Table Storage

Azure Table storage behaves as a service that stores structured NoSQL data inside the cloud, producing an attribute store with a schema less design. Because Table storage is schema less, it is easy to adapt your data because the needs of your application evolve. Access to Table storage data is fast and cost-effective for several sorts of applications and is usually lower in cost than traditional SQL for similar volumes of knowledge.

Azure Table Storage Use case

Table storage is employed to store flexible datasets like user data for web applications, address books, device information, or other metadata that the service requires. User can store any number of entities in a table, and a storage account may contain any number of tables, up to the capacity limit of the storage account Azure Table Storage Pricing. Azure tables are perfect for storing structured, non-relational data. Real time uses of Table storage include:

Storing datasets that do not require complex joins, foreign keys, or stored procedures and may be denormalized for fast access
Quickly querying data using a clustered index
Accessing data using the OData protocol and LINQ queries with WCF Data Service .NET Libraries

Azure Disk Storage

Azure managed disks are block-level storage parts that are managed by Azure and used with Azure Virtual Machines. Managed disks are similar a physical disk in an on-premises server but virtualized. In managed disks, all you must do is specify the disk size, type, and provision the disk. Once the disk is provisioned, Azure handles the rest. Each disk can take one of three roles in a virtual machine:

OS disk. One disk in each virtual machine contains the operating system files. When user creates a virtual machine, he/she selects a virtual machine image and that fixes the operating system and the OS disk that’s attached to the new machine. The OS disk has a maximum capacity of 2,048 GB.
Data disk. User can add one or more data virtual disks to each virtual machine to store data. For example, database files, website static content, or custom application code should be stored on data disks. The number of data disks that can be added depends on the virtual machine size. Each data disk has a maximum capacity of 32,767 GB.
Temporary disk. Each virtual machine contains a single temporary disk, which is used for short-term storage applications such as page files and swap files. The contents of temporary disks are lost during maintenance events, so do not use these disks for critical data. These disks are local to the server and are not stored in a storage account.

Azure Disk Storage Use case

The user manages a healthcare organization, and he is beginning a lift-and-shift migration to the cloud where many of their systems will be running on Azure virtual machines. These systems have a variety of usage and performance profiles which are highly confidential. The user is concerned about the storage and does not want to access that data outside the virtual machine.

To address these needs, the organization’s got to option is Azure Disk Storage. The Azure Disk Storage is capable of,

“Lift and shift” of applications that use native file system APIs to read and write data to persistent disks.
Preserve data that is not required to be accessed from outside the virtual machine to which the disk is attached.

References

via Blogger http://blog.51sec.org/2021/10/azure-storage-studying-notes.html
October 30, 2021 at 02:56PM Cloud

0 Comments

An Easiest Way to Install macOS 10.14 (Mojave) into Windows VMware Workstation

10/29/2021

0 Comments

You might think to get macOS installed in Windows machine will take lots of hacking or tweaking. Actually, installing a macOS into your Windows VMware workstation, it is pretty easy now. In this episode, you will find, just a couple of steps you can install a fully functional macOS into your VMware workstation in an hour. You will need to have VMware workstation installed first, then unlock VMware workstation to support macOS. Last step is to create a VM then mount your macOS iso file. Follow screen wizard's instruction, you will be able to complete the installation. Extra step showing in this video is for how to install VMware tools for macOS. Related post: ✍https://blog.51sec.org/2021/10/quickest-and-easiest-way-to-install-mac.html ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://nav.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡https://51sec.org ?https://itprosec.com

Watch video on YouTube here: https://youtu.be/LH9lc4c8iZ4 by Johnny Netsec

0 Comments

Quickest and Easiest Way to Install Mac OS into Windows VMWare Workstation

10/25/2021

0 Comments

Quickest and Easiest Way to Install Mac OS into Windows VMWare Workstation

Mac OS is a proprietary operating system that runs on Apple Macs. There are now many techniques you can use to install macOS on your Intel PC (Hackintosh). From Windows, you can use Clover Boot Disk to create macOS Mojave bootable USB with just a few clicks. Another easier way to experience macOS is to install macOS on your Windows VMware Workstation. It is not that hard to install it with some software's help made by those genius.

In this post, I am going to show you the steps how you can quickly and easily to install Mac OS Mojave as your VM in the VMWare Workstation.

