I often find myself writing reporting tools in PHP. For work, I wrote a tool to parse Kismet XML files and generate a nice report out of the data. I may talk more about that later on.
One of the things I wanted to do was to reference an OUI table so that I can include the manufacturer of each discovered access point in the report. I figure this may help some people, as this function seems useful anywhere that MAC addresses show up.
I started with the nmap-mac-prefixes file from the nmap subversion tree (and source distribution), but I had to clean it up a bit and turn it into something halfway friendly to cram into an array in PHP, although I suppose I could have done an external grep or loaded the entire file dirty with file_get_contents(). I opted to load the array using the OUI as the key, though. To do that, I did this ugly bit of shell-fu:
grep -v ^# nmap-mac-prefixes | sed s/[\"\',]/" "/g |\
sed s/" "/"\"=>\""/ | sed 's/.*/\ "&\",/' > ouilookup.php
Which resulted in thousands of lines like this:
"000000"=>"Xerox",
"000001"=>"Xerox",
"000002"=>"Xerox",
Next, I had to make it into a function and add the Array() syntax around it:
<?php
function ouilookup($mac)
{
$ouilist=Array("000000"=>"Xerox",
"000001"=>"Xerox",
"000002"=>"Xerox",
"000003"=>"Xerox",
"000004"=>"Xerox",
[... Thousands of lines ... ]
"FCFBFB"=>"Cisco Systems",
"525400"=>"QEMU Virtual NIC",
"B0C420"=>"Bochs Virtual NIC",
"DEADCA"=>"PearPC Virtual NIC",
"00FFD1"=>"Cooperative Linux virtual NIC");
$oui=strtoupper(substr(preg_replace('`[^a-z0-9]`i','',$mac),0,6));
$vendor=$ouilist[$oui];
return($vendor);
}
?>
The whole thing can be downloaded here: ouilookup.txt (rename to .php)
To use it, simply include the file, and call ouilookup() with the MAC address in pretty much any hex format you want (xx:xx:xx:xx:xx:xx, xx-xx-xx-xx-xx-xx or xxxxxxxxxxxx are common)
A quick and dirty example using PHP from the command-line:
<?php
//oui.php - ouilookup() test
include('ouilookup.php');
$vendor=ouilookup($argv[1]);
echo $vendor . "\n";
?>
$ php oui.php 00:11:22:33:44:55
Cimsys
2010-05-18
OUI (MAC Address Vendor) Lookup with PHP
2010-05-17
OpenBSD 4.7 + Chrooted Apache, MySQL & Suhosin PHP
FYI - There's now a page that covers OAMP for all recent versions of OpenBSD. My OAMP series is a popular one. Although OpenBSD 4.7 doesn't come out for 2 more days, the media has already shipped to those who pre-ordered. And, as I mentioned previously, you'll want to get crack-a-lacking on those patches. As of the time of writing, there are already 4 patches to install for OpenBSD 4.7, which affect all architectures.
I'll spare you the verbosity. The installation procedure for getting OpenBSD, Chrooted Apache, MySQL and Suhosin-hardened PHP all working together hasn't changed one bit in OpenBSD 4.7. You can follow my instructions verbatim from the OAMP 4.6 Walk-Through, with one minor difference: make sure you change "4.6" to "4.7" when defining PKG_PATH in your .profile.
I was able to go from an empty virtual machine to a fully-functioning, chrooted install of WordPress in under 30 minutes just by following the instructions (and, of course, pointing the PKG_PATH to the packages on the media, not FTP, since the 4.7 branch hasn't hit the Internet yet)
Now that blogger has the ability to store "pages", I may eventually convert this article series to a living document. There are also some lazy shortcuts I take that kind of go against traditional OpenBSD methods (directly launching stuff from rc.local, editing rc.conf instead of making changes in rc.conf.local, etc) - I may get around to de-cruft-ifying this how-to at the same time. Otherwise: Enjoy!
2010-05-10
Back in action
Today was my first day back to work since January 8th.
Labels: jobs
2010-05-04
Conspiracy Theory: A Battle.net security shill?
A few days ago, my wife logged in to World Of Warcraft only to find that all of her characters had been pretty much stripped of everything. Her username isn't related to any of her mail or social media accounts, and her passwords are unique between all her various accounts. Her WoW password wasn't easy to guess by a long shot, and complex enough that I doubt it was brute forced.
Labels: conspiracy, games, InfoSec