Python – appunti sparsi

Ciclo “for”

for x in range(len(dati)):
... do_something

Files

Apertura:

f=open(filename, "wb")

i modi disponibili sono: lettura ‘r’, scrittura ‘w’, e append ‘a’. La modalità binaria ‘b’ non è necessaria in Linux, ma usarla non cambia nulla e quindi conviene usarla per compatibilià con altri sistemi.

Chiusura di un file:

f.close()

Lettura e scrittura:

f.read()

legge l’ intero file, restituisce una stringa vuota se si è già alla fine del file.
Python non effettua controlli sulla grandezza del file: sta al programmatore decidere se leggere interamente un file o no (python non controlla se un file esaurisce la memoria del computer).

f.readline()

legge una riga alla volta

Per scrivere dati (ad esempio numeri) bisogna prima convertirli in stringhe:

s = str(value)
f.write(s)

Posizione di lettura:

# Posizione di lettura attuale:
f.tell()
# Spostamento al 6° byte del file:
f.seek(5)
# Il secondo parametro di seek() stabilisce da dove contare l' offset per il posizionamento
# 0 dall' inizio del file (default)
# 1 dalla posizione corrente
# 2 dalla fine del file
f.seek(-3, 2) # Va al 3° byte dalla fine del file

JSON

Importare il modulo json.

I metodi json.load() e json.loads() leggono i dati e restituiscono un oggetto Python.
json.load() legge da un oggetto tipo file che supporti il metodo .read();
json.loads() legge i dati da una stringa contenente un documento JSON.
Analogamente json.dump() e json.dumps() scrivono dati JSON rispettivamente su un file che supporta .write() e su una stringa.

Esempi:

f=open(fileJSON, 'r')
j=json.load(f)

REGEX

Importare il modulo re.

Le funzioni re.search() e re.match() eseguono una ricerca e un test rispettivamente.
Se la REGEX ha dei raggruppamenti, questi vengono richiamati da .group(n):

m=re.search("([^/]*)-(\d+)$", stringa)
#m.group(0) restituisce l' intera stringa matchata
#m.group(1) restituisce il primo gruppo
#m.group(2) restituisce il secondo gruppo

urlparse

Importare il modulo urlparse.

La funzione urlparse() restituisce un ParseResult che è una sottoclasse di una tupla.
Al contrario, si può costruire un ParseResult utilizzando delle stringhe.
La funzione geturl() restituisce la stringa con la url.

ui=urlparse.urlparse(url_string)
uf=urlparse.ParseResult(ui.scheme, ui.netloc, "/path/to/something", "", "querystring, "")
ui.geturl()
uf.geturl()

argparse

Importare il modulo argparse.

Il primo passo è quello di creare un oggetto ArgumentParser.
Poi si aggiungono gli argomenti con le informazioni su come gestirli.
Infine si fa il parse.

Esempio:

parser=argparse.ArgumentParser(description="Breve descrizione.")
parser.add_argument("arg1", help="Stringa di aiuto")
args=parser.parse_args()
# Ora si può accedere ai valori degli argomenti
comando(args.arg1)

urllib2

Importare il modulo urllib2.

agent="Mozilla/5.0 (X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0 Iceweasel/8.0"
header={"User-Agent": agent}
req=urllib2.Request(uf.geturl(), None, header)
response=urllib2.urlopen(req)

OS

Importare il modulo os.

#cambiare la directory corrente:
os.chdir(path)
#mostrare la directory corrente:
os.getcwd()
#cambiare i permessi sul file/directory:
#esempio: os.chmod("/path/to/dir", 755)
os.chmod(path, flags)
#creare una directory:
os.mkdir(path[, mode])
#rinominare file:
os.rename(src, dst)

Verifiche sui file:

os.path.isfile(path)
os.path.isdir(path)
os.path.realpath(path)
os.path.relpath(path[, start])

Vino Debian per GDM

http://jakeyoon.com/2008/11/19/enable-vino-vnc-server-for-login-manager-gdm-in-ubuntu/

In this example, I would like to introduce a way to enable a built-in Vino VNC server for Ubuntu distribution.

1. After logging in, open up Remote Desktop option (System -> Preferences -> Remote Desktop)

2. Check “Allow other users to view your desktop” and “Allow other users to control your desktop” – this is to let others, others would be me in my case, take control of this machine

3. Uncheck “Ask you for confirmation” – when VNC is connected, VNC server will ask for a confirmation to local user. In my case, this machine will not have a local logged user since it does not have a monitor

4. If possible, assign a password – Having a password should be better than not having one even though VNC still lacks encryption and strong authentication

At this point, VNC server is just enabled with some settings; however, Vino server does not start until a user logs in. This means that Vino server is not running at User Login screen – where a user types username and password. In my case, this was not feasible since the machine will not have a monitor (nor keyboard/mouse).

