mattizz'z weblog

Een rustpunt in barre tijden

Na lang testen een werkende installatie van Airtime, een Open Source programma om een radio station te starten (https://www.sourcefabric.org/en/airtime)

Volg deze instructies waarbij het script airtime-full-install in het pad airtime-airtime-2.5.1-ga/install_full/ubuntu/airtime-full-install moet worden vervangen zoals verderop is aangegeven.

1. Download and install Raspbian Jessie with PIXEL
(https://www.raspberrypi.org/downloads/raspbian)

2. Install Airtime
The “easy” installer appears to only work on x86 chipsets, and the 2.5.2 installer is completely broken. So we installed using the 2.5.1 source…

Update your system first:
sudo apt-get update
sudo apt-get upgrade
(might be wise to reboot at this point to load kernel updates, etc)

Download and extract the source:
wget https://github.com/sourcefabric/Airtime/archive/airtime-2.5.1-ga.tar.gz
tar -xvzf airtime-2.5.1-ga.tar.gz

3. Belangrijk: Vervang de inhoud van airtime-full-install in airtime-airtime-2.5.1-ga/install_full/ubuntu/airtime-full-install door:

[easy_media_download url=”http://www.mattizz.nl/wp-content/uploads/2017/01/airtime-full-install.txt” text=”airtime-full-install.txt” width=”200″ target=”_blank”]

4. Then run
sudo ~/airtime-airtime-2.5.1-ga/install_full/debian/airtime-full-install
Install icecast, etc.

Als alles goed is gegaan is dit de uitkomst:
*** Verifying your system environment, running airtime-check-system ***
AIRTIME_STATUS_URL = http://localhost:80/api/status/format/json/api_key/%%api_key%%
AIRTIME_SERVER_RESPONDING = OK
KERNEL_VERSION = 4.4.34-v7+
MACHINE_ARCHITECTURE = armv7l
TOTAL_MEMORY_MBYTES = 947728
TOTAL_SWAP_MBYTES = 102396
AIRTIME_VERSION = 2.5.1
OS = Raspbian GNU/Linux 8.0 (jessie) armv7l
CPU = ARMv7 Processor rev 4 (v7l)
WEB_SERVER = Apache/2.4.10 (Raspbian)
PLAYOUT_ENGINE_PROCESS_ID = 19027
PLAYOUT_ENGINE_RUNNING_SECONDS = 11
PLAYOUT_ENGINE_MEM_PERC = 1.5%
PLAYOUT_ENGINE_CPU_PERC = 0.0%
LIQUIDSOAP_PROCESS_ID = 18981
LIQUIDSOAP_RUNNING_SECONDS = 12
LIQUIDSOAP_MEM_PERC = 2.1%
LIQUIDSOAP_CPU_PERC = 1.9%
MEDIA_MONITOR_PROCESS_ID = 18849
MEDIA_MONITOR_RUNNING_SECONDS = 15
MEDIA_MONITOR_MEM_PERC = 1.4%
MEDIA_MONITOR_CPU_PERC = 0.0%
— Your installation of Airtime looks OK!

Mocht de installatie fouten (FAILED) bevatten run de airtime installatie opnieuw:
cd airtime-airtime-2.5.1-ga/install_minimal
sudo ./airtime-install

If all is good you should now have a running version of Airtime and be able to browse to the Pi’s address and log in with admin (standard password admin)

5. Change the recording source
By default airtime uses ecasound to record from the default soundcard. This means that we can’t record streams from other sources. A simple fix is to edit
/usr/lib/airtime/pypo/bin/recorder.py (around line 91) with :

# command = “ecasound -f:%s,%s,%s -i alsa -o %s,%s000 -t:%s” % \
# (ss, c, sr, filepath, br, length)
command = “/usr/bin/sox -t ogg http://localhost:8000/airtime.ogg -C6 %s trim 0 %s” % \
(filepath, length)

6. You will need to recompile the python script:
cd /usr/lib/airtime/pypo/bin/
sudo rm recorder.pyc
sudo python
import recorder.py
Ctrl-d to quit (there may be some messages about missing files. Ignore)

7. Reboot and then install sox
sudo apt-get install sox
sudo apt-get install libsox-fmt-all

Hierna blijken zowel Icecast op http://192.168.178….:8000 als Airtime op http://192.168.178…. te werken. Van de instructies hieronder alleen nog oggfwd sudo apt-get install oggfwd uitgevoerd.

