Proxmark developers community

Research, development and trades concerning the powerful Proxmark3 device.

Remember; sharing is caring. Bring something back to the community.


"Learn the tools of the trade the hard way." +Fravia

You are not logged in.

#1 2015-02-19 22:20:08

ikarus
Contributor
Registered: 2012-09-20
Posts: 221
Website

Enable/Configure HTTPS for proxmark.org

Hi,

I really want to use HTTPS on proxmark.org. Especially for the logging in to this forum!
Can someone configure the server to provide TLS? I don't care if it is a self-signed certificate... I just
don't want so send my login credentials unencrypted!

Also, this could be a great opportunity to update the website. At least a little bit...
It's really outdated... content and design. wink

Does anyone know who is responsible for the webserver?


Cheers!
ikarus

Offline

#2 2015-02-19 23:19:27

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

I have asked Roel on several occasions for Administrative control. A little while back I organised the migration to GitHub but I think giving proxmark.org a facelift is going to be impossible without Roel's help!


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#3 2015-02-20 09:02:07

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Enable/Configure HTTPS for proxmark.org

I agree. Roel if you can, give help!

Offline

#4 2015-02-21 16:22:49

ikarus
Contributor
Registered: 2012-09-20
Posts: 221
Website

Re: Enable/Configure HTTPS for proxmark.org

Yep, I remember the migration to GitHub and the discussion to update the website too.
Did Roel respond to your message?

Offline

#5 2015-02-22 23:25:23

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

ikarus wrote:

Yep, I remember the migration to GitHub and the discussion to update the website too.
Did Roel respond to your message?

Unfortunately not.

*Sent another email. Hopefully I get a reply.

If anyone has contacted Roel in the past using an email address that is not published on this site or http://nfc-tools.org/, could you please contact me?


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#6 2015-02-26 01:16:08

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

Good news!!
Roel has contacted me and I have been granted access to make changes to the site.

See post here.


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#7 2015-02-26 06:15:01

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,100

Re: Enable/Configure HTTPS for proxmark.org

Great news!  smile

Https would be nice for login. 

I personally don't care how the look and feel goes. As long as we keep the ability to show images and code snippets.  smile

Offline

#8 2015-02-26 10:26:05

asper
Contributor
Registered: 2008-08-24
Posts: 1,409

Re: Enable/Configure HTTPS for proxmark.org

I agree with marshmellow.

The post in the news and announcement section is not "answerable" so I write there: I would like to choose a forum Platform which is secure; for what I read phpBB3 is secure, any other suggestion about the Platform ?

Last edited by asper (2015-02-26 11:06:17)

Offline

#9 2015-02-26 11:56:29

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

asper wrote:

I agree with marshmellow.

The post in the news and announcement section is not "answerable" so I write there: I would like to choose a forum Platform which is secure; for what I read phpBB3 is secure, any other suggestion about the Platform ?

Ah. Sorry about that. I can post there no worries smile

Most of the sites I visit use phpBB. I don't know if any of the features we might want are missing from phpBB.
Something that also needs to be considered is the migration of data from one forum to another.


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#10 2015-02-26 21:24:14

holiman
Contributor
Registered: 2013-05-03
Posts: 566

Re: Enable/Configure HTTPS for proxmark.org

I also don't care about UI, but from what I understand, "discourse" is teh shit. Written by Jeff Atwood, the guy behind stack exchange. I don't know, maybe good. The small features I'd like to have is "active" with specified time interval,instead of only 24h. Also ability for private messages.

As for the proxmark homepage, would be nice if we could write some info about releases and development, links to blog-posts and rfid-related news (new hacks etc), links to documentation.

Offline

#11 2015-02-27 10:29:49

rule
Administrator
Registered: 2008-05-21
Posts: 416

Re: Enable/Configure HTTPS for proxmark.org

Guys, you do realize there are many plugins for this fluxbb board (like PM etc.). I'm fine with migrating to another forum, but I do like the flexibility of this one.


As for https, I'm sure I can find some time to configure a certificate in the near future.

Offline

#12 2015-02-27 14:07:02

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,100

Re: Enable/Configure HTTPS for proxmark.org

Small annoyances with the current setup ( probably easy fixes):
If you set privacy settings to allow members to email you it does not allow it.  (Don't know what that setting does.)

pm would be nice. 

Additional content clean up probably just requires more moderators.

Might be nice to have the ability to "close" a topic.  Maybe it pulls out of the "open" topics lists and doesn't allow new posts, but can be found via a search or closed section? 

Other than that it is working well IMHO.

