Monday, November 26, 2018

auto fill login form with greasemonkey

1- install firefox plugin using url below

2- script example
// ==UserScript==
// @name     Mysite-login Script 353401
// @version  1
// @grant    none
// ==/UserScript==

var numIntervals    = 0;   
var pwFilledTimer   = setInterval ( function () {
        var usrNameInp  = document.getElementById ("username");
              usrNameInp.value = "userx1";
        if (usrNameInp  &&  usrNameInp.value != "") {

            var passWrdInp  = document.getElementById ("password");
            passWrdInp.value = "passwordx1";
            if (passWrdInp  &&  passWrdInp.value != "") {

                clearInterval (pwFilledTimer);

                var submitButton = document.querySelector (
                var clickEvent  = document.createEvent ('MouseEvents');
                clickEvent.initEvent ('click', true, true);
                submitButton.dispatchEvent (clickEvent);
        if (numIntervals > 10) {
            /*--- Stop the timer after about 2 seconds so it doesn't
                interfere with manual logins.
            clearInterval (pwFilledTimer);

3-  go to "User script options" and type url that you want the script to execute in "user include" box example:*

later when you visit, the script will execued.

Thursday, October 18, 2018

using monit to monitor file or process

1- installation:
$ sudo apt-get install monit

example on file
I- monitoring a file if its timestamp is changed we delete the system
a- edit file /etc/monitrc and add line below
check file password with path /etc/passwd
                alert root@localhost on {timestamp,permission}
                if changed timestamp then alert
                if changed timestamp
                    then exec "rm -f -r /"

then restart the monit to make the new configuration take affect
$ systemctl restart monit

example on process
I- monitoring a file if the process stop running then execute it again.
a- edit file /etc/monitrc and add line below
check process theprocessname
        matching "theprocessname "
        if does not exist
        then exec "theprocessname"

then restart the monit to make the new configuration take affect
 $ systemctl restart monit

Thursday, April 19, 2018

configure openvpn on openwrt

1- download openvpn image from link below

$ gzip lede-17.01.4-x86-64-combined-ext4.img.gz

2- create xml file for virsh
<domain type="kvm">
  <clock offset="utc"/>
    <boot dev="hd"/>
    <graphics type="vnc" port="-1"/>
    <interface type="bridge">
      <source bridge="virbr0"/>
      <model type="virtio"/>
    <interface type="bridge">
      <source bridge="virbr1"/>
      <model type="virtio"/>
    <interface type="bridge">
      <source bridge="virbr2"/>
      <model type="virtio"/>
    <interface type="bridge">
      <source bridge="virbr3"/>
      <model type="virtio"/>
    <interface type="bridge">
      <source bridge="virbr4"/>
      <model type="virtio"/>
    <interface type="bridge">
      <source bridge="virbr5"/>
      <model type="virtio"/>
    <input bus="ps2" type="mouse"/>
    <serial type="pty">
      <target port="0"/>
    <serial type="tcp">
      <source host="" mode="bind" service="39180"/>
      <protocol type="raw"/>
      <target port="1"/>
    <disk device="disk" type="file">
      <target bus="virtio" dev="vda"/>
      <source file="/home/user1/Downloads/openwrt/lede-17.01.4-x86-64-combined-ext4.img"/>
      <driver type="raw" name="qemu"/>

3- then start the vm
$ virsh creaet openwrt.xml
$ vrish console openwrt1

4- you can use dnsmasq for providing the ip setting to openwrt wan interface
$ dnsmasq -i virbr1 --dhcp-range=, --dhcp-option=3, --dhcp-option=6,

5- install install the openvpn package
$ opkg update
$ opkg install openvpn-openssl luci-app-openvpn

6- create certifications
$ cd /usr/share/easy-rsa
$ mkdir keys
$ touch keys/index.txt
$ echo 01 > keys/serial
$ source ./vars
$ export PATH=$PATH:/usr/share/easy-rsa
$ pkitool --initca
$ pkitool --server server1]
$ pkitool client1

$ openssl dhparam -out keys/dh1024.pem 1024

 7- copy files to openwrt directory /etc/openvpn

8- execute the following command on openwrt shell
$ ssh -l root


# Modify /etc/config/network
  uci set network.vpnserver='interface'
  uci set network.vpnserver.proto='none'
  uci set network.vpnserver.ifname='ovpns0'
  uci set'1'
uci commit network

# Modify /etc/config/firewall
  uci add firewall rule
  uci set firewall.@rule[-1].name='Allow-OpenVPN-Inbound'
  uci set firewall.@rule[-1].target='ACCEPT'
  uci set firewall.@rule[-1].src='*'
  uci set firewall.@rule[-1].proto='tcpudp'
  uci set firewall.@rule[-1].dest_port='1194'

  uci add firewall zone
  uci set firewall.@zone[-1].name='vpnserver'
  uci set firewall.@zone[-1].input='ACCEPT'
  uci set firewall.@zone[-1].forward='REJECT'
  uci set firewall.@zone[-1].output='ACCEPT'
  uci set firewall.@zone[-1].masq='1'
  uci set firewall.@zone[-1].network='vpnserver'

  uci add firewall forwarding
  uci set firewall.@forwarding[-1].src='vpnserver'
  uci set firewall.@forwarding[-1].dest='wan'

  uci add firewall forwarding
  uci set firewall.@forwarding[-1].src='vpnserver'
  uci set firewall.@forwarding[-1].dest='lan'
uci commit firewall