8. (niet uitgevoerd) So now if you set a show to record from line in it will actually record anything that is coming in on the master source. If you do want to record from a sound card as well you can set up something like this:

/etc/init/icecastsource.conf:
description “Pipe soundcard input to icecast”

start on runlevel [2345]
stop on runlevel [!2345]

respawn

exec /usr/bin/sox -q -r 44100 -t alsa plughw:0,0 -t ogg -C6 – | /usr/bin/oggfwd -p -n “Studio” localhost 8000 hackme /master
post-stop exec sleep 10

(you will need to install oggfwd sudo apt-get install oggfwd)

9. (Niet uitgevoerd) Apply some updates
If you come across any bugs or issues you may want to check on code updates since 2.5.1. We had an issue when setting shows up to rebroadcast that was fixed downstream
Replaced
/usr/share/airtime/application/forms/AddShowWhen.php
With the version from Git
https://github.com/sourcefabric/airtime/blob/2cdad4932afd095322fe72fd7ac340495452782c/airtime_mvc/application/forms/AddShowWhen.php

Een bug is het verwijderen van een show, dit is alleen mogelijk door het volgende commando uit te voeren:
sudo -u postgres psql airtime -c “delete from cc_show”

Stel de Airtime stream in zoals hieronder is weergegeven:

screenshot_811.jpg
Let op, bij ‘Additional Options’ moet het wachtwoord van de icecast2 server worden ingevoerd (username oningevuld laten)

Share your Raspberry Pi’s files and folders across a network

You can share your Raspberry Pi’s files and folders across a network using a piece of software called Samba, a Linux implementation of the Server Message Block protocol. You’ll need to install this software:
$ sudo apt-get install samba samba-common-bin

Samba contains the SMB protocol, support for the Windows naming service (WINS), and support for joining Windows workgroups. A workgroup is a group of computers on a local network that can access eachother’s folders. Samba-common-bin contains a tool that you’ll need to register users with Samba. Once these packages have finished installing, you need to edit the Samba configuration file:
$ sudo leafpad /etc/samba/smb.conf &

Find the entries for workgroup and wins support, and set them up as follows:
workgroup = your_workgroup_name
wins support = yes

The name of the workgroup can be anything you want, as long as it only contains alphabetical characters, and it matches the name of the workgroup that you want to join.

You also need to add the following section of code to smb.conf:

[pihome]
comment= Pi Home
path=/home/pi
browseable=Yes
writeable=Yes
only guest=no
create mask=0777
directory mask=0777
public=no

Scroll down smb.conf until you see a section called Share Definitions, and add this code there. The path should point to the drive or folder that you want to share. I’ve set ‘only guest’ and ‘public’ to ‘no’ so that Samba prompts for a password when I visit the folder that I’ve shared. This means that when I’m using a Windows PC, I can login to the shared folders on my Pi, and I’ll have the same read/write permissions that user pi has.

Now type this command in a terminal, and enter pi’s password twice:
$ smbpasswd -a pi

If you have a PC or laptop connected to your workgroup, you should be able to see your Raspberry Pi in Windows Explorer under Network.

This is how to get access to your favorite podcasts on Kodi:

You don’t need any plugin to listen to podcasts, but the method of doing so isn’t entirely obvious and the official documentation isn’t exactly helpful. I spent two weeks playing around with plugins that didn’t really help before stumbling upon this method, so I feel like I should share it.

