User Controls
Static sites for Hidden Services.
-
2022-03-21 at 5 PM UTCThe best hidden service from a security stand point is a simple one. Reason being; simplicity has less vectors for potential adversaries to exploit. I prefer those frameworks, that let you write static sites in Markdown for formatting purposes that include features for exporting the files as HTML.
Recently i have started to use Ghostwriter, which is exactly the kind of text editor that allows you to do the things i described. I have more complex frameworks like Bootstrapper,but considering it's Node and Electron based, it relies on Javascript, which can be used to create static sites, but again, JS expands the attack surface of the web app.
Ghostwriter allows me to add custom CSS for enhanced formatting. Now i was wondering if you were familiar with any CSS packages that do not rely on third party CDNs which i can import directly into my Ghostwriter and run locally.
If you have any experience with the type of frameworks and manner of doing Web Dev in the way i described i would love to get your insight.
Thanks in advance. -
2022-03-21 at 8:02 PM UTCJS is pretty vulnerable but idk enough to know how to disable the more problematic elements. The way you're talking of doing would probably take alot longer to input tho
-
2022-03-22 at 9:05 PM UTC
-
2022-03-26 at 2:05 AM UTCI think any CSS framework will work without a CDN, historically it’s just been encouraged because e.g. bootstrap is likely to already be in your cache. Don’t think that holds true for modern browsers anymore though.
Idk tho, tailwind is the hot one. Everyone knows BS. Foundation used to be the cool option for people who thought BS was overused.
I haven’t used a CSS framework in years though. CSS is one of those things where everyone wants something custom and it’s simple enough that frameworks lose their value proposition after not that much custom stuff being piled on top -
2022-03-27 at 3:37 PM UTCI'm not sure if it's what you're discussing, but I wrote up a little android app that creates a web forum and it only uses html and css. I ran it for a little while on TOR. It was ghetto, you posted on it and I had you pentesting it.
It actually had quite a few bugs and there were serious security issues on it that I had not noticed at first. -
2022-03-28 at 2:41 PM UTC
Originally posted by Lanny I think any CSS framework will work without a CDN, historically it’s just been encouraged because e.g. bootstrap is likely to already be in your cache. Don’t think that holds true for modern browsers anymore though.
Idk tho, tailwind is the hot one. Everyone knows BS. Foundation used to be the cool option for people who thought BS was overused.
I haven’t used a CSS framework in years though. CSS is one of those things where everyone wants something custom and it’s simple enough that frameworks lose their value proposition after not that much custom stuff being piled on top
That's a good point, but as a hacker i am a fundamentally lazy developer lmao. I could write something myself, true.
On a related note. There is an addon for Firefox, Chrome and Brave called Local CDN. It installs the third party CSS stuff locally so your browser doesn't need to waste bandwidth requesting it. Supposedly it makes your browser run faster. Now i am pretty good Node and all it's funky little frameworks, like dev-ext, which is the flavor used to build extensions and addons and i bet i could reverse engineer Local CDN, or just pluck out the stuff that gets loaded locally so i have a wide array to choose from.
Although that seems like a lot of work compared to just writing something simple but effective myself.
Originally posted by Misterigh I'm not sure if it's what you're discussing, but I wrote up a little android app that creates a web forum and it only uses html and css. I ran it for a little while on TOR. It was ghetto, you posted on it and I had you pentesting it.
It actually had quite a few bugs and there were serious security issues on it that I had not noticed at first.
I am planning on hosting it on my smol datacenter/VM lab. And yeah i remember that, good times, i am always up for helping a fellow cyborg out (n_n") -
2022-03-28 at 2:43 PM UTCSpeaking of pentesting, there's a potential vector for click jacking in ISS but it's probably a false positive due to Captchas, they tend to do that, and i also have reason to believe there is a Cross Site Request Forgery vuln, i'll look into it some more and if it's serious i'll report back to you Lon Lon-Chon.