Edit:  oh and the newbe instructions probably need some significant updates.

Last edited by marshmellow (2015-02-27 14:10:36)

Offline

#13 2015-02-28 21:52:48

ikarus
Contributor
Registered: 2012-09-20
Posts: 221
Website

Re: Enable/Configure HTTPS for proxmark.org

Great news!

phpBB(3) is really nice and feature rich. I set it up multiple times my self. But the main issue
(as pointed out by 0xFFFF) is the migration. I don't think there is a good automated tool for that.
Therefore I agree to rule's proposal to improve this fluxbb installation with plugins.
Hopefully there are good and well maintained plugins...
Using unmaintained plugins could result in a high security risk!

As for the website: I'm fine with WordPress.
It has a strong community and therefore good support.

Offline

#14 2015-02-28 23:44:40

YoungJules
Contributor
Registered: 2012-01-29
Posts: 54

Re: Enable/Configure HTTPS for proxmark.org

There are tools around, an example (I didn't try it) is discussed at https://www.phpbb.com/community/viewtopic.php?f=65&t=2109031

Otherwise, you just need to find a good programmer with plenty of ETL and database/website conversion experience (ahem!) big_smile

Regards.
YoungJules

Offline

#15 2015-03-01 12:10:13

ikarus
Contributor
Registered: 2012-09-20
Posts: 221
Website

Re: Enable/Configure HTTPS for proxmark.org

I don't think it is that easy. The script they talk about at https://www.phpbb.com/community/viewtop … &t=2109031
is for fluxBB to phpBB2. Not phpBB3. The third version is more complex. (DB structure: fluxBB vs. phpBB3)
But maybe I'm just a pessimist wink So if someone has the time to try out different conversion tools, feel free to do so!

Offline

#16 2015-03-01 22:23:19

YoungJules
Contributor
Registered: 2012-01-29
Posts: 54

Re: Enable/Configure HTTPS for proxmark.org

Yeah, I saw it was for phpbb2, but figured the path from phpbb2 to phpbb3 should be well-travelled... anyway I'm here (sometimes) if you guys do need some help smile

Offline

#17 2015-03-10 18:31:17

piwi
Moderator
Registered: 2013-06-04
Posts: 472

Re: Enable/Configure HTTPS for proxmark.org

I'd like to add to the wish list: smartphone friendly layout.

Offline

#18 2015-04-12 16:08:50

ikarus
Contributor
Registered: 2012-09-20
Posts: 221
Website

Re: Enable/Configure HTTPS for proxmark.org

rule wrote:

As for https, I'm sure I can find some time to configure a certificate in the near future.

Any news?

Offline

#19 2015-04-14 02:13:39

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

Small update...
I have been away on holidays for a little while so I have not made much progress.
A while ago I copied a dump of the FluxBB database and I am poking around with add-ons and additional security. I am thinking of re-installing FluxBB. I think there might have to be a small outage at some time.

Is there anyone out there with some graphics skills that might be interested in redoing the Proxmark artwork? (logo, main Proxmark image...)


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#20 2015-05-28 01:58:49

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

Has anyone had a look at http://flarum.org/?
Thoughts?


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#21 2015-05-28 02:07:12

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,100

Re: Enable/Configure HTTPS for proxmark.org

Just saw one complaint is it has an infinite scroll layout instead of pages.  Could get cumbersome with some topics around here.  smile  but there probably would be a way to minimize the annoyance.

Offline

#22 2015-05-28 02:19:28

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

marshmellow wrote:

Just saw one complaint is it has an infinite scroll layout instead of pages.  Could get cumbersome with some topics around here.  smile  but there probably would be a way to minimize the annoyance.

I spotted that one too. Hopefully the Beta release addresses this. It could be a good alternative to FluxBB.


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#23 2015-05-28 02:20:34

marshmellow
Moderator
From: US
Registered: 2013-06-10
Posts: 2,100

Re: Enable/Configure HTTPS for proxmark.org

Looks promising smile

Offline

#24 2016-05-10 13:29:07

suixo
Contributor
From: Paris, France
Registered: 2016-04-25
Posts: 27

Re: Enable/Configure HTTPS for proxmark.org

Another good forum CMS is Discourse: http://try.discourse.org/

It's simple (I find phpBB heavy and bloated), and modern. I also like FluxBB for its simplicity, even if PM could be an interesting option to enable.

For HTTPS, if we have access to a shell on the server / are able to execute python code, Let's Encrypt is a good way to get free and globally-recognized certificates (they encourage automation so you have to renew it every 3 months, but it is quite simple to do).

