Posted by TechGeek on September 7, 2011
If you have an iPhone or iPod touch and you want to capture web traffic, you can use Fiddler web debugging proxy to easily capture web traffic. Fiddler is a Web Debugging Proxy which logs all HTTP or HTTPs traffic between your computer and the Internet. You can also debug traffic from popular devices like Windows Phone, iPod/iPad, and others. If you have a laptop and wireless connection, using Fiddler as proxy you can capture GET or POST request sent from your iPhone or iPod. To capture HTTP traffic,
1) Install Fiddler on your computer.
2) In Fiddler, go to Tools -> Fiddler Options, click on Connections tab.
3) Click on Allow remote computers to connect. By default, Fiddler uses port 8888.
4) Restart Fiddler to take new changes made by you.
5) Make sure your Firewall allows remote access or disable your Firewall.
6) On you iPhone/iPod, go to Settings -> Wi-Fi
7) Click on the blue right button besides your Wi-Fi connection which is active.
8) On the network settings scroll down to HTTP proxy settings, click on Manual tab.
9) Enter your HOST (your laptop) IP address and Port as 8888.
10) Browse your websites from your iPhone or iPod and you can see Fiddler starts capturing HTTP(S) traffic.
Fiddler is very good web debugging proxy and can be handy for devices like iPhone or iPod. You can see HTTP headers, GET or POST request made by any application installed on your device.
Posted in Solutions, Web | Tagged: Fiddler, iPad, iPhone, iPod, network traffic, packet capture, proxy | Leave a Comment »
Posted by TechGeek on August 9, 2011
Is WordPress categories do not appear on your site? I too have encountered this before while working on my site. I had about 35 categories at that time, only 4 parent and 6 sub categories were displayed on the site. It took a long time to come up with, but it is very easy to deal with a problem. Actually, every theme has some PHP code related to displaying the categories on the site. You must change the code in order to solve the display problem, if it is equal to mine.
In your WordPress admin panel, go to Appearance > Editor
1) Go to either your “header.php” file or “functions.php” (Theme Functions) file.
2) Look for function name like “wp_list_categories()” function call. In my case it was
“<?php wp_list_categories( ‘title_li=&orderby=count&number=10&order=DESC’ ); ?>”
See the parameters passed to this function. It shows only 10 categories in descending order, which is the maximum amount of posts. That’s the reason my site earlier used to display only 4 parent and 6 sub categories. If you change the “&number=” parameter let’s say to 50, it will display all the categories on your site.
This can vary depending on the themes and PHP files used. Here are the details of this function listed on WordPress site. If you have added category with zero posts, you will have to add “&hide_empty=0” parameter to display the category.
Once you make changes to this code, all categories should be displayed whether they have posts or not. If you want to exclude any single category, find its category ID and add “&exclude=ID” parameter.
I hope this is helpful.
Posted in Solutions, WordPress | Tagged: Categories, How-To, PHP, Solution, WordPress | Leave a Comment »
Posted by TechGeek on August 4, 2011
On August 2nd, 2011 Mark posted detailed blog mentioning technical details and scripts of WordPress hack plugin called “TimThumb”. TimThumb plugin is a simple, flexible, PHP script that resizes images for your blogs. It is a small PHP script for cropping, zooming and resizing web images like jpg, png, gif etc. As discovered my Mark, TimThumb plugin has a File upload vulnerability. An attacker can upload any file on the server to execute it.
This plugin is used by many people on their WordPress blogs and also it is bundled with many other different WordPress themes and plugin. If you have vulnerable version of this plugin, you should change the code to fix the issue as per workaround provided by Mark. File uploading vulnerabilities are not new but they are constantly used to compromise or hack the websites. There are already thousands of WordPress themes and plugin available over the Internet and new ones are coming every day. You should not blindly install each and every plugin. Do some homework before using any theme or plugin.
Security is really important for your websites. You take a lot of efforts to write on your websites and one vulnerability in any theme or plugin can provide massive damage to your website and your business. The above one is great example of this. Mark’s website got hacked due to this vulnerability and attacker injected some advertising code into his webpage’s. Attacker could have done more damage to his website since he/she can have the access to his server. You should immediately check your themes and plugin for any vulnerability.
To find, if your theme or plugin has vulnerability or not is to use Google search engine. Use theme name or plugin name along with name “vulnerability” in search string. For example, to search for TimThumb bug, search “TimThumb vulnerability” in the Google,
If you look at image above, you will news related this plugin. The second link also reveals that “Elegant Themes” are also uses this plugin inside the theme and they are too vulnerable to this attack.
Are you using vulnerable theme or plugin?
Posted in Security, Web, WordPress | Tagged: Compromise, Hacker, Image, Plugin, Security, Theme, TimThumb, WordPress | 1 Comment »