Burp Suit does not intercept packages from my Firefox

I configured Burp Suit in my virtual Kali Linux on VMware and activated FoxyProxy in Firefox (again in Kali / VMware). However it does not intercept anything, rather websites are blocked with the below message What can I do about it?

Did Not Connect: Potential Security Issue

www.youtube.com is most likely a safe site, but a secure connection could not be established. This issue is caused by PortSwigger CA, which is either software on your computer or your network.

What can you do about it?

www.youtube.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.

If your antivirus software includes a feature that scans encrypted connections (often called “web scanning” or “https scanning”), you can disable that feature. If that doesn’t work, you can remove and reinstall the antivirus software.
If you are on a corporate network, you can contact your IT department.
If you are not familiar with PortSwigger CA, then this could be an attack, and there is nothing you can do to access the site.

xss – How to reliably detect Browser Exploitation Attacks with BeEF and other JavaScript hooking packages?

“Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.”

An attacker will usually use the circumstance, that it is difficult to identify if a website contains malicious JavaScript that will hook the browser of a visitor.

Is there a way to reliably detect JavaScript code with a hooking ability on a website or email?

Once the browser has been hooked, how can the ongoing attack reliably been detected and documented from the perspective of the victim?

compiling – how to uninstall packages built from source and remove them entirely?

I have built a lib, Open3D, from source and installed it. Afterwards, i ran make uninstall for the library and deleted the entire file directory which i cloned from git, i still have existing files from Open3D from /usr/local/lib directory. This is frustrating. How do i completely remove all these files? I don’t face such problems if the package i require can be installed from apt.

This is what i get using

ncdu

--- /usr/local/lib -------------------------------------------------------------
                         /..                                                    
  661.8 MiB [##########]  libOpen3D_3rdparty_mkl_mkl_merged.a
  661.8 MiB [##########]  libOpen3D_3rdparty_faiss_mkl_merged.a
  421.2 MiB [######    ]  libOpen3D_3rdparty_embree_embree_avx.a
  411.7 MiB [######    ]  libOpen3D_3rdparty_embree_embree3.a
  394.8 MiB [#####     ]  libOpen3D_3rdparty_embree_embree_avx2.a
  311.7 MiB [####      ]  libOpen3D_3rdparty_assimp_assimp.a
   93.0 MiB [#         ]  libOpen3D_3rdparty_ippicv_ippicv.a
   48.1 MiB [          ]  libOpen3D_3rdparty_webrtc_webrtc.a
   41.3 MiB [          ]  libOpen3D_3rdparty_faiss_faiss.a
   34.6 MiB [          ]  libOpen3D_3rdparty_zeromq.a
    6.8 MiB [          ]  libOpen3D_3rdparty_imgui.a
    6.5 MiB [          ]  libOpen3D_3rdparty_tbb_tbb_static.a
    6.5 MiB [          ]  libOpen3D_3rdparty_mkl_tbb_static.a
    6.5 MiB [          ]  libOpen3D_3rdparty_faiss_tbb_static.a
    6.1 MiB [          ]  libOpen3D_3rdparty_qhullcpp.a
    4.2 MiB [          ]  libOpen3D_3rdparty_jsoncpp.a
    3.9 MiB [          ]  libOpen3D_3rdparty_jpeg.a

kvm virtualization – QEMU VM with tap interface sees all packages coming from hypervisor instead of real source IP

I have set up a very simple Hypervisor using Alpine Linux and my VM sees all traffic coming from the IP of the hypervisor.

Which also means if fail2ban tries to block attacks, it always blocks the hypervisors IP

How can I have the VM see the real IP Adresses and not just the IP of the hypervisor?

On the HV (192.168.5.5) I have a bridged interface br0 which is working fine

# tun1 setup script on Hypervisor
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -P FORWARD ACCEPT
ip tuntap add dev tap1 mode tap user root
ip link set dev tap1 up
ip link set tap1 master br0

qemu-system-x86_64 (..non related parameters removed ..) 
-device virtio-net-pci,netdev=network0,mac=02:1f:ba:26:d7:56 
-netdev tap,id=network0,ifname=tap1,script=no,downscript=no

The VM has internet access but all traffic it sees comes from the IP of the hypervisor.

Someone is even trying to use my Server for an DNS amplification attack (blocked outgoing on my PFSense Firewall though)
DNS amplification attacks

Fail2ban also blocking the wrong IP
fail2ban log showing blocked HV ip

packages – Como utilizar pacote npm direto no navegador?

Existem alguns pacotes(packages do npm) que na documentação contém um link de uma CDN para utilizar a lib direto no navegador em aplicações web mais simples sem utilizar alguma ferramenta de desenvolvimento. Mas em alguns casos de aplicações mais simples ou legadas, temos acesso apenas ao HTML, é possível utilizar um package direto no “script” mesmo que o desenvolvedor não disponibilize uma CDN?


Como utilizar pacotes na web?