Pre-requisites

Three software:

VMWare Workstation: Download Link: https://www.vmware.com/ca/products/workstation-pro/workstation-pro-evaluation.html
Unlocker from Github project: DrDonk/unlocker - Download link: https://github.com/DrDonk/unlocker/releases/tag/v3.0.7
Mac OS:
- Mojave 10.14 : https://drive.google.com/drive/folders/1NncaD1qpJYmMSvTz8vn5oze6Yt7KgkKE
- Big Sur 11.6: https://www.mfpud.com/topics/7544/

Note: The software links provided here are collected from the Internet, and the software's copyright belongs to the software author. This site is just to organize and collect the links.

Install VMWare Workstation

I believe you must have installed one if you are testing all kinds of system and software. There are a lots of online documentation how to get and install VMWare Workstation. I will skip this part to make this post shorter.

Run Unlocker

By default, VMWare Workstation does not support to install Apple Mac OS system. With unlocker program's help, we can have Apple Mac OS X option in your Guest operation system list as show below:

After you downloaded unlocker from https://github.com/DrDonk/unlocker/releases/tag/v3.0.7, unzip it into a folder. Find out that win-install.cmd file, right click and choose "Run as administrator". It will take a couple of minutes to stop all VMWare related services then patch it , also download related VMWare tools for Mac OS system.

Create Mac OS VM

While creating your Mac OS VM, you will need to choose Apple Mac OS X as your guest operating system. In the same page, you will need to choose the right version for it. In my this test, it is macOS 10.14, Mojave.

Other VM settings, you can take following screenshot as an example:

Start Mac OS VM

Start VM and you will be booted from the macOS Mojave ISO file. It will give you option to

choose language for installation wizard

use macOS Utilities

Make sure you erase your current VM disk, which will make your VM disk format as macOS type Mac OS Extended (Journaled) which will be recognized by installation wizard. in the later step.

After above step, you can choose Install macOS option. Your installation wizard will take 30minutes to an hour to get basic system installed on your VM disk.

Following screenshots are showing the installation wizard process:

After long time waiting (30 minutes to an hour), you will get following Welcome page:

Follow the wizard to choose country, language, ethernet, data&privacy, creating a computer account, express set up, eventually, you will get into system and here is a screenshot of Mac OS X Mojave running in Windows VMWare Workstation:

You will need to install VMWare Tools after you ejected the macOS image disk from CDROM. That is a standard VMware tools installation. Installation will take 5-10 minutes to get it done though.

YouTube

Reference

via Blogger http://blog.51sec.org/2021/10/quickest-and-easiest-way-to-install-mac.html
October 24, 2021 at 10:40PM Vmware

0 Comments

Create Free & Fast Web Application Dashboard with Your Own Sub Domain Using Cloudflare Workers

10/23/2021

0 Comments

Using Cloudflare Workers, this videos show how to easily create a free web application dashboard / bookmark site with your own sub domain. It is completely free and super fast since it is completely running on Cloudflare edge network. ✍Github: https://github.com/51sec/cf-worker-dir Related videos: ?Easy and Simple Ways to Use Github Project Dockers to Create Your Own Web Applications Dashboard - https://youtu.be/xahWruWoxZM (DashMachine, Heimdall, Homer) ?Only Needs One Free Github Account to Create Your Bookmark Navigation Website: https://youtu.be/NxRmZgVWP9k ?Create a Free Docker Based Bookmark Navigation Website Under Your Own Free Domain: https://youtu.be/SxtUfoxc0B8 ?Create Free & Fast Web Application Dashboard with Your Own Sub Domain Using Cloudflare Workers - https://youtu.be/wrbg3RdB-CE ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ?Resource Collection and Bookmarks: https://nav.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡https://51sec.org ?https://itprosec.com

Watch video on YouTube here: https://youtu.be/wrbg3RdB-CE by Johnny Netsec

0 Comments

Build a Reverse Proxy Using Cloudflare Workers

10/18/2021

0 Comments

Build a Reverse Proxy Using Cloudflare Workers

CloudFlare has always been known to webmasters for its domain name hosting service and CDN service. Recently I just found a free CloudFlare Workers service, which is a service that can run a specific JavaScript when accessing a web page and found a good use case to use JSPROXY building a Workers-Proxy (a reverse proxy).

Here is my testing Site URL build before:

https://proxy.itprosec.eu.org

Pre-requisites

What you need is a free CloudFlare account. Github account will be optional for customization. Nothing else.