Simply put, there are no good plugins, as of this writing, for managing your podcasts in Kodi, but there is a way to listen to and watch podcasts by default. Your media center will be way better if you do this.

Adding Your Podcast Using The GUI

So what’s the trick? Basically, it’s adding the RSS feed as a media source. I know, it’s not intuitive. The media source menu seems like a place to add folders with media files and nothing else, but that’s simply not the case.

Head to the “File” menu of the music or video section of Kodi, depending on what sort of podcast you are adding. Then click “Add Source.” Instead of adding a folder on your computer, type the RSS feed yourself, beginning with “rss://” instead of “http://”.

screenshot_795.jpg

Lijkt ingewikkeld maar is het niet. Een eerst (oude) Raspberry Pi Model B volstaat om muziek vanaf de Synology NAS bekabeld (aan de router) of draadloos te streamen naar een Synology app zoals hier verzameld: http://www.subsonic.org/pages/apps.jsp
1. Download Raspbian https://www.raspberrypi.org/downloads/raspbian/ en zet het image zoals hier uitgelegd op een SD-kaartje.
2. Plaats het kaartje in de Raspberry en verbind het met een HDMI kabel en een draadloze muis met HDMI aan een monitor of tv om Raspbian te starten. Hieronder staat een youtube video die uitlegt hoe je bij de opstart SSH aanzet. Dit moet gebeuren om later SSH toegang te hebben.

De standaard SSH login is username: pi het wachtwoord: raspberry.
3. Stel met bv. de app Fing vast wel IP-adres de Raspberry in het netwerk heeft
4. Log in met SSH (sudo ssh pi@[ip-adres]
5. Lees hier de stappen die moeten worden genomen om eerst java en vervolgens Subsonic te installeren.
6. Nu Subsonic installeren. Blijkt dat de versie 4.9 werkt, nieuwere versies niet, deze laten zich niet installeren. Een downloadlink staat hier.
Downloaden met wget http://downloads.sourceforge.net/project/subsonic/subsonic/4.9/subsonic-4.9.deb
Installeren van het subsonic-4.9.deb bestand met sudo dpkg -i subsonic-4.9deb. Herstarten kan door sudo service subsonic restart.
7. Start Subsonic in de browser op door te gaan naar het IP-adres van de Raspberry op poort 4040 http://[IP-adres}:4040 en doorloop de wizzard. Een goede app voor Android client is “Subsonic for Android”
Let op: Kies bij de Settings in Subsonic server bij “Manage user access, Configure which folders each user is allowed to access” bij de admin gebruiker voor een vinkje bij “Allow access to these media folders – Music”.
8. Om de Subsonic server bv. met een app of SubAir (OSX) te bereiken moet er via portforwarding toegang tot de Raspberry op poort 4040 worden verleend.
9. Om de muziek vanaf de Synology NAS via Subsonic op de Raspberry te streamen moet er dmv het commando “sshfs” een tunnel worden opgezet tussen de Synology Music map en een map op de Raspberry.
Maak daarvoor op de Raspberry in de map “media” de map “music” aan en geef deze met “sudo chmod 777” alle rechten. Voer hierna het commando “sudo sshfs -o uid=1000 -o gid=1000 -o allow_other -o nonempty admin@[IP-adres NAS]:/music /media/music” op command line uit.
Als alles goed is gegaan zie je nu in de map “media/music” de (gemapte) muziekbestanden van de NAS staan:
screenshot_796.jpg

Zet in de Synology server het pad waarop de muziek staat en dat gescand moet worden op “/media/music” en scan de inhoud:

screenshot_797.jpg

10. In de verschillende Subsonic apps is de muziek te streamen door bij het serveradres het IP-adres van de “buitenkant” van het netwerk te kiezen (en poort 4040), dus het IP-adres dat getoond wordt bij een website als http://www.watismijnipadres.nl
De serverinstellingen in Subsonic voor Android zien eruit zoals hieronder weergegeven:

Screenshot_20161215.jpg

Het blijkt dat het na een succesvolle installatie van Subsonic 4.9, het mogelijk is een installatie van de nieuwste Subsonic 6.0 over deze installatie heen te zetten. Het nieuwste Subsonic deb bestand kan worden gedownload vanaf de websie van www.subsonic.org.

