loblo Posted August 25, 2020 Posted August 25, 2020 I was fed up with Burp systematically corrupting the registry lately so I'm now blocking the PortSwigger site by adding the following lines (not all might be necessary) to the Windows HOSTS file: 127.0.0.1 54.246.133.196 127.0.0.1 portswigger.net 127.0.0.1 www.portswigger.net The only downside is that the PortSwigger site can't be accessed anymore by any software (unless using a web proxy with a browser I guess). All the free extender entries in the Burp registry key can be deleted (saving about 1MB of registry space) and won't come back and neither will corruption. Burp help is embedded in the jar at Burp.jar\resources\Documentation\ and can be extracted for offline viewing. And something I forgot to mention about Burp is that you can make the jar file much smaller by deleting the x64 folders in the burpbrowser-binaries folder inside the jar, saves some significant disk space. 1
loblo Posted August 25, 2020 Posted August 25, 2020 I've updated my Opera 12.02 Certificate Authorities by collating certificates from the current Microsoft Roots Update CA, Mozilla NSS root certificate store and Azul JDK 8 keystore. Microsoft is the largest source of certificates and only one certificate from Mozilla and a handful from the JDK aren't already in Microsoft's Roots Update. Microsoft's Roots Update installs 51 expired certificates which I discarded leaving me with a total of 368 unique valid certificates. Of these, another 51 failed to install in Opera, 42 of which because they are elliptic curve certificates and the remainder 9 for unknown reason (they are RSA like the rest). In total 317 certificates have been installed but of course not all are new. You can grab the updated "keystore" file (cleaned from my personal certificates, Burp, ZAP, etc...) at the following link if you want: https://filebin.net/k3x0x97yygo19ylh To install, close Opera and overwrite the original opcacrt6.dat which should located at C:\WINDOWS\Application Data\Opera\OPERA by default. You'll need to reinstall your Burp certificate and other similar certificates if you use any after that. Tools I used: OpenSSL executable (format conversion), KeyStore Explorer (viewing certificates and extracting some) and Clone Spy (pruning duplicates). 1
loblo Posted August 26, 2020 Posted August 26, 2020 Quote Your Browser's Connection Security is Outdated English: Wikipedia is making the site more secure. You are using an old web browser that will not be able to connect to Wikipedia in the future. Please update your device or contact your IT administrator. We are removing support for insecure ciphersuites using the CBC mode, specifically DHE-RSA-AES128-SHA, which your browser software relies on to connect to our sites. This is usually caused by outdated browsers, or older Android smartphones. Or it could be interference from corporate or personal "Web Security" software, which actually downgrades connection security. You must upgrade your web browser or otherwise fix this issue to access our sites. This message will remain until September 25, 2020. After that date, your browser will not be able to establish a connection to our servers. I don't quite understand the necessity for connecting to a site such as Wikipedia securely at all, this is just a free online encyclopedia, not a bank or a shop, these people have lost their mind completely... 2
Wunderbar98 Posted August 26, 2020 Posted August 26, 2020 Hi loblo. The sentiment is understood and pretty much shared. It is, however, a site where contributors need to login securely to edit information and manage their accounts, just like these forums. Since Wikipedia is so universal, however, it would be nice if they provided HTTP read-only accessibility for those that just want to read information from old systems. Did a couple quick Wikipedia searches in RetroZilla just now, it's working fine. Maybe i hit a couple old servers or i'm from a different location.
jumper Posted August 26, 2020 Posted August 26, 2020 They will be disabling that cypher next month. Disable it in your browser now to test whether Wikipedia will still work after they do.