Creating a Reverse Proxy Worker

Enter the Cloudflare worker interface after you logged into Cloudflare, see the following figure:

After entered Workers, click Create a Worker to create your first JS workers application:

Then fill in your JS code on the left side of the workers interface. At this time, you need the universal reverse code from github site: https://github.com/EtherDream/jsproxy/raw/master/cf-worker/index.js
which is coming from following website: https://github.com/EtherDream/jsproxy The exactly page for Cloudflare is https://github.com/EtherDream/jsproxy/tree/master/cf-worker, or you can copy from following code section:

'use strict'

/**
 * static files (404.html, sw.js, conf.js)
 */
const ASSET_URL = 'https://etherdream.github.io/jsproxy'

const JS_VER = 10
const MAX_RETRY = 1

/** @type {RequestInit} */
const PREFLIGHT_INIT = {
  status: 204,
  headers: new Headers({
    'access-control-allow-origin': '*',
    'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
    'access-control-max-age': '1728000',
  }),
}

/**
 * @param {any} body
 * @param {number} status
 * @param {Object<string, string>} headers
 */
function makeRes(body, status = 200, headers = {}) {
  headers['--ver'] = JS_VER
  headers['access-control-allow-origin'] = '*'
  return new Response(body, {status, headers})
}


/**
 * @param {string} urlStr 
 */
function newUrl(urlStr) {
  try {
    return new URL(urlStr)
  } catch (err) {
    return null
  }
}


addEventListener('fetch', e => {
  const ret = fetchHandler(e)
    .catch(err => makeRes('cfworker error:\n' + err.stack, 502))
  e.respondWith(ret)
})


/**
 * @param {FetchEvent} e 
 */
async function fetchHandler(e) {
  const req = e.request
  const urlStr = req.url
  const urlObj = new URL(urlStr)
  const path = urlObj.href.substr(urlObj.origin.length)

  if (urlObj.protocol === 'http:') {
    urlObj.protocol = 'https:'
    return makeRes('', 301, {
      'strict-transport-security': 'max-age=99999999; includeSubDomains; preload',
      'location': urlObj.href,
    })
  }

  if (path.startsWith('/http/')) {
    return httpHandler(req, path.substr(6))
  }

  switch (path) {
  case '/http':
    return makeRes('请更新 cfworker 到最新版本!')
  case '/ws':
    return makeRes('not support', 400)
  case '/works':
    return makeRes('it works')
  default:
    // static files
    return fetch(ASSET_URL + path)
  }
}


/**
 * @param {Request} req
 * @param {string} pathname
 */
function httpHandler(req, pathname) {
  const reqHdrRaw = req.headers
  if (reqHdrRaw.has('x-jsproxy')) {
    return Response.error()
  }

  // preflight
  if (req.method === 'OPTIONS' &&
      reqHdrRaw.has('access-control-request-headers')
  ) {
    return new Response(null, PREFLIGHT_INIT)
  }

  let acehOld = false
  let rawSvr = ''
  let rawLen = ''
  let rawEtag = ''

  const reqHdrNew = new Headers(reqHdrRaw)
  reqHdrNew.set('x-jsproxy', '1')

  // 此处逻辑和 http-dec-req-hdr.lua 大致相同
  // https://github.com/EtherDream/jsproxy/blob/master/lua/http-dec-req-hdr.lua
  const refer = reqHdrNew.get('referer')
  const query = refer.substr(refer.indexOf('?') + 1)
  if (!query) {
    return makeRes('missing params', 403)
  }
  const param = new URLSearchParams(query)

  for (const [k, v] of Object.entries(param)) {
    if (k.substr(0, 2) === '--') {
      // 系统信息
      switch (k.substr(2)) {
      case 'aceh':
        acehOld = true
        break
      case 'raw-info':
        [rawSvr, rawLen, rawEtag] = v.split('|')
        break
      }
    } else {
      // 还原 HTTP 请求头
      if (v) {
        reqHdrNew.set(k, v)
      } else {
        reqHdrNew.delete(k)
      }
    }
  }
  if (!param.has('referer')) {
    reqHdrNew.delete('referer')
  }

  // cfworker 会把路径中的 `//` 合并成 `/`
  const urlStr = pathname.replace(/^(https?):\/+/, '$1://')
  const urlObj = newUrl(urlStr)
  if (!urlObj) {
    return makeRes('invalid proxy url: ' + urlStr, 403)
  }