Utilizarei o mask-input e o inputmask de exemplo.

Na documentação do inputmask são disponibilizados links para colocar direto na tag script da página:

  • Documentação do inputmask com links de CDN

Mas na documentação do mask-input, a documentação menciona apenas a instalação pelo próprio NPM:

  • Documentação do mask-input sem links de CDN

É possível utilizar esse pacote na web de alguma forma? Não limito a pergunta a esse repositório em específico, quero entender como funciona e quais as limitações.

lxc-create fails while configuring base packages

lxc-create fails while configuring base packages – Ask Ubuntu

Flutter_bloc with flutter and dart. Packages just seem to be being ignored

I’m having a problem trying to implement flutter bloc. When trying to import the library, I get the following error: Target of URI doesn’t exist: ‘package:bloc_pattern/bloc_pattern.dart’.
Try creating the file referenced by the URI, or Try using a URI for a file that does exist.

I’ve already tried it with two versions in the dependencies of pubspec.yaml: bloc_pattern 2.3.2 e a 3.0.0. The Packages just seem to be being ignored.

What could be happening? Would someone know how to help me?

apt – I think I have horribly destroyed my Packages and am unable to install google chrome on 20.04 Server

Disclaimer- I’m new to Linux. I’m running as Raspberry Pi 2GB version with Ubuntu 20.04 server.
I may have to factory reset this Pi but I’d like to try and avoid it as I am accessing it remotely via ssh on a windows CMD prompt and instructing family to do the initial setup would be a pain so that I can access it and get it running would be a pain.

I partially solved my own issue, but then have other issues. Have left all of what I’ve written for context. Skip to the bold bit at the bottom.

I’m trying to run a Python file I’ve written. Currently when I run it I get the error:

ValueError: Could not get version for Chrome with this command: google-chrome --version || google-chrome-stable --version

Okay, no worries. I just need to get google-chrome. I follow instructions here:

And I get this:

ubuntu@ubuntu:~$ sudo apt-get install libxss1 libappindicator1 libindicator7
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libxss1
E: Unable to locate package libappindicator1
E: Unable to locate package libindicator7

Oh dear.

I’ve been having some issues getting chrome to install and was digging around in packages and /etc/apt/ trying to sort out errors & duplicates of some sort.

If I do nano sources.list I see that the file is empty. I have a feeling it’s not supposed to be empty.

sources.list.d has 1 file, google.list.

If I do apt-get update, I get the result:

Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Reading package lists... Done
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target CNF (main/cnf/Commands-arm64) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target CNF (main/cnf/Commands-arm64) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/google.list:2 and /etc/apt/sources.list.d/google.list:3

From what I understand this just means I’ve run the command twice or something. I comment out line 2 and run sudo apt-get update again, which gives

Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Reading package lists... Done

But then I can run ‘sudo apt-get update’ again and I get exactly the same. Shouldn’t it kinda tick chrome off the list and not keep trying to update it every time?

My instinct after all this is telling me that I’ve borked something to do with apt. I don’t quite understand what or how but I fully accept the blame, whatever it is I did.

Important bit starts here

So I looked at How do I restore the default repositories? and used the final answer to restore the sources.list file.

I then do ‘sudo apt-get update’, which gets 53 packages.

If I then run it again, it gets 6 packages. I can keep running the same command and it keeps giving me these same 6 packages, as if they aren’t getting installed. The output is:

Hit:1 http://ports.ubuntu.com/ubuntu-ports focal InRelease
Hit:2 https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal InRelease
Hit:3 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
Hit:4 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:5 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
Hit:6 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
Reading package lists... Done

I still face my original issue from way up the top of google chrome not being installed. Any way to work out why these packages won’t actually install?

If I go through the process to install google chrome again, I get this:

ubuntu@ubuntu:~$ wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
OK
ubuntu@ubuntu:~$ sudo sh -c 'echo "deb (arch=amd64) http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
ubuntu@ubuntu:~$ sudo apt update
Hit:1 https://packages.microsoft.com/ubuntu/20.04/mssql-server-2019 focal InRelease
Hit:2 http://ports.ubuntu.com/ubuntu-ports focal InRelease
Hit:3 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:4 http://ports.ubuntu.com/ubuntu-ports focal-updates InRelease
Hit:5 http://ports.ubuntu.com/ubuntu-ports focal-backports InRelease
Hit:6 http://ports.ubuntu.com/ubuntu-ports focal-security InRelease
Reading package lists... Done
Building dependency tree
Reading state information... Done
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target CNF (main/cnf/Commands-arm64) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target CNF (main/cnf/Commands-arm64) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list.d/google.list:3 and /etc/apt/sources.list.d/google.list:4
ubuntu@ubuntu:~$ sudo apt install google-chrome-stable
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package google-chrome-stable

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheapest USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive.com Proxies-free.com New Proxy Lists Every Day Proxies123.com Proxyti.com Buy Quality Private Proxies