My name is Philipp C. Heckel and I write about nerdy things.
This site moved here recently from blog.philippheckel.com!

Posts Categorized / Programming


  • Jul 01 / 2013
  • 66
Android, Linux, Security

How To: Use mitmproxy to read and modify HTTPS traffic

Capturing HTTP and HTTPS traffic on your own machine is quite simple: Using tools like Wireshark or Firebug, sniffing the local connections is only a matter of seconds. Capturing and/or altering the HTTP/HTTPS traffic of other machines in your network (such as your smartphone or other laptops) on the other hand is not so easy. Especially sniffing into SSL-secured HTTPS-connections seems impossible at first. Using mitmproxy, however, makes this possible in a very easy and straight forward way.

This small tutorial shows how to use mitmproxy to transparently sniff into and alter (!) HTTPS connections of your phone or other devices in your network.

Continue Reading

  • Jun 28 / 2013
  • 14
Linux, Scripting, Synchronization

Script: Run rsnapshot backups only once and rollback failed backups using rsnapshot-once

I use rsnapshot to backup all of my data to my HTPC and home server (the home partition, office documents and the root file system). While rsnapshot is not as shiny as other backup tools, it is very flexible and effective: rsnapshot is based on rsync and makes hardlink-based backups (like cp -al), i.e. backups that point to the same inode on the disk if a file in consecutive backups is identical (much like SIS in deduplication).

However, rsnapshot is meant to be triggered by cronjobs and is built for always-on server machines rather than for lid-open-lid-close-type machines like laptops: That means that rsnapshot must be scheduled to run at a certain time (no retries!) and is not prone sudden system shutdowns. Furthermore, it does not detect failures and simply leaves unfinished backups as if they were complete. That in turn leads to more disk space being used for the backups, because the last complete backup is not really complete.

I wrote a little helper script to fix exactly this behavior: rsnapshot-once makes sure that (1) rsnapshot is only called if a backup is necessary (once every 24h for ‘daily’, once ever 7 days for ‘weekly’, …) even if rsnapshot-once is called multiple times, and (2) that crashed/interrupted backup runs are rolled-back before starting a new backup run.

Continue Reading

  • Dec 07 / 2012
  • 33
Multimedia, Scripting

Script: Refresh the Fritz!Mediaserver DLNA Index of the Fritz!Box 6360 Cable

Some of AVM’s Fritz!Box routers allow connecting a USB device and use this device as a network attached storage (NAS) via Samba/SMB in the local network. In combination with the fact that the NAS can also be accessed from the Internet via FTP, and the multimedia files can be streamed to a TV via the Fritz!Mediaserver (using DLNA), it makes a pretty basic home entertainment system. I use it to automatically copy videos (YouTube, etc.) to the NAS from my virtual server, and then watch these with my Samsung Smart TV. It’s not as great as XBMC, but it works for now.

Unfortunately, the Fritz!Mediaserver (DLNA server) does not automatically refresh the index when media files are added via Samba/SMB or FTP (only if they are added via their web interface Fritz!NAS). It can be refreshed manually via the interface on fritz.box/storage/settings.lua. But, since I like to automate things, I made a little helper to automatically refresh the index.

Continue Reading

  • Jun 15 / 2012
  • 9
Cloud Computing, Linux, Scripting

Script: Your US proxy server in one minute using Amazon EC2

Many of the well known websites determine your location based on your IP address and restrict their content or functionalities based on the country you’re in. Some examples are Gmail (Germans get only @googlemail.com-addresses, legal reasons), YouTube (content is restricted by the GEMA), and Pandora (limited to US citizens) to name only a few. To circumvent these restrictions, being able to quickly get an IP address outside of your own country is most helpful.

To do exactly that I wrote a little script that will start your very own US proxy server in one minute using Amazon EC2. In combination with browser plug-ins such as FoxyProxy, the script enables you to route all your web traffic through a proxy on an Amazon-owned machine — with an IP address in the US, Ireland, Singapore, Tokyo or Sao Paulo (location of Amazon data centers).