  /** @type {RequestInit} */
  const reqInit = {
    method: req.method,
    headers: reqHdrNew,
    redirect: 'manual',
  }
  if (req.method === 'POST') {
    reqInit.body = req.body
  }
  return proxy(urlObj, reqInit, acehOld, rawLen, 0)
}


/**
 * 
 * @param {URL} urlObj 
 * @param {RequestInit} reqInit 
 * @param {number} retryTimes 
 */
async function proxy(urlObj, reqInit, acehOld, rawLen, retryTimes) {
  const res = await fetch(urlObj.href, reqInit)
  const resHdrOld = res.headers
  const resHdrNew = new Headers(resHdrOld)

  let expose = '*'
  
  for (const [k, v] of resHdrOld.entries()) {
    if (k === 'access-control-allow-origin' ||
        k === 'access-control-expose-headers' ||
        k === 'location' ||
        k === 'set-cookie'
    ) {
      const x = '--' + k
      resHdrNew.set(x, v)
      if (acehOld) {
        expose = expose + ',' + x
      }
      resHdrNew.delete(k)
    }
    else if (acehOld &&
      k !== 'cache-control' &&
      k !== 'content-language' &&
      k !== 'content-type' &&
      k !== 'expires' &&
      k !== 'last-modified' &&
      k !== 'pragma'
    ) {
      expose = expose + ',' + k
    }
  }

  if (acehOld) {
    expose = expose + ',--s'
    resHdrNew.set('--t', '1')
  }

  // verify
  if (rawLen) {
    const newLen = resHdrOld.get('content-length') || ''
    const badLen = (rawLen !== newLen)

    if (badLen) {
      if (retryTimes < MAX_RETRY) {
        urlObj = await parseYtVideoRedir(urlObj, newLen, res)
        if (urlObj) {
          return proxy(urlObj, reqInit, acehOld, rawLen, retryTimes + 1)
        }
      }
      return makeRes(res.body, 400, {
        '--error': `bad len: ${newLen}, except: ${rawLen}`,
        'access-control-expose-headers': '--error',
      })
    }

    if (retryTimes > 1) {
      resHdrNew.set('--retry', retryTimes)
    }
  }

  let status = res.status

  resHdrNew.set('access-control-expose-headers', expose)
  resHdrNew.set('access-control-allow-origin', '*')
  resHdrNew.set('--s', status)
  resHdrNew.set('--ver', JS_VER)

  resHdrNew.delete('content-security-policy')
  resHdrNew.delete('content-security-policy-report-only')
  resHdrNew.delete('clear-site-data')

  if (status === 301 ||
      status === 302 ||
      status === 303 ||
      status === 307 ||
      status === 308
  ) {
    status = status + 10
  }

  return new Response(res.body, {
    status,
    headers: resHdrNew,
  })
}


/**
 * @param {URL} urlObj 
 */
function isYtUrl(urlObj) {
  return (
    urlObj.host.endsWith('.googlevideo.com') &&
    urlObj.pathname.startsWith('/videoplayback')
  )
}

/**
 * @param {URL} urlObj 
 * @param {number} newLen 
 * @param {Response} res 
 */
async function parseYtVideoRedir(urlObj, newLen, res) {
  if (newLen > 2000) {
    return null
  }
  if (!isYtUrl(urlObj)) {
    return null
  }
  try {
    const data = await res.text()
    urlObj = new URL(data)
  } catch (err) {
    return null
  }
  if (!isYtUrl(urlObj)) {
    return null
  }
  return urlObj
}

Again, The code is from this address: https://github.com/EtherDream/jsproxy/raw/master/cf-worker/index.js

The main interface of creating a worker is :

Explanation for this screenshot interface:

① Project name: Format is [Project]. [Subdomain] .workers.dev , where subdomain is the name you entered for workers and project is the project name. In my case, it is proxy.51itpro.workers.dev.

② Edit area: this is where you put down the code

③ Save and deploy: Deploy the project

After all above steps done, you will get a full functional proxy website for your own usage. Cloudflare workers can have 100K requests for your whole accounts. If it is not enough, you might need to create multiple Cloudflare accounts to use , which can be done using following customization method to edit config.js file.

Customization

You also can do some basic customization as I did for my proxy page: https://proxy.itprosec.eu.org/

Fork the project from https://github.com/51sec/jsproxy to your own Github repository, which requires a Github account.
Change Cloudflare workers script's url to your own Github url, for mine, it looks https://51sec.github.io/jsproxy:
- const ASSET_URL = 'https://etherdream.github.io/jsproxy' .
Change the file content in index_v3.html
- You might need to manually add some icons into assets folder's ico folder as I did for some of my own sites.
If you have some other jsproxy url sites available, you can add them into conf.js file under gh-pages branch.