Dit leek te werken. Stream openen en pas dan P2P Stream geautomatiseerd installeren. Plexus versie 0.1.4

### Installation ###

For this to work, you need the Plexus Addon already installed in Kodi. The Plexus Kodi addon was discontinued by the developer but it still works. You can find it easily on the web.

Then open a virtual terminal, for example via SSH, and run the following commands (you can copy/paste to terminal):

cd ~/.kodi/userdata/addon_data/program.plexus
sudo rm -r acestream
wget https://dl.bintray.com/pipplware/dists/unstable/armv7/misc/acestream_rpi_3.1.5.tar.gz
tar xfv acestream_rpi_3.1.5.tar.gz

Done. Then you can play acestreams again.

PS: If you are running an OS as root, like OpenELEC, you may need to remove the “sudo” on the second line.

How to install and configure Tor to work with ZeroNet on Mac OSX

Guide mac tor zeronet guide mac tor zeronet

I figured I’d make a quick guide, since I just had to explain this, and more mac users seem to be coming onto zeronet with very little instructions on how to do things. So without further ado, here’s how to set up ZeroNet with Tor on Mac.
1. Make sure you have homebrew installed. Mac Ports apparently works too, but I use brew. For convenience, the terminal command to install homebrew is:
/usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”
2. Run brew install tor in the terminal to download/install the tor daemon.
3. After it’s done downloading and installing, navigate to the /usr/local/etc/tor folder on your computer. The easiest way to do this is to open finder and hit cmd+shift+g and paste it in there. You should see a torrc.sample file.
4. Copy the torrc.sample file and rename the copy to just torrc with no extension. Open it up in a plain-text editor. You should probably a plain-text editor or a code editor like sublime to prevent auto-formatting from messing it up. Avoid using mac’s built-in one.
5. Look for #ControlPort 9051 and simply remove the #.
6. Two lines down you should see #CookieAuthentication 1 remove the # from this one too.
7. Save the file and exit. Then launch tor using tor in the terminal.
8. Restart zeronet and it’ll run with tor. If you want to use tor for every connection (rather than just having one for a bridge or to access tor-only peers) then on the zero net homepage, click on the tor button in the top right, and hit ‘enable tor for every connection’ at the bottom. Then restart zeronet a second time. You can disable it in the same way.

ZeroNet starten op MAC OSX:

Uitleg hier: https://zeronet.readthedocs.io/en/latest/using_zeronet/installing/
Het ZeroNet bestand vanuit de Finder in een terminal trekken en starten:

screenshot_750.png

Let op: om ZeroNet met een TOR verbinding te starten moet de hele startopdracht zijn:
sudo /Users/…./Documents/ZeroBundle/ZeroNet.app –tor_proxy 127.0.0.1:9150 –tor_controller 127.0.0.1:9151

Opties:
1.On the Ubuntu server run this command:
sudo sshfs -o uid=1000 -o gid=1000 -o allow_other -o nonempty admin@xx.xx.xx.xx:/music /media/music
The Synology music map is now connected with the VPS and in the Emby library all the music is visible on the path /media/music 🙂

Getest en werkend vanaf de Synology NAS gemount op de Raspberry Pi:
sudo mount -t cifs //192.168.178…/music /media/music -o username=…..,password=…..