5. Edit /etc/gdm/Init/Default – this gets run when gdm starts (at Login Screen)

nano /etc/gdm/Init/Default

6. Add the following line right before exit 0 at the end of the file – Vino server runs when gdm starts up

/usr/lib/vino/vino-server &

Vino server starts up when gdm starts up; however, when username and password is typed in, gdm kill this vino-server meaning VNC connection will be terminated. To prevent this,

7. Edit /etc/gdm/gdm.conf with your favorite text editor

nano /etc/gdm/gdm.conf

8. Find a commented option KillInitClients=true. Uncomment it and change it to false and save it. – this prevents vino-server from being killed right after login

KillInitClients=false

Now, you should be able to connect to the machine using VNC

Vino Debian

http://ubuntuforums.org/showthread.php?t=266981

user@localbox:~$ ssh -Y user@remotebox
user@remotebox:~$ vino-preferences

# check settings and hit close button
user@remotebox:~$ sudo -s
root@remotebox:~# export DISPLAY=:0.0
root@remotebox:~# xhost +
root@remotebox:~# /usr/lib/vino/vino-server &
# to start the vino server
root@remotebox:~# netstat -nl | grep 5900
# check to make sure vino server is listening on port 5900

exit or CTRL-D twice to close SSH session to remotebox

user@localbox:~$ ssh -L 5900:localhost:5900 user@remotebox
# establish a new SSH connection to remotebox w/forwarded VNC port
# launch Remote Desktop Viewer (vinagre) under Applications => Internet and connect to localhost

Bash completion

L’ autocompletamento programmabile della bash si imposta nel file /etc/bash.bashrc , decommentando le righe

# enable bash completion in interactive shells
#if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
# . /etc/bash_completion
#fi

questo file viene poi richiamato da /etc/profile : quindi il completamento è attivato per tutti gli utenti.
Altrimenti bisogna operare sul file ~/.bashrc per ogni singolo utente.

Bypassare captive portal

http://blog.wains.be/2009/04/24/howto-setting-up-dns2tcp/

Howto : setting up dns2tcp

Posted on April 24, 2009
The following article has been tested on Debian Etch (server) and Debian Lenny and Mac OS X (clients).Edit 03/2011 : dns2tcp client v0.5 won’t work with dns2tcp server v0.4.I’m not gonna explain what dns2tcp is, just how to get it running in less than 30 minutes.
You need :
– a public server, reachable from anywhere, its UDP/53 port must be free (no DNS service running) and reachable (not filtered)
– a domain name or subdomain dedicated for dns2tcp
– a dns2tcp client computer, your laptop usually
– a “restricted” network (captive portal, firewalled network, paying hotspot) allowing DNS requests (in our examples, we’ll be using Google DNS server 8.8.8.8, but you can try to use the LAN DNS)
Considerations :
dns2tcp public server IP : srv1.example.org (IP 1.2.3.4)
dns2tcp subdomain : tunnel.example.org (this doesn’t need an A record, just a NS record pointing to srv1.example.org)
dns2tcp resources (services which dns2tcp will make available to us) :
– SSH on TCP/22 at srv1.example.org (same machine as dns2tcp)
– SSH on TCP/22 at srv2.example.org (1.2.3.5)
DNS :
Create a NS record for the subdomain tunnel.example.org pointing to address srv1.example.orgIn ISC BIND :
tunnel.example.org. IN NS srv1.example.org.The NS you specify is NOT a DNS server, it’s the dns2tcp server !Hint : everydns.net allows creation of NS records for subdomains. Not all control panels do (Enom for example).
Server :
Install dns2tcp on srv1.example.org (apt-get install dns2tcp on Debian)
Edit the file /etc/dns2tcpd.conf like this :listen = 0.0.0.0
port = 53
user = nobody
chroot = /some/directory/
domain = example.org
ressources = ssh-home:127.0.0.1:22 , ssh-work:srv2.example.org:22
Start dns2tcp server with /etc/init.d/dns2tcp start
Make sure it’s running with ps and listening with netstat.
Client :
Don’t forget the client must already be installed on your computer when you are on the restricted network :-)
Install it right now : apt-get install dns2tcp on Debian or build it through macports on Mac OS X.Connect to the restricted network.Run the command :
dns2tcpc -z example.org 8.8.8.8
If the system is working you should see :
Available connection(s) :
ssh-home
ssh-workRun the full command now :
dns2tcpc -z example.org -l 12345 -r ssh-home 8.8.8.8
8.8.8.8 is the DNS server that will relay the encapsulated DNS requests to our dns2tcp server.
If the network restricts the use of external DNS servers, check your /etc/resolv.conf to get the DNS servers on the local network.Now dns2tcp will listen on port TCP/12345 (option “-l 12345″) and will give you access to the resource “ssh-home” through that port.Now connect to your SSH server through dns2tcp on port TCP/12345 :
ssh user@localhost -p 12345 -D 1080
You should connect to your home server !The “-D 1080″ option will create a SOCKS proxy on your local machine on port TCP/1080.Now set up your browser or any other program (like Pidgin if you want to chat) to use the SOCKS proxy at address 127.0.0.1 and port 1080.
You can also set the systemwide parameter for SOCKS proxy from the preferences panel of your OS.You should now be able to browse the internet.You can store a config file on the client computer if you don’t want to type the command everytime.. this is the config corresponding to the command :/home/USER/.dns2tcprc :domain = example.org
ressource = ssh-home
local_port = 12345
server = 8.8.8.8
This way, you just need to run dns2tcpc without argument.
If you store the config file somewhere else, run dns2tcpc -f /where/the/config/resides/dns2tcp.conf
Please note :
Your traffic is encapsulated inside small DNS packets (some firewalls can drop unusually large DNS packets), is encrypted because of SSH, etc.
This adds overhead, which makes browsing the web a bit slow but still convenient.
I’ve been able to reach 25 KB/s down and 20 KB/s BUT I haven’t been able to transfer large files though, it was taking forever to attach a 3 MB pictures to a mail in Gmail (wifi + UDP + small packets is a terrible mix)
A good idea is to use mobile versions of websites, they load faster.
To give you an idea, it can take up to a minute to display maps on Google Maps.
Since you are going through the SOCKS proxy created by the SSH connection, your traffic is encrypted and wifi users can’t snoop on you.
Obviously you can define anything as a resource in dns2tcp, for example you can point to a public web proxy but your traffic wouldn’t be encrypted !
The owner of the restricted network may notice unusually high DNS traffic while you are surfing (especially if you’re the only person using the wifi network in the hotel).