Videos

YouTube:

References

via Blogger http://blog.51sec.org/2020/03/build-reverse-proxy-using-cloudflare.html
October 18, 2021 at 10:06AM Cloud

0 Comments

Configure Your Own Domain to Access Free Monitoring Status Page From Freshping

10/16/2021

0 Comments

I was using UptimeRobot to monitor my online websites but custom domain option is not available from free plan. I found Freshping is providing much more features and monitors , also still allowing custom domain to access status page. In this video, I am showing how to quickly add your monitor into Freshping and how to configure your own domain to access Freshping's status page. Related videos: ⚡Create Your Own Free Heroku Hosted UptimeRobot Monitoring Page - https://youtu.be/Fk5Y3WMqWB0 ⚡Five Minutes Build Your Own Free Website Monitoring Site with UptimeRobot - https://youtu.be/dJ4-tvb1pSc ⚡Configure Your Own Domain to Access Free Monitoring Status Page From Freshping - https://youtu.be/dtKEgwAVzKk ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://nav.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡http://51sec.org ?

Watch video on YouTube here: https://youtu.be/dtKEgwAVzKk by Johnny Netsec

0 Comments

Free Cloud Monitoring Services Netdata New Relic Datadog Instrumental

10/15/2021

0 Comments

Free Cloud Monitoring Services, Netdata, New Relic, Datadog, Instrumental

NodeQuery is a free monitoring service provider which provides a free, lightweight and easy to use linux server monitoring service. You also will get alerts and actively monitor the performance of your servers. Unfortunately, their website is not accessible since end of Sep (Sep 25, 2021)

In this post, I am going to introduce other four free cloud monitoring service providers as an alterative.

Free Plans

To sign up a free plan, all of those four sites are no credit card required. All of them are having paid plan which provides advanced features and longer data retention period.

NetData

New Relic

Datadog

Instrumental

Free Plan

Unlimited nodes

Unlimited Containers

Unlimited Metrics

1s metrics granularity

Unlimited data retention (Data is inside your infrastructure)

Unlimited users

Unlimited alarms and notifications

200+ Data collection integration

Free forever

1 free full user

Unlimited free base users

100GB free per month data for ingest

8 days+ data retention

Unlimited querying

100 Synthetics checks

Unlimited free alerts

Free proactive anomaly detection

1K free incident intelligence events per month

Up to 5 hosts

1 day metric retention

450+ integrations

Unlimited user accounts

Up to 500 metrics

13 Months of data visibility

Installing Agent

- One command installer

- Docker

Limitation

No advanced user control and auditing

No alerts

No Container monitoring

No anomaly detection

No support for Arm architecture.

Pricing

https://www.netdata.cloud/pricing/

https://newrelic.com/pricing

https://www.datadoghq.com/pricing/

https://instrumentalapp.com/pricing

Dashboard Screenshots

NetData

New Relic:

Datadog

Instrumental

YouTube Videos

References

via Blogger http://blog.51sec.org/2021/10/free-cloud-monitoring-services-netdata.html
October 15, 2021 at 08:59AM Network

0 Comments

Blogger Usage Tips and Tricks

10/15/2021

0 Comments

Blogger Usage Tips and Tricks

Here are some tips and tricks collections for bloggers from my blogger experience:

There are one related post in this blog:

Website and Tools for Blogger

How to quick and easy to insert a table

There is no simple way you can easily insert a table directly from Blogger editor interface, rather than using html code.

But by using Office Word to create a table with the style you required, then copy it into your Bolgger editor page will be one of most effective method to insert table.

If you would like to insert table using HTML code, here is an example:

Table 3x2 Example Code

<table>
<tbody>
    <tr>
        <td>Cell 1.1</td>
        <td>Cell 1.2</td>
    </tr>
    <tr>
        <td>Cell 2.1</td>
        <td>Cell 2.2</td>
    </tr>
    <tr>
        <td>Cell 3.1</td>
        <td>Cell 3.2</td>
    </tr>
</tbody>
</table>

Adjust Right Sidebar margin width

Sometimes, the space between main body posts section and right side bar is too wide. You may want to change it from 40px to 10 px. Here is the code I found from here:

#sidebar-right-1{
position: relative;
left: 40px !important;
}

Add the code to Blogger Them Designer - Advanced - Add CSS section as show below.