Dark Web OSINT With Python and OnionScan

July 28th, 2016

You may have heard of this awesome tool called OnionScan that is used to scan hidden services in the dark web looking for potential data leaks. Recently the project released some cool visualizations and a high level description of what their scanning results looked like. What they didn’t provide is how to actually go about scanning as much of the dark web as possible, and then how to produce those very cool visualizations that they show.

At a high level we need to do the following:

Setup a server somewhere to host our scanner 24/7 because it takes some time to do the scanning work.
Get TOR running on the server.
Get OnionScan setup.
Write some Python to handle the scanning and some of the other data management to deal with the scan results.
Write some more Python to make some cool graphs. (Part Two of the series)

Let’s get started!
Setting up a Digital Ocean Droplet

If you already use Amazon, or have your own Linux server somewhere you can skip this step. For the rest of you, you can use my referral link here to get a $10 credit with Digital Ocean that will get you a couple months free (full disclosure I make money in my Digital Ocean account if you start paying for your server, feel free to bypass that referral link and pay for your own server). I am assuming you are running Ubuntu 16.04 for the rest of the instructions:

The first thing you need to do is to create a new Droplet by clicking on the big Create Droplet button.
Next select a Ubuntu 16.04 configuration, and select the $5.00/month option (unless you want something more powerful).
You can pick a datacenter wherever you like, and then scroll to the bottom and click Create.

It will begin creating your droplet, and soon you should receive an email with how to access your new Linux server. If you are on Mac OSX or Linux get your terminal open. If you are on Windows then grab Putty from here.

On Mac OSX it is: Finder -> Applications -> Utilities -> Terminal
On Linux: Click your start menu and search for Terminal

Now you are going to SSH into your new server. Windows Putty users just punch the IP address in that you received in your email and hit Enter. You will be authenticating as the root user and then type in the password you were provided in your email.

For Mac OSX and Linux people you will type the following into your terminal:
ssh root@IPADDRESS
You will be forced enter your password a second time, and then you have to change your password. Once that is done you should now be logged into your server.
Installing Prerequisites

Now we need to install the prerequisites for our upcoming code and for OnionScan. Follow each of these steps carefully and the instructions are the same for Mac OSX, Linux or Windows because the commands are all being run on the server.

Feel free to copy and paste each command instead of typing it out. Hit Enter on your keyboard after each step and watch for any problems or errors.
screen
apt-get update
apt-get install tor git bison libexif-dev
apt-get install python-pip
apt-get install python-pip
pip install stem

Now we need to install the Go requirements (OnionScan is written in Go). The following instructions are from Ryan Frankel’s post here.
bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer) [[ -s "$HOME/.gvm/scripts/gvm" ]] && source "$HOME/.gvm/scripts/gvm" source /root/.gvm/scripts/gvm gvm install go1.4 --binary gvm use go1.4

Ok beauty we have Go installed. Now let’s get OnionScan setup by entering the following:

go get github.com/s-rah/onionscan
go install github.com/s-rah/onionscan

Now if you just type:

onionscan
(eg onionscan 6pxmfodfdstgndoy.onion)

And hit Enter you should get the onionscan command line usage information. If this all worked then you have successfully installed OnionScan. If you for some reason close your terminal and you can’t run the onionscan binary anymore just simply do a:
gvm use go1.4
and it will fix it for you.

Now we need to make a small modification to the TOR configuration to allow our Python script to request a new identity (a new IP address) which we will use when we run into scanning trouble later on. We have to enable this by doing the following:
tor –hash-password PythonRocks
This will give you output that will include the bottom line that looks like this:
16:3E73307B3E434914604C25C498FBE5F9B3A3AE2FB97DAF70616591AAF8
Copy this line and then type:

nano -w /etc/tor/torrc

This will open a simple text editor. Now go to the bottom of the file by hitting the following keystrokes (or endlessly scrolling down):

CTRL+W CTRL+V

Paste in the following values at the bottom of the file:

ControlPort 9051
ControlListenAddress 127.0.0.1
HashedControlPassword 16:3E73307B3E434914604C25C498FBE5F9B3A3AE2FB97DAF70616591AAF8

Now hit CTRL+O to write the file and CTRL+X to exit the file editor. Now type:
service tor restart

This will restart TOR and it should have our new settings in place. Note that if you want to use a password other than PythonRocks you will have to follow the steps above substituting your own password in place, and you will also have to later change the associated Python code.