Continue Reading

  • Jun 10 / 2012
  • 22
Android, Mobile, Programming

Android Example: Communication between Activity and Service using Messaging

I recently wrote my first little app for my Android smartphone and I was surprised how easy it was. Being familiar with regular Java, learning the new Android APIs was very simple for the most part. However, there was one thing that wasn’t particularly straight forward: communicating between an Activity, i.e. the user interface, and a background Service started by the application. After many hours, I found some sample code on Stack Overflow which I used to create a very generic reusable solution to start, stop and communicate with your own Service implementation.

Continue Reading

  • Mar 01 / 2011
  • 43
Programming, Security

Hacking Flash Applications and Games: A Case Study

Adobe’s proprietary Flash format has become a significant part of the Internet as it is today. While its importance in Web applications is slowly decreasing due to Web 2.0 technologies and HTML5, it is still a major player in the browser game and application sector. The majority of these games and applications are for entertainment only and offer you nothing but a nice rank in the high score. On rare occasions, however, there are Flash games in which you can actually win something valuable such as concert tickets or even money. And of course there are applications that let you stream, but not download content from a website.

So what’s the problem with that, you think? The problem is that almost all Flash applications can be hacked very easily and most developers are not aware of that.

As a reminder of how vulnerable Flash applications are, this post aims to raise awareness for these issues. In a case study, it shows how a Flash-based game and its server side high score can be tricked within a few minutes using free tools only.

Continue Reading

  • Feb 01 / 2011
  • 3
Administration, Linux, Programming, Security

Altering old SVN revisions: removing confidental data from a Subversion repository

Version control systems like CVS or Subversion are designed for keeping track of the changes of a project and for having the possibility to revert to old revisions if something goes wrong. In contrast to regular relational databases, these systems are made only for adding new content to a repository, and not for removing data from it. In fact, deleting old content is not a built-in functionality in SVN, and mostly requires removing entire revisions from the repository or even creating a new one.

But what happens if you accidentally commit a password or other sensitive information to a repository? This post explains how to remove this confidential data permanently from the repository by simply overwriting it in old revisions, i.e. without having to remove revisions or create a new repository.

Continue Reading

  • Jan 12 / 2011
  • 3
Linux, Multimedia, Scripting

Picasa for Linux: Export albums in sort order

As one of the best picture organizers out there, Picasa is (in my opinion) almost complete in terms of features and has a nice look and feel at the same time. Even though Google stopped developing the Linux version after 3.0, it still works perfectly using Wine and a couple of cp-statements.

However, as stated many times by Picasa users and bloggers [1,2,3,4,…], Picasa’s export function misses a tiny little feature that maintains the sort order of the album when exporting it to a folder. Instead of renaming the pictures to keep them sorted in normal file managers (by name), Picasa just copies the files of an album to one folder and thereby destroys the order. As if that wasn’t enough, Picasa also overwrites duplicates filenames from different source folders.

This missing feature has even led to small standalone projects that fix this issue, e.g. Picasa Independent Album Exporter (PIAE) and Picasa Order Preserver. While both applications do their job, both are a bit heavyweight, and PIAE only works for Windows (and not on Wine).

This post presents a tiny little Perl script that renames pictures of an exported album according to their Picasa sort order.

Continue Reading

  • Aug 22 / 2010
  • 6
Mobile, Programming

Aware Context API (ACAPI) – Using the sensors in Java ME

The capabilities of cell phones increased dramatically in the last few years. While in the old days most mobile phones were primarily used to make phone calls, modern smart-phones are mostly all-round devices. With the possibility of accessing the Internet and the availability of various sensors (e.g. location or noise), mobile applications have become interactive and flexible. The trend towards location-based services and context-awareness allows applications to react on their surroundings and to behave intuitively towards the user.

For developers, context-awareness can be both a blessing and a curse. While the mobile operating systems iPhone OS and Android come with relatively good sensor-support, the vast majority of devices deal with Java ME’s basic and heterogeneous sensor functionalities.

The Aware Context API (ACAPI) aims to bridge this gap by providing a framework for building context aware applications for mobile devices based on Java ME. In this article, I’d like to introduce ACAPI, its structure and usage briefly. Please feel free to comment.

Continue Reading

Pages:1234