Add youtube Playlist into blogger

1 Generate html code from your youtube playlist

2 Add html code into your Blogger layout
It is best to put code between <center> and </center> to get better center location in your page.

<center><iframe width="560" height="315" src="https://www.youtube.com/embed/videoseries?list=PLg7bL1bMpwPXUwb-BsLKolf42uWa0_nfY" frameborder="0" allowfullscreen></iframe></center>

Add Third Party Domain

GoDaddy CNAME Setting

Blogger Domain Settings

Redirect Blogspot Site from One to Another

During migrating my site from 51sec.blogspot.com to 91sec.blogspot.com, I have found following ways to do redirection from one blogspot site to another. The code will be inserted between <head> and </head>

a. This is current way I am using and found it is best so far.

<script>
var oldURL = "51sec.blogspot.com";
var newURL = "blog.51sec.org";
var url = location.href;
var newURL = url.replace(document.domain,newURL);
window.location = newURL
</script>

b. It will only redirect all posts or pages to the homepage site, not passing url parameters.

<meta content='0;url=http://91sec.blogspot.com' http-equiv='refresh'/>

c. The code works on some of URLs but some were got messed up.

<script type='text/javascript'>
var d='<data:blog.url/>';
d=d.replace(/.*\/\/[^\/]*/,'');
location.href='http://91sec.blogspot.com'+d;
</script>

Put images side by side in Blogger's posts without any codes

Put both images' size into small format to make editor easier to preview the layout of both images.
Move any one of your images up or down to align well with anther one side by side.
If they did not align very well, you can put your cursor in front of the image, press enter to make it align better.
last step, change image size back to medium if you want them look bigger than small.

Note: The blogger's editor view is wrong since the editor size. But you can update and save your changes. It will become normal side by side images in regular view.

Note: If you got three images to align side by side, the process is same as the steps shown above.

Add a code section into your post

1 HTML Code 1

<table style="background-color: black; border-collapse: collapse; border-color: rgb(51, 102, 0); border-style: solid; border-width: 0px; font-family: &quot;helvetica neue&quot;,&quot;arial&quot;,&quot;helvetica&quot;,sans-serif; width: 100%;"> 
  <tbody>
<tr>
<td><div style="text-align: justify;">
<span style="color: lime;"><br /></span>
<span style="color: lime;">test
</span></div>
<div style="text-align: justify;">
<span style="color: lime;">john
</span></div>
</td>
  </tr>
</tbody></table>

2 HTML Code 2

<pre class="putty" style="background-color: rgb(0, 0, 0) !important; color: rgb(0, 255, 0) !important; font-family: &quot;Courier New&quot;, monospace !important; font-size: 12px; margin: auto; padding: 2px; text-align: justify; white-space: pre-wrap; width: 650px;">


</pre>

Add a drop down menu to Blogspot

https://icanbuildablog.com/2015/08/how-to-add-a-drop-down-menu-to-a-blogger-blog-without-javascript/

Change Collapse Label to Expanded in New Theme

https://techubber.blogspot.com/2017/07/how-to-show-labels-widget-expanded-collapsed-new-blogger-theme-2017.html

Edit Blogger HTML code

Click on "Jump To Widget" and select the Label widget
The Label widget will have code something like this-

<b:widget id='Label1' locked='false' title='Labels' type='Label' visible='true'>

In the code for the Label Widget, look for "Main" or "collapsible extendable".

<b:includable id='main' var='this'>

<details class='collapsible extendable'>

Expand this by clicking on the black arrow on the left
Now look for <b:attr cond='data:view.isLabelSearch' name='open' value='open'/>
Remove- cond='data:view.isLabelSearch' from the above line

Add Adsense Code into HTML page

<td align="left"><div><div style="float:right;margin-left:5px">
"ADSense Code"
</div></div></td>

Add Table of Contents into Posts - mbtTOC

*Step1 Goto Blogger website

*Step2 Edit theme html

*Step3 copy following code before </head>

Code:

