stuck behind a firewall that allows only http/https connections? offer ssh over a TLS tunnel!
configure haproxy server to accept TLS connections with ALPN ssh/2.0
configure ssh client to create TLS connections with ALPN ssh/2.0 using ProxyCommand
Luca Filipozzi LucaFilipozzi
LucaFilipozzi
/ 00-ssh-tls-tunnel_and_ssh-port-knock.md
Last active
March 21, 2024 00:30
ssh-tls-tunnel and ssh-port-knock
LucaFilipozzi
/ gpg-sign-key
Last active
August 10, 2023 12:52
gpg-sign-key -- offline key signing utility
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Copyright (C) 2018 Luca Filipozzi | |
| set -e | |
| src="B5754A69B6BE608C" | |
| from='Luca Filipozzi <lfilipoz@emyr.net>' | |
| key="$1" | |
| dir=$(mktemp -d /tmp/gpg-sign-key.XXXXXX) |
LucaFilipozzi
/ proxy_copy.go
Last active
June 18, 2023 11:03
— forked from jbardin/proxy_copy.go
Go TCP Proxy pattern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package proxy | |
| import ( | |
| "io" | |
| "log" | |
| "net" | |
| ) | |
| func Proxy(srvConn, cliConn *net.TCPConn) { | |
| // channels to wait on the close event for each connection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env -S gawk -f | |
| # based on: | |
| # - https://unix.stackexchange.com/a/404415 | |
| # - https://gist.github.com/XVilka/8346728 | |
| function abs(x) { | |
| return x < 0 ? -x : x; | |
| } | |
| BEGIN { |
LucaFilipozzi
/ decode-vaccination-passport.py
Last active
October 18, 2021 19:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from base64 import urlsafe_b64decode as b64decode | |
| from box import Box | |
| from jwcrypto.jwk import JWKSet | |
| from jwcrypto.jws import JWS | |
| from orjson import dumps, loads, OPT_INDENT_2 | |
| from PIL import Image | |
| from pyxtension.streams import stream | |
| from pyzbar.pyzbar import decode as qrdecode |
The W3C Trace-Context Specification defines two headers, traceparent and tracestate, that provide the ability to trace an interaction across an application stack.
traceparent is used to convey trace_id and parent_id from parent to child. For example, from a WAF (F5 BigIP, say) to a Web Server (Apache httpd, say).
Its format is <version>-<trace_id>-<parent_id>-<trace_flags> where (HEXDIGLC = lowercase hexadecmial digit [0-9a-f]):
LucaFilipozzi
/ HowToGetHighQualysAndObservatoryScores.md
Last active
March 21, 2021 23:01
how to get high Qualys and Observatory scores
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_ami" "buster" { | |
| most_recent = true | |
| owners = ["136693071363"] | |
| filter { | |
| name = "name" | |
| values = ["debian-10-amd64-*"] | |
| } | |
| } |
NewerOlder