Offline

#25 2016-05-10 14:11:37

osys
Contributor
From: Nearby
Registered: 2016-03-28
Posts: 62

Re: Enable/Configure HTTPS for proxmark.org

Dear forum members,

From web development point of view, I would definitely implement https. Its a must nowadays, especially for such sensitive resources like this.
I would also rather keep FluxBB as a forum engine (it's really the best), but reuse it's authentication scheme to keep current credential leveraging the possibilities of modern frameworks like Yii2 \ Laravel to achieve interaction services like dumps exchange, etc right on the site. Proxmark is a tool, the same web site should be - application for exchanging knowledge achievements as well as keep discussions on the subject. Another point against monsters like phpBB or any other CMS will be security. Such systems more often being compromised rather than custom web applications.

I wish I would be able to leave feedback on proxmark.org face lift! topic, but seems there are restrictive permissions on it.

Edit:
I've also noticed proxmark.nl to be direct mirror of the forum\site. This can cause content duplicate btw.

Last edited by osys (2016-05-10 14:23:37)


There is no security at the end, only human factor.

Offline

#26 2016-05-11 00:41:25

0xFFFF
Administrator
From: Vic - Australia
Registered: 2011-05-31
Posts: 518

Re: Enable/Configure HTTPS for proxmark.org

osys wrote:

I wish I would be able to leave feedback on proxmark.org face lift! topic, but seems there are restrictive permissions on it.

Oh. I wasn't thinking when I created the original post. It has been moved now. Try again.


modhex(ecijhhhhhhhhfchdhbidhniihghdduhehvhtduhbig)

Offline

#27 2016-05-29 11:01:53

ikarus
Contributor
Registered: 2012-09-20
Posts: 221
Website

Re: Enable/Configure HTTPS for proxmark.org

So it has been over a year now...

Let's stick to the important thinks here: This site needs SSL/TLS!
I'm happy if it will also get a face lift, but the first priority should be
to add HTTPS support. As osys said: "It's a must nowadays, especially
for such sensitive resources like this." So could we please make this
happen? Every time I login to this my stomach hurts... wink

Let's Encrypt is even out of beta by now.
So it easy to obtain a certificate (if you are in control of the server).

@0xFFFF
You said "Roel has contacted me and I have been granted access to make changes to the site.".
Do the gained privileges include all the needed stuff? (updating webserver configuration, etc.)

Offline

#28 2017-03-02 22:07:13

ikarus
Contributor
Registered: 2012-09-20
Posts: 221
Website

Re: Enable/Configure HTTPS for proxmark.org

So nearly another year has gone by...
Well, some things have changed. The forum was updated!
Thank you roel and iceman!

However, HTTPS is still an issue. Browsers like Firefox even started
to inform the user visually about insecure connections.

@roel & @iceman: I know your time is very limited. But can you please
use some of this time and configure Let's Encrypt? I can help you with
that If you want to. It just "hurts" me to enter my credentials knowing
that they will leave my computer encrypted.

Offline

#29 2017-03-02 22:24:41

iceman
Administrator
Registered: 2013-04-25
Posts: 4,150
Website

Re: Enable/Configure HTTPS for proxmark.org

I'm happy someone likes the new look.   Not many users after I removed 10k spam accounts.  Enormously much spamers,  thanks to recaptcha, the new registrations is down to one per day.   

When it comes to configure the server,  my hands are totally locked.  I've no access to the server configs.
I'll ask Roel about a ssl-certificate.


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

#30 2017-03-09 20:10:18

jbono
Contributor
Registered: 2016-02-24
Posts: 9

Re: Enable/Configure HTTPS for proxmark.org

Well, it's possible to use the Let'sEncrypt free SSL Certificate. I could help with that if Roel needs some help or time!

Offline

#31 2017-11-10 22:12:04

JahProx
Contributor
Registered: 2017-11-10
Posts: 5

Re: Enable/Configure HTTPS for proxmark.org

If this still a problem, I could also help out! Besides that, I can also make a (free ofcourse) contribution by redesigning / rebuilding the website wink
PM if u guys are interested!

Offline

#32 2017-11-10 22:45:01

iceman
Administrator
Registered: 2013-04-25
Posts: 4,150
Website

Re: Enable/Configure HTTPS for proxmark.org

Thanks for the offer.

Things roll a bit slower in the proxmark world when it comes to certain things but eventually it will happen.


modhex(hkhehghthbhudcfcdchkigiehgduiehg)

Offline

Board footer

Powered by FluxBB