DNS cache poisoning
I recently gave a short presentation on DNS and cache poisoning. The slides can be found here. Enjoy.
![[Post to Twitter]](http://drainbamage.nl/wp-content/plugins/tweet-this/icons/tt-twitter.png){kind=icon}
Pinta seems to be alive
Last year, I wrote a tool called Pinta. It's an AMF debugging utility. One can use it the place calls to AMF (ActionScript Message Format) services, and observe the results. Normally, you'd need to create a Flash/Flex app to send these requests, but this is much quicker and easier for debugging your server-side service.
I didn't bother with the project after placing an initial version on google code, but this week I thought I might pick up development again. It occurred to me that few people writing AMF services will think through the security aspects of their service. You don't make service calls by hand, so it's easy for a developer to assume that only his app will be making calls. Wrong.
At least, that would be nice. As it turns out, the tool (which I've spent only 2 days on developing) is already being recommended for pentesting of AMF services. Which attests to the complete lack of tools, but still is nice 
I'll be picking up development again and adding some fuzzing functionality. If you have any feedback, please leave it here or at the google code project!
Thumbnails too large with ImageMagick convert
Just a quick fix for a problem I ran into today.
When using the ImageMagick "convert" command, my thumbnails were way to large. When resizing a large image to create a thumbnail, the thumbnail would be 41k while it should be around 4k. The input image was 1600x1200, 300DPI, 594k.
After searching for a while, I found that you shouldn't use the -scale or -resize option, but the -thumbnail option. This strips profile data from the image. Apparently, the image contains profile data which is left intact when resizing/scaling, but can be stripped with the thumbnail option.
Compiling for AIR 1.5
When compiling an AIR application in Flex Builder for AIR 1.5, there are some pitfalls to reckon with.
First, you need to install the Flex 3.3 SDK. If you're running an older Flex Builder, it will have 3.1 or 3.2 included. You can download the Flex SDK from Adobe here: http://www.adobe.com/cfusion/entitlement/index.cfm?e=flex3sdk. Be sure to also download the file labelled "ADOBE FLEX 3.3 DATA VISUALIZATION COMPONENTS FOR FLEX BUILDER".
After downloading, unzip the SDK somewhere and remember the location. Then, in Flex Builder, go to the preferences -> installed Flex SDKs -> Add. Enter the location of the SDK you unzipped.
Some of your apps might use classes that are no longer included with the SDK but bundled separately in the Flex Data Visualization Components you just downloaded. You will know this when you get an error like the following:
1017: The definition of base class HierarchicalData was not found.
Unzip the data visualization components zip, and move the swc and other files in it to the Flex 3 SDK dir in the fashion described in the readme.
Now, you need to change the namespace of the AIR app to 1.5. This is similar to setting the target Flash Player version in a Flex project. It is done by editing the -app.xml file belonging to the project and changing the first line to:
<application xmlns="http://ns.adobe.com/air/application/1.5">
If you get the following error: "error while loading initial content" when running an AIR app, you have upgraded your SDKs to 3.3 but not changed the namespace to 1.5.
Well, that's it, not so bad after all.
Pinta – AMF debugger
I'm working on an AIR project that uses an AMF-service to get its data from. Writing such a service isn't difficult, but testing the AMF service functions isn't very straightforward. The way to do so now is to partially implement the client, and make it spit out debugging info. For this project however, since it relies heavily on AMF and there is no client-side app yet, I decided to write a debugging utility for it. It's called Pinta.
I suggested to the commissioner of the project (Axis.fm) that we release the tool under GNU/GPL, and they agreed. So, the tool can be found now on http://code.google.com/p/pinta.
What the tool does: it allows the user to connect to an AMF service and make calls, and prints out the results in text and tree forms. So basically, it's a generic AMF client. Since AMF has no service discovery methods, the user needs to define what services are available on the server. When the AMFPHP browser, that comes with a default install, is present on the server, Pinta can use it do discover the available services for you.
In the future, the plan is to build unit testing support into Pinta, so that with one click you can see if your AMF service still responds as it should.
More info about the tool can be found on the Google Code page, http://code.google.com/p/pinta. I hope the tool is useful to some, feel free to comment/request features/report issues.
AS3 object serialization pitfalls
I'm working on an AIR project now, and I wanted to save some user data locally. There are a few ways to do so, including SQLite, LSO, and plain file writing in the local datastore.
I wanted to save an ArrayCollection containing connection profiles the user specified, and SQLite seemed like a bit of an overkill for this. Coming from a Java background, I just wanted to serialize and save my ArrayCollection so I wouldn't have to reconstruct it from SQL every time.
Fortunately, this is possible with ActionScript 3, using the FileStream class's readObject() and writeObject() methods. Here's the code I used to read and write the profiles:
private function loadProfiles():void
{
var prefsFile:File = File.applicationStorageDirectory.resolvePath(fileName);
var fs:FileStream = new FileStream();
if( !prefsFile.exists )
{
profiles = new ArrayCollection();
} else {
try {
fs.open( prefsFile, FileMode.READ );
profiles = fs.readObject() as ArrayCollection;
fs.close();
} catch( e:Error ) {
Alert.show( "Error while loading profiles: "+e.message, "Load error");
}
}
}
public function saveProfiles():void
{
var prefsFile:File = File.applicationStorageDirectory.resolvePath(fileName);
var fs:FileStream = new FileStream();
try {
fs.open( prefsFile, FileMode.WRITE );
fs.writeObject(profiles);
fs.close();
} catch( e:Error ) {
Alert.show("Failed to save profiles: "+e.message, "Save error");
}
}
There are a few pitfalls however when loading the profiles. First, the player must be able to tell the class of the objects it is loading. For some reason, it cannot do so unless you specify it explicitly:
package nl.aboutcoding.servicebrowser.model
{
import mx.collections.ArrayCollection;
[RemoteClass(alias="nl.aboutcoding.servicebrowser.model.Profile")]
public class Profile
{
Secondly, the class MUST have a constructor, otherwise the objects are typed as Object and type casting will fail with a message concernin "Type coercion failed". I often skip the constructor on ValueObjects, and it took some time to figure out.