A botnet of browsers – websocket command and control

A botnet of browsers

socket.io is an amazing library which makes it very easy to use websockets. This library gives us real-time communication ability in the browser with very little code.

In this article, I go into an example of a potential misuse of socket.io. I explain how to create a Linux router, then to modify that router to harvest clients into the socket.io network. One web page, the command and control, can see everything. It could send JavaScript to all the clients at once (which is executed on the client’s browser). Or JavaScript could be targeted to individual clients as well. Every connected client’s document object model (DOM) and JavaScript fully accessible from one webpage – in real time.

This article is written for people already familiar with Linux, and Internet networking and security concepts.

Continue reading

Shut off Nagios Notifications

$ cat shh.sh

now=`date +%s`
echo "[%lu] DISABLE_NOTIFICATIONS\n" $now > $commandfile

Enabling notifications across the board is similar:

$ cat enable-notifications.sh

now=`date +%s`
echo "[%lu] ENABLE_NOTIFICATIONS\n" $now > $commandfile
retina favicon

Creating Retina Favicons

Simple instructions for creating Retina favicon:

Create a 16×16 PNG-24 for your low-res icon

Create a 32×32 PNG-24 for your high-res icon

Head over to http://convertico.org/Multi_Image_to_one_icon/ and upload those two icons together to create a dual-resource ico file which you rename to favicon.ico.

Upload that favicon.ico in the root of your webroot.

For some reason the meta tag <link rel=”icon” href=”favicon.ico”> seems to prevent the high-res version from working so I temporarily removed it. If you know the correct meta tag to be using for retina please let me know.

Here is what the difference looks like:
retina favicon