http://www.fosk.it/how-to-bypass-firewalls-or-captive-portals-with-dns2tcp.html

Have you ever found an open wireless access and when opening your browser you get a nice login screen asking you a credit card number (a captive portal)? What’s next? Make your choice: fill the form with the magic numbers or try to bypass this security mechanism!

Classic wireless hot spots commonly allow two protocols: ICMP and DNS (UDP/53). ICMP (Internet Control Message Protocol) is used to report errors and warning to the client and DNS is mandatory to resolve hostnames. While ICMP can also be used as a transport protocol (see PTunnel), firewalls may block unusual ICMP packets (ex: suspicious big packets). On the other side, there are often less restriction regarding DNS traffic.

In the following tutorial, we will use the tool dns2tcp written by two guys working for HSC, a French security company.

Required components

  • An official registered domain name. Example: mydomain.net
  • A server with a public IP address not running any DNS service. The server must run UNIX[1]. Example: my.public.server.isp.com

[1] I successfully tested dns2tcp on Linux and client also on iPhone.

Domain name zone configuration

Choose a subdomain name for your domain. In this example, we will use a subdomain dnstunnel.mydomain.net. Add the following line in your zone file:

dnstunnel    IN     NS your.public.server.isp.com.

Don’t forget to increase the serial and to reload the zone. If you don’t manage the zone yourself, ask you ISP or hoster to do this for you.

Server configuration

(these operations are performed on your public server)

Download the tarball and compile the binaries:

# cd /tmp
# tar xzvf dns2tcp-0.3.tar.gz
# cd dns2tcp-0.3
# configure
# make install

This will create two binaries (dns2tcpd and dns2tcpc) and their respective manpages. Now, we will create a configuration file /etc/dns2tcpd.conf:

# cat >/etc/dns2tcpd.conf <<EOF
listen = w.x.y.z
port = 53
user=nobody
chroot = /var/empty/dns2tcp/
domain = dnstunnel.mydomain.net
ressources = ssh:127.0.0.1:22
EOF
#

Be sure to replace the domain and the IP address with your own values! The port must be 53!

Now, start the daemon:

# ./dns2tcpcd -F -d 1 -c dns2tcpd.conf

“-F” means to run in foreground and “-d 1? enables debugging.

Client configuration

Perform the same operations as on the server side. (configure && make install). Then create the client configuration file/etc/dns2tcpc.conf:

# cat >/etc/dns2tcpc.conf <<EOF
domain = dnstunnel.mydomain.net
ressource = ssh
local_port = 2222
debug_level=1
EOF
#

Be sure to replace the domain and the IP address with your own values! The local port must be free and above 1024 to be binded by a non-root user!

Now, check if we can communicate with the server:

# ./dns2tcpc -z dnstunnel.mydomain.net <dns_server>
Available connection(s) :
	        ssh

The dns_server can be your public server or, if you are forced, the local DNS.

Start a SSH session

Now, we are ready to start a tunnel with encapsulated SSH packet:

# ./dns2tcpd -c -f dns2tcpc.conf
listening on port 2222
...

Now, start your SSH session:

# ssh -p 2222 user@127.0.0.1
...

Here we go! You’ve a session on your public server!

If you start your SSH as a socks proxy with the “-D” and configure your browser to surf thru this tunnel.

You can create as mush resources as you want on the server but packets send thru the DNS tunnel are not encrypted so SSH is recommanded as the best solution.

Continua a leggere “Bypassare captive portal”