Sunday, October 28, 2012

Git diff with Meld in Ubuntu

Are you using Git in Ubuntu and want to use a visual diff viewer? Excellent. May i suggest the awesome meld. Meld is  a visual diff and merge tool targeted at developers. Meld can diff files, directories, and version controlled projects. If you don't already have Meld, then install it:

sudo apt-get install meld

Next enter enter this into a terminal:

git config --global diff.external meld

Then navigate to a Git tracked directory and enter this (with an actual filename):

git diff filename

Meld will open but it will complain about bad parameters. The problem is that Git sends the external diff viewer seven parameters but Meld only needs two of them - which are the  filenames of files to compare. One way to fix it is to write a script to format the parameters before sending them to Meld.

Create a new python script in your home directory (or wherever, it doesn't matter) and call it


import sys
import os

os.system('meld "%s" "%s"' % (sys.argv[2], sys.argv[5]))

Now we can set Git to perform it's diff on our new script (replacing the path with yours):

git config --global diff.external /home/teroz/

git diff filename

This time when we do a diff it will launch Meld with the right parameters and we will see our visual diff - Enjoy

Sunday, October 14, 2012

Mutillidae version 2.3.7 is out

A few days ago an update "Mutillidae" version 2.3.7 (Samurai 2.0 Version) was released. Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.

If you would like to get your  website hacking practice in this is the app to do it with.
Vulnerabilities include

  1. cross-site scripting
  2. sql injection
  3. response-splitting 
  4. html injection 
  5. javascript injection 
  6. clickjacking
  7. cross frame scripting
  8. forms-caching
  9. authentication bypass

Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and others.