rabbitmq basics

A quick guide to some basics of running a RabbitMQ server:

Start the service:
service rabbitmq-server start

Remove the default ‘guest’ user:
rabbitmqctl delete_user guest

Set up a new user for administrative purposes:
rabbitmqctl add_user <admin_user> <password>
rabbitmqctl set_user_tags <admin_user> administrator

Set up a new user for the specific instance (vhost) you’ll be using:
rabbitmqctl add_vhost <vhostname>
rabbitmqctl add_user <username> <password>
rabbitmqctl set_permissions -p <vhostname> <username> "^<username>." "." ".*"

Check that everything looks OK:
rabbitmqctl list_vhosts
rabbitmqctl list_users
rabbitmqctl list_permissions -p dev
rabbitmqctl status


Getting Rid of Windows 8.1 Touch Screen Popups

So, this is just a quick tech tip so I don’t lose track of this in the future. If you’re using Windows 8.1, you may start seeing “helpful” pop-ups explaining new ways of using the OS. Designed to assist users in transitioning to the wonders of touch-screen bliss, they are nothing more than just plain bothersome if you do not have a touch-screen, especially since they don’t go away until you do what the screen asks.

In theory you can use your mouse to perform whatever task is being shown, but for me that has proven problematic – partly because I’m running Windows inside a VM I guess.

To kill these there are a couple of things you can do:

  1. Disable the touchscreen device in the device manager. If you don’t have one, it’s useless anyway. Just open up the device manager, find the touch-screen, right click on it, and select “disable”. Why does Windows add a touch-screen device when there isn’t one? Who knows.
  2. Run a command prompt as administrator, then execute the following command:

    reg add HKCUSoftwarePoliciesMicrosoftWindowsEdgeUI /v DisableHelpStick /t reg_dword /d 1 /f

That’s all there is to it. Simple fix, but there’s no way I’d remember it next time I rebuild.

Configuring Firefox For Web App Pen Testing

You know the routine: you get a gig doing a web app pen test. You break out Burp (or whatever lesser proxy you prefer), and get ready to ruin some developer’s day. And then, just as you get ready to load the target URL and start, you see a ton of update requests hit the proxy.

It’s annoying. Your logs are polluted, and if you have to turn them over to the client, the extra noise strips some of the professionalism from your image (as a sidenote: Burp’s “only save in-scope items” feature helps quite a lot with this).

Here then, is a quick guide on how to tweak Firefox so that it doesn’t spew stupid crap in your web app pen test log files. I may come back and explain the “why” behind some of these later, but for now, just the “how” will have to do. (Note: some of these settings reduce the security of the browser. My presumption here is that Firefox will only be used for testing, not for general purpose browsing. The settings below reflect that.)

1) Open about:config
2) Disable Safe Browsing
3) Disable Pipelining
4) Disable Pre-fetching
5) Remove all bookmarks
6) Set homepage to about:blank for startup
7) Make sure history is enabled, but disable search suggestions
8) Disable checking for updates
9) Just say no to helping developers
10) Disable updates for sync

That’s it. Now you can go forth, and break all the things, knowing that your log files will be nice and tidy afterwards.