<script type='text/javascript'>              
//<![CDATA[           
//*************TOC plugin by MyBloggerTricks.com           
function mbtTOC() {var mbtTOC=i=headlength=gethead=0;           
headlength = document.getElementById("post-toc").getElementsByTagName("h2").length;for (i = 0; i < headlength; i++)           
{gethead = document.getElementById("post-toc").getElementsByTagName("h2")[i].textContent;document.getElementById("post-toc").getElementsByTagName("h2")[i].setAttribute("id", "point"+i);mbtTOC = "<li><a href='#point"+i+"'>"+gethead+"</a></li>";document.getElementById("mbtTOC").innerHTML += mbtTOC;}}function mbtToggle() {var mbt = document.getElementById('mbtTOC');if (mbt .style.display === 'none') {mbt .style.display = 'block';} else {mbt .style.display = 'none';}}           
//]]>              
</script>

* Step4 copy following code before " ]]></b:skin> "

Code:

     /*####Automatic TOC Plugin by MyBloggerTricks designed by Saroj-Tech####*/
        .mbtTOC {
            border: 3px solid #A2A9B1;
            box-shadow: 1px 1px 0 #EDE396;
            background-color: #F8F9FA;
            color: #830000;
            line-height: 1.4em;
            margin: 30px auto;
            padding: 20px 30px 20px 10px;
            font-family: Open Sans, arial;
            display: block;
            width: 70%;
            border-radius: 5px;
        }
        .mbtTOC ol,
        .mbtTOC ul {
            margin: 10;
            padding: 10;
        }
        .mbtTOC ul {
            list-style: none;
        }
        .mbtTOC ol li,
        .mbtTOC ul li {
            padding: 15px 0 0;
            margin: 0 0 0 30px;
            font-size: 15px;
        }
        .mbtTOC a {
            color: #0080ff;
            text-decoration: none;
        }
        .mbtTOC a:hover {
            text-decoration: underline;
        }
        .mbtTOC button {
            background: none;
            font-family: Open Sans, arial;
            font-size: 20px;
            position: relative;
            outline: none;
            cursor: pointer;
            border: none;
            color: #707037;
            padding: 0 0 0 15px;
        }
        .mbtTOC button:after {
            content: "\f022";
            font-family: FontAwesome;
            position: relative;
            left: 10px;
            font-size: 20px;
        }

Another better formatted code;

/*####Automatic TOC Plugin by MyBloggerTricks designed by Saroj-Tech####*/

.mbtTOC{
border:1px solid #000000;
border-style:solid;
border-style:dashed;
background-color:#FFFFE0;
line-height:1.4em;
margin:30px auto;
padding:10px 15px 10px 6px;
 display: block;width: 70%;
 }
 
 .mbtTOC button{
 background-color:transparent;
 font-family:Acme;
 font-size:20px;
font-weight:bold;
 position:relative;
 outline:none;
 border:none;
 color:#0fb5fc;
 padding:0 0 0 15px;
 }
 
 .mbtTOC button a {
 color:#3d1818;
 padding:0px 2px;
 cursor:pointer;
 } 
 
.mbtTOC button a:hover{
 text-decoration:underline;
color:#fc0f2b; 
 } 
 
.mbtTOC button span {
font-size:12px; margin:0px 8px;
 }

.mbtTOC li{margin:8px 0;  } 

.mbtTOC li a {
color:#3d1818;
 text-decoration:none;
 font-size:14px;
 text-transform:capitalize;
font-family:georgia;
 } 
 
.mbtTOC li a:hover {
text-decoration: underline;
color:#fc0f2b;
}
.mbtTOC li li {margin:4px 0px;}
 
.mbtTOC li li a{
 color:#fc0f2b;
 font-size:12px;
 }
.mbtTOC li li a:hover{
 text-decoration: underline;
color:#fc0f2b;
 }

.mbtTOC ol{counter-reset:section1;list-style:none}
.mbtTOC ol ol{counter-reset:section2}
.mbtTOC ol ol ol{counter-reset:section3}
.mbtTOC ol ol ol ol{counter-reset:section4}
.mbtTOC ol ol ol ol ol{counter-reset:section5}
.mbtTOC li:before{content:counter(section1);counter-increment:section1;position:relative;padding:0 8px 0 0;font-size:18px;color:#fc0f2b;font-family:arial;}
.mbtTOC li li:before{content:counter(section1) "." counter(section2);counter-increment:section2;font-size:14px;color:#fc0f2b;font-family:arial;}
.mbtTOC li li li:before{content:counter(section1) "."counter(section2) "." counter(section3);counter-increment:section3}
.mbtTOC li li li li:before{content:counter(section1) "."counter(section2) "."counter(section3) "." counter(section4);counter-increment:section4}
.mbtTOC li li li li li:before{content:counter(section1) "."counter(section2) "."counter(section3) "." counter(section4)"." counter(section5);counter-increment:section5}

*Step5 Now again press " CTRL + F " and Search for " <data:post.body/> " and replace code with " <div id="post-toc"><data:post.body/></div> " then hit on "save theme" . There are multiple entries for this search. Replace all of them. There are three matches.