Wunderbar98 Posted August 27, 2020 Posted August 27, 2020 Well security.ssl3.dhe_rsa_aes_128_sha was toggled from true to false. Cleared cache, restarted RetroZilla and thankfully both John Travolta and Olivia Newton-John's wiki entries are still available, i will rest easy tonight :) 1
loblo Posted August 30, 2020 Posted August 30, 2020 (edited) A slightly modified version (complying with Apache License v2) of the Opera 12 Wayback Machine extension which jumps straight to the earliest capture of a page instead of the calendar page whose rendering is broken since some time. It's then possible to navigate to more recent captures by adequately clicking on the top banner. Well useful for me. Drag the oex file onto Opera's interface to install. https://www.filedropper.com/waybackmachineextension4opera122020 Edited August 30, 2020 by loblo
schwups Posted October 5, 2020 Posted October 5, 2020 On 7/27/2020 at 10:09 PM, loblo said: As a convenient solution for downloading at full speed from most sites Opera can't connect to without Burp I have integrated the latest Corone build of cURL for XP in Opera links menu on web pages (I couldn't get it to work in the links panel though). https://rwijnsma.home.xs4all.nl/files/curl/ [Link Popup Menu] Item, Download with cURL (Remote Name) = Execute program, "C:\Program Files\curl\Curl.exe", " -L -k -O -C - --retry 10 --retry-max-time 10 --retry-delay 5 %l" Item, Download with cURL (Remote Header Name) = Execute program, "C:\Program Files\curl\Curl.exe", " -L -k -O -J -C - --retry 10 --retry-max-time 10 --retry-delay 5 %l" It's not posible to specify a download directory for cURL when using the -O switch as it doesn't have such an option and simply downloads files in the current working dir so I start Opera from a shortcut in which I set the working dir as the one where I want the cURL downloads to go. After update to latest "curl-7.72.0-mbedtls-zlib-win32-static-xpmod-sse.7z" I get an error: Error starting Program: The Curl.exe is linked to missing export msvcr70.dll: _vsnprintf_s. Curl 7.69.1 is OK.
jumper Posted October 6, 2020 Posted October 6, 2020 No version of Msvcr70.dll ever exported _vsnprintf_s, so this is a typo or a file has been hacked. Should be Msvcr80.dll or higher, or Msvcrt.dll from Vista (ver 7.0) or later.
schwups Posted October 6, 2020 Posted October 6, 2020 Yes, oddly your Imortpatcher gives "[msvcrt.dll] _vsnprintf_s=" and the DependencyWalker shows msvcr70, too.?
Goodmaneuver Posted October 6, 2020 Posted October 6, 2020 Perhaps you have MSVCRT = MSVCR70.DLL in KnownDLLs set in registry. 1
schwups Posted October 6, 2020 Posted October 6, 2020 (edited) 25 minutes ago, Goodmaneuver said: Perhaps you have MSVCRT = MSVCR70.DLL in KnownDLLs set in registry. That is right, but it makes no difference, if the Msvcrt is "really" replaced by msvcr70. Ok I see, if it is really replaced the Dependency walker shows msvcrt, too. Edited October 6, 2020 by schwups
jumper Posted October 6, 2020 Posted October 6, 2020 I have a large set of Msvc*.dll files in a MSVC subfolder of %windir%\Kernelex. This redirects Msvcrt.dll only when Kernelex is enabled: <tt> REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Kernelex\KnownDLLs] "MSVCRT"="MSVC\MSVCR80.DLL" </tt> I'm working on implementing per-profile redirection.
Goodmaneuver Posted October 7, 2020 Posted October 7, 2020 (edited) 22 hours ago, schwups said: That is right, but it makes no difference, if the Msvcrt is "really" replaced by msvcr70 Yes only because MSVCRT is MSVCR70 but you wanted to know why MSVCR70 was loaded. The registry has first priority as it is loaded very early and of which you have said with the registry - every time MSVCRT is to be loaded, do not do that, load MSVCR70 instead. 16 hours ago, jumper said: I have a large set of Msvc*.dll files in a MSVC subfolder of %windir%\Kernelex. This redirects Msvcrt.dll only when Kernelex is enabled: I have KernelEx loaded with every program and from what registry settings you are using MSVCR80 will take the place of MSVCRT when ever KernelEx is loaded. Use Process Explorer to see what libraries are loaded with each program. Perhaps you have Explorer.exe set KernelEx disabled, but with default as BASE KernelEx is loaded. I tried the sub directory idea for UNICOWS.dll as a knowndll of KernelEx. Interesting:- I get an error at runtime. Error is Rundll32 has caused an error in KEXBASEN Rundll32 will now close. The per-profile redirection can you explain this? KexStubs is for stubbing but can a program be had that functions can be redirected to other libraries that have that function for use with KernelEx? Edited October 7, 2020 by Goodmaneuver
jumper Posted October 7, 2020 Posted October 7, 2020 (edited) I use MiniSnap and Procwin 1.6 to get details for the libraries loaded by a process. Also Taskinfo2000 2.1. By profile I mean a compatibility mode enhanced to include other module options plus its own KnownDLLs module redirection set. Kexstubs also supports api forwarding to other libraries. Edited October 7, 2020 by jumper Added website link. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now