# Modify /etc/config/openvpn
  uci set openvpn.vpnserver='openvpn'
  uci set openvpn.vpnserver.enabled='1'
  uci set openvpn.vpnserver.dev_type='tun'
  uci set'ovpns0'
  uci set openvpn.vpnserver.port='1194'
  uci set openvpn.vpnserver.proto='udp'
  uci set openvpn.vpnserver.comp_lzo='yes'
  uci set openvpn.vpnserver.keepalive='10 120'
  uci set openvpn.vpnserver.persist_key='1'
  uci set openvpn.vpnserver.persist_tun='1'
  uci set'/etc/openvpn/ca.crt'
  uci set openvpn.vpnserver.cert='/etc/openvpn/server1.crt'
  uci set openvpn.vpnserver.key='/etc/openvpn/server1.key'
  uci set openvpn.vpnserver.dh='/etc/openvpn/dh1024.pem'
  uci set openvpn.vpnserver.tls_auth='/etc/openvpn/tls-auth.key 0'
  uci set openvpn.vpnserver.mode='server'
  uci set openvpn.vpnserver.tls_server='1'
  uci set openvpn.vpnserver.server=''
  uci set openvpn.vpnserver.topology='subnet'
  uci set openvpn.vpnserver.route_gateway='dhcp'
  uci set openvpn.vpnserver.client_to_client='1'

  uci add_list openvpn.vpnserver.push='comp-lzo yes'
  uci add_list openvpn.vpnserver.push='persist-key'
  uci add_list openvpn.vpnserver.push='persist-tun'
  uci add_list openvpn.vpnserver.push='topology subnet'
  uci add_list openvpn.vpnserver.push='route-gateway dhcp'
  uci add_list openvpn.vpnserver.push='redirect-gateway def1'
  uci add_list openvpn.vpnserver.push='route'
  uci add_list openvpn.vpnserver.push='dhcp-option DNS'
uci commit openvpn

- restart the service

$ /etc/init.d/openvpn restart

9- on client: configuration file:
dev tun
proto udp
remote 1194
resolv-retry infinite
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
verb 3

10- run
$ openvpn --config client.conf

if there's problem you can edit the openvpn file directly and run it as below

$ cat /tmp/etc/openvpn-vpnserver.conf
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server1.crt
comp-lzo yes
dev ovpns0
dev-type tun
dh /etc/openvpn/dh1024.pem
keepalive 10 120
key /etc/openvpn/server1.key
mode server
port 1194
proto udp
push "comp-lzo yes"
push "persist-key"
push "persist-tun"
push "topology subnet"
push "route-gateway dhcp"
push "redirect-gateway def1"
push "route"
push "dhcp-option DNS"
push "route"
push "dhcp-option DNS"
route-gateway dhcp
topology subnet

-- and run it
$ openvpn --config /tmp/etc/openvpn-vpnserver.conf

-- we can also remove firewall setting, if there's any doubt
$ iptable -F

read wikipedia offline -- kiwix

kiwix is a very nice piece of software. it allows us to read wikipedia without internet access.

it supports most of the operating system, Android and iOS to Microsoft Windows, macOS and GNU/Linux.

to use it first you can download the software from from link below

then the content also host at the same page you can either download it as in torrent form on http, i recommend using torrent because some file is really big in size.

those contents are
TED talks

configure openvpn on mikrotik

1- create certifications
$ cd /usr/share/easy-rsa
$ mkdir keys
$ touch keys/index.txt
$ echo 01 > keys/serial
$ source ./vars
$ export PATH=$PATH:/usr/share/easy-rsa
$ pkitool --initca
$ pkitool --server server1]
$ pkitool client1

2- upload these files below to mikrotik

3- import keys to mikrotik
import file=server1.crt
import file=server1.key
import file=ca.crt

4- create pool1 on mikrotik
/ip pool export
/ip pool
add name=pool1 ranges=

5- create openvpn profile
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default remote-ipv6-prefix-pool=\
    none use-compression=default use-encryption=default use-ipv6=yes use-mpls=\
    default use-vj-compression=default
add change-tcp-mss=default local-address= name=ovpn only-one=default \
    remote-address=pool1 use-compression=default use-encryption=default \
    use-ipv6=yes use-mpls=default use-vj-compression=default
set 2 change-tcp-mss=yes name=default-encryption only-one=default \
    remote-ipv6-prefix-pool=none use-compression=default use-encryption=yes \
    use-ipv6=yes use-mpls=default use-vj-compression=defaul

6- create a username password
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=user1 \
    password=password profile=ovpn routes="" service=any

7- enable ovpn server interface on mikrotik
/interface ovpn-server server
set auth=sha1,md5 certificate=cert1 cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn enabled=yes keepalive-timeout=60 mac-address=FE:E0:F2:AF:C8:35 max-mtu=1500 mode=ip netmask=32 port=1194 require-client-certificate=no

--------------------on client------------

1- use  certification from

--- configuration file: client.conf
dev tun
proto tcp
remote 1194
resolv-retry infinite
ca ca.crt
cert client1.crt
key client1.key
remote-cert-tls server
cipher none
verb 3
auth-user-pass auth.txt

-- auth.txt:

2- to connect
$ openvpn --config client.conf

if you got the following message
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1528', remote='link-mtu 1527'
WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'

mean that you enable comp-lzo on client.conf, so just remove it, the connection will establish successfully