*Step6 Save the theme

*Step7 Now go to the post where you want to show a table of content and click on HTML view at the top and paste the below code. Usually after first paragraph, but just before first h2 code

Code:

 <div class="mbtTOC">
 <button onclick="mbtToggle()">Table of Contents</button>
 <ol id="mbtTOC"></ol>
 </div>

* Step8: Place the code at the end of all HTML.

Code:

<script>mbtTOC();</script>

Add Table of Contents into Posts - toc-pro

Step1: add following code just after the </body> tag.

<script async='async' defer='defer'>
var head,newLine,el,title,link,ToC="<nav class='table-of-contents' role='navigation'><h4 onclick='toc()'>Contents</h4><ul style='display:none'>";$("article h2, article h3, article h4, article h5").attr("id",function(arr){return "point" + arr;});$("article h2, article h3, article h4, article h5").each(function(){el=$(this),title=el.text(),link="#"+el.attr("id"),ToC+=newLine="<li><a href='"+link+"'>"+title+"</a></li>"}),ToC+="</ul></nav>",$(".toc-pro").prepend(ToC);function toc() {$(".table-of-contents ul").toggle();}
</script>

If you would like to expand contents, change display:none to display:block.

Here is code for only showing h2 anchors and also expanding contents by default.

<script async='async' defer='defer'>
var head,newLine,el,title,link,ToC="<nav class='table-of-contents' role='navigation'><h4 onclick='toc()'>Table of Contents</h4><ul style='display:none'>";$("article h2, article h3, article h4, article h5").attr("id",function(arr){return "point" + arr;});$("article h2, article h3, article h4, article h5").each(function(){el=$(this),title=el.text(),link="#"+el.attr("id"),ToC+=newLine="<li><a href='"+link+"'>"+title+"</a></li>"}),ToC+="</ul></nav>",$(".toc-pro").prepend(ToC);function toc() {$(".table-of-contents ul").toggle();}
</script>

Step 2: Paste below CSS code just before the code ]]></b:skin>

/* TOC by techyleaf */
.table-of-contents{flex:auto;width:fit-content;background:#eee;font-size:14px;padding:11px;margin:8px 0 30px 0}
.table-of-contents li{margin:0 0 0.25em 0}
.table-of-contents a{color:#2a5365}
.table-of-contents h4{margin:0;cursor:pointer}
.table-of-contents h4:before{font-family:FontAwesome;content:"\f0c9";padding-right:7px;}
/* For Fontaweosme 5 
.table-of-contents h4:before{font-family:'Font Awesome 5 Free';content:"\f0c9";padding-right:7px;}
*/

Step 3: Add following shortcode where you want to add TOC

<div class='toc-pro'></div>

References:

via Blogger http://blog.51sec.org/2017/08/blogger-tips-and-tricks.html
October 15, 2021 at 08:58AM Blog

0 Comments

OWASP Top 10 (2010 2013 20172021)

10/11/2021

0 Comments

OWASP Top 10 (2010, 2013, 2017,2021)

The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security.

The OWASP Top 10 Web Application Security Risks was created in 2010, 2013, 2017 and 2021 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.

Meeting OWASP Compliance Standards usually is the First Step Toward Secure Code.

2021

A01:2021-Broken Access Control
A02:2021-Cryptographic Failures
A03:2021-Injection
A04:2021-Insecure Design
A05:2021-Security Misconfiguration
A06:2021-Vulnerable and Outdated Components
A07:2021-Identification and Authentication Failures
A08:2021-Software and Data Integrity Failures
A09:2021-Security Logging and Monitoring Failures
A10:2021-Server-Side Request Forgery (SSRF)

The OWASP Top 10 Proactive Controls

1. Define Security Requirements

2. Leverage Security Frameworks and Libraries

3. Secure Database Access

4. Encode and Escape Data

5. Validate All Inputs

6. Implement Digital Identity

7. Enforce Access Controls

8. Protect Data Everywhere

9. Implement Security Logging and Monitoring

10. Handle All Errors and Exceptions

(From OWASP Proactive Controls for Developers 2018 v3.0)