We are almost ready to start writing some code. The last step is to grab my list of .onion addresses (at last count around 7182 addresses) so that your script has a starting point to start scanning hidden services.

wget https://raw.githubusercontent.com/automatingosint/osint_public/master/onionrunner/onion_master_list.txt

Whew! We are all setup and ready to start punching out some code. At this point you can switch to your local machine or if you are comfortable writing code on a Linux server by all means go for it. I find it easier to use WingIDE on my local machine personally.

A Note About Screen

You notice that both sets of instructions I have you run the screen command. This is a handy way to keep your session alive even if you get disconnected from your server. When you want to jump back into that session, you simply SSH back into the server and execute:
screen -rx

This will be handy later on when you start doing your scanning work, as it can take days for it to complete fully.

Hele artikel hier http://www.automatingosint.com/blog/2016/07/dark-web-osint-with-python-and-onionscan-part-one/

Voorbeeld van resultaat:

onionscan 3g2upl4pq6kufc4m.onion
2016/08/08 04:00:55 Starting Scan of 3g2upl4pq6kufc4m.onion
2016/08/08 04:00:55 This might take a few minutes..

————— OnionScan Report —————
High Risk Issues: 0
Medium Risk Issues: 0
Low Risk Issues: 0
Informational Issues: 4

Info: Missing X-Frame-Options HTTP header discovered!
Why this is bad: Provides Clickjacking protection. Values: deny – no rendering within a frame, sameorigin
– no rendering if origin mismatch, allow-from: DOMAIN – allow rendering if framed by frame loaded from DOMAIN
To fix, use X-Frame-Options: deny
Info: Missing X-XSS-Protection HTTP header discovered!
Why this is bad: This header enables the Cross-site scripting (XSS) filter built
into most recent web browsers. It’s usually enabled by default anyway,
so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.
To fix, use X-XSS-Protection: 1; mode=block
Info: Missing X-Content-Type-Options HTTP header discovered!
Why this is bad: The only defined value, “nosniff”, prevents browsers
from MIME-sniffing a response away from the declared content-type.
This reduces exposure to drive-by download attacks and sites serving user
uploaded content that, by clever naming, could be treated as executable or dynamic HTML files.
To fix, use X-Content-Type-Options: nosniff
Info: Missing X-Content-Type-Options HTTP header discovered!
Why this is bad: Content Security Policy requires careful tuning and precise definition of the policy.
If enabled, CSP has significant impact on the way browser renders pages (e.g., inline
JavaScript disabled by default and must be explicitly allowed in policy).
CSP prevents a wide range of attacks, including Cross-site scripting and other cross-site injections.
To fix, use Content-Security-Policy: default-src ‘self’

Omdat Kodi standaard een te kleine cache heeft om langer IPTV te kunnen streamen is hier een tip om dit op te lossen en dat is de cache vergroten door het bestand advancedsettings.xml te creëren en te plaatsten op deze locatie:

/home/osmc/.kodi/userdata

A safe setting for most devices with 1GB of RAM that should help most users “on the edge”. All protocols get cached, cache rate fills up pretty much as fast as possible, and cache size is 150MB, using 400MB of ram total.

advancedsettings.xml

<advancedsettings>
   <network>
      <buffermode>1</buffermode>
      <cachemembuffersize>157286400</cachemembuffersize>
      <readbufferfactor>20</readbufferfactor>
   </network>
</advancedsettings>

Hele artikel hier http://kodi.wiki/view/HOW-TO:Modify_the_video_cache