KeePassXC Password Manager – Use Auto-Type Instead of the KeePassXC Plugin

July 22, 2023 by Charlie Leave a Comment

Avoiding Browser Plugins with KeePassXC

KeePassXC is a popular free open source password manager. As a stand-alone program, KeePassXC can be used to log in to websites as well as desktop programs. Browser plugins are available that will automatically fill in usernames and and passwords from the KeePass database. The plugins obtain the correct login information by scanning the URL of the browser, matching it with one in the KeepassXC database, and then filling in the login information.

Unfortunately, from a security standpoint, using a browser plugins or extension with KeePassXC introduces an additional attack vulnerability. You should generally minimize the use of plugins, particularly ones that must access the encrypted KeePass database.

But without the plugin, KeePassXC is unable to obtain the URL and unable to fill in the log-in information.

What to do?

KeePassXC Auto-Type Feature

Instead of a browser plugin, use KeePassXC’s auto-type feature. By typing the auto-type hot-key, a KeePassXC window is raised which allows you to select the correct username and password for the site.

But this method only brings up entries that match the title of the site, not the URL. Without a browser plugin, the site is unable to recognize the URL and match it with the correct entry in the KeePass database. As a result, many times KeePassXC will fail to find the correct entry for the site and one needs to resort to manually copy and pasting the entry.

Solving the Missing Entry Problem When Using Auto-Type

To solve the problem of KeePassXC auto-type not finding your password entry, edit the auto-type tab of the particular entry to specify the window it should be triggered by and specify the words it should look for in the title.

Alternatively, you can use a plugin like TitleURL which will insert the domain of the website into the title of the page, thus triggering the entry as long as the URL is specified in the entry. This makes the auto-type feature MUST easier to use. Of course, using a plugin opens a possible attack vector, but at least the plugin won’t be accessing the KeePass database.

Simplest Wireguard Setup Ever

March 26, 2021 by Charlie Leave a Comment

Wireguard

Wireguard is the newest way to setup a VPN for your home servers. What will this do for you ? It allows you to access your Raspberry Pi or other local servers located at home behind your router (or even your router itself) from outside your network by simply using a Wireguard client (either on a mobile phone or using a computer). You then access your local servers with the same ip addresses you do at home. For example, if my router is 192.168.1.1., I can be half way around the world and type in “192.168.1.1” and get my router control panel.

A recent podcast of Linux Unplugged “Back to the Freedom Dimension” had some really useful information on Wireguard and some interesting use cases. Paraphrasing one of the hosts, Wireguard is like having a very long ethernet cable into your home router.

The simplest method I have found to install Wireguard on Raspberry Pi is to use Docker following this post from The Digital Life.

Here is the somewhat modified docker compose file I use:

Wireguard Docker Compose file



version: "2.1"
services:
  wireguard:
    image: linuxserver/wireguard
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - PUID=1001
      - PGID=1001
      - TZ=[*Insert Your TZ Database name from  https://en.wikipedia.org/wiki/List_of_tz_database_time_zones*]
      - SERVERURL=[Insert Your Dynamic DNS domain name pointing to local server, e.g., www.mylocalserver.com] #optional
      - SERVERPORT=42842#optional
      - PEERS=1 #optional
      - PEERDNS=auto #optional
    volumes:
      - ./config:/config
      - /lib/modules:/lib/modules
    ports:
      - 42842:51820/udp
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

version: "2.1"

services:

wireguard:

image: linuxserver/wireguard

container_name: wireguard

cap_add:

- NET_ADMIN

- SYS_MODULE

environment:

- PUID=1001

- PGID=1001

- TZ=[*Insert Your TZ Database name from https://en.wikipedia.org/wiki/List_of_tz_database_time_zones*]

- SERVERURL=[Insert Your Dynamic DNS domain name pointing to local server, e.g., www.mylocalserver.com] #optional

- SERVERPORT=42842#optional

- PEERS=1 #optional

- PEERDNS=auto #optional

volumes:

- ./config:/config

- /lib/modules:/lib/modules

ports:

- 42842:51820/udp

sysctls:

- net.ipv4.conf.all.src_valid_mark=1

restart: unless-stopped

Now it’s just a matter of typing “docker-compose up -d” and you have a running wireguard instance. Set up the clients as described in The Digital Life post.

How to Force Google Safe Search on DD-WRT

January 28, 2020 by Charlie Leave a Comment

Try Oone of These Two Methods to Force Google Safe Search

These two methods will enforce Google’s safesearch on all computers on your network (keep in mind that this won’t work for cell phones or other devices using cellular data). This is specific to any router using the DDWRT firmware. DDWRT is an open source firmware that is available to be flashed on a number of routers (check the DDWRT website for a list of compatible routers and installation details)

Method #1 of Forcing Google’s Safe Search – Rewrite DDWRT’s Hosts File on Startup

The simplest way to do this is to have your router edit your hosts file on each startup as follows:

Go to Administration->Commands
Click “Edit” and add the following script:

echo '216.239.38.120 www.google.com 216.239.38.120 encrypted.google.com 216.239.38.120 google.com' >> /etc/hosts restart_dns

1
2
3
4

echo '216.239.38.120 www.google.com
216.239.38.120 encrypted.google.com
216.239.38.120 google.com' >> /etc/hosts
restart_dns
Click “Run Commands”
Click “Save Startup”
Done!

What does this do ? It redirects those urls to the ip address of forcesafesearch.com. Your hosts file will be wiped out on every reboot of the router but the script will restore the settings.

While this is a very easy way of forcing safesearch, the disadvantage is that Google could change the ip address of safesearch. In addition, this method doesn’t permit wild cards.

Method #2 of Forcing Google SafeSearch- Use DNSMasq

This method permits wildcards:

Make sure that you have DNS masq enabled.
Services->Additional DNSMasq option Box.

Insert the following (Note the DOT before google.com, the dot acts as a wild card to pickup any subdomains):

local=/local/ expand-hosts address=/.google.com/216.239.38.120

1
2
3

local=/local/
expand-hosts
address=/.google.com/216.239.38.120
It should look like this:
Click “Save” (button bottom of page)
Click “Apply Settings”
Done! If it doesn’t work right away you may need to reboot the router (use the button on the Services tab)

geekvisit.com

Hacks, Tutorials, Tips and Tricks for Windows and Linux Enthusiasts

Security