x
Click to expand

fragman

Last status update:
-
Personal Info
Date Signed Up:10/03/2010
Last Login:5/30/2015
Funnyjunk Career Stats
Content Ranking:#8617
Comment Ranking:#4476
Highest Content Rank:#1376
Highest Comment Rank:#583
Content Thumbs: 11188 total,  14444 ,  3256
Comment Thumbs: 13169 total,  15868 ,  2699
Content Level Progress: 7% (7/100)
Level 206 Content: Comedic Genius → Level 207 Content: Comedic Genius
Comment Level Progress: 71.2% (356/500)
Level 311 Comments: Wizard → Level 312 Comments: Wizard
Subscribers:20
Content Views:474978
Times Content Favorited:1484 times
Total Comments Made:2738
FJ Points:22684
Favorite Tags: it (2) | Lost (2) | the (2)

latest user's comments

#204 - the webserver doesn't give a **** since for him the ses… 11/10/2014 on Addy helps you get porn 0
#198 - You don't really have a clue about this, do you? In sslstr… 11/10/2014 on Addy helps you get porn 0
#176 - The server doesn't need to accept HTTP in order for sslstrip t…  [+] (2 new replies) 11/10/2014 on Addy helps you get porn 0
#177 - haheho (11/10/2014) [-]
Thats not how sslstrip works !
It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon.

An attacker in a privileged position - as mentioned - can intercept traffic when the user is in the http site and manipulate it to get a Man-In-The-Middle attack under HTTPS. An application is vulnerable if it have both HTTP and HTTPS.

I suggest you to check the PoC on blackhat DC 2009 for more info
#198 - fragman (11/10/2014) [-]
You don't really have a clue about this, do you?
In sslstrip, the attacker's machine opens a HTTPS connection to the server while relaying the decrypted information to the client using a separate HTTP session. So it seriously doesn't matter at all if the server allows HTTP or not, it only gets HTTPS requests anyway (by the attacker).
If an application(!) requires HTTPS, it doesn't work (obviously, since functionality wouldn't be provided by the HTTP session given by the attacker), that is correct. However, with web browsers and therefore websites this isn't the case. If it were that easy, sslstrip wouldn't be that big of an issue. The only real countermeasures for sslstrip is using HSTS (as mentioned) which still leaves some weaknesses or better blocking TCP 80 on your client's network
#163 - I wouldn't go as far as calling them unrealistic, but thanks f… 11/10/2014 on Addy helps you get porn 0
#162 - The wording was bad. What I mean is, they can force you to use… 11/10/2014 on Addy helps you get porn 0
#133 - Proxies which use ssl decryption are quite often found in work…  [+] (1 new reply) 11/10/2014 on Addy helps you get porn +1
#137 - Absolute Madman (11/10/2014) [-]
My exact thoughts. SSL is awesome but its had its fair share of issues over the years and it wouldnt be far fetched to say there could be new issues in the future(even if only at the implementation level with the libraries). Just because things are finally better doesnt mean its perfect security. One of the most dangerous idioms in security is "X is unhackable". Someone always comes along eventually to disprove it. Typically by smashing ones assumptions. And boy addy, love ya, but youre making an awful lot of assumptions.
#125 - As is admin, but at least you admit it. The ISP is less li…  [+] (1 new reply) 11/10/2014 on Addy helps you get porn +1
User avatar #165 - heartbleed (11/10/2014) [-]
Pshh not a mere vulnerability but a bad-ass password stealer from hell! Or something like that...
#123 - right, going about making ******** claims and then tell…  [+] (6 new replies) 11/10/2014 on Addy helps you get porn -2
#156 - derpyderpderp (11/10/2014) [-]
Jesus Christ kid you don't stop spewing bullshit do you? It's been stated time and time again IF THEY USE A SQUID THE WEBSERVER REJECTS THE CERT AND DISPLAYS MASS WARNINGS TO THE USER. You have no idea what you are talking about and mainly talking out your ass.
#204 - fragman (11/10/2014) [-]
the webserver doesn't give a shit since for him the session is handled properly. his communication partner is the proxy.
the browser could display a warning or even reject the connection, but in most cases this won't happen, as explained in comment 133. stop talking nonsense.
User avatar #164 - admin (11/10/2014) [-]
#195 - jeskos (11/10/2014) [-]
Can't get https to work. Chrome, FF, and even IE not working.
Doensn't format properly..
#225 - mcnizzlezz (11/10/2014) [-]
THIS I have been experiencing this for the past week as well and it wouldn't work on Chrome, Opera works fine for some reason!
#205 - Absolute Madman (11/10/2014) [-]
in my case the content doesnt load. Just a text placeholder
#122 - Could you please stop making complete ******** claims? …  [+] (4 new replies) 11/10/2014 on Addy helps you get porn +6
#172 - haheho (11/10/2014) [-]
You're idiot.
I'll explains after you , admin your point how its doesn't apply here, it doesn't mean its fully secure for the user , but hay, no site will ever be .

1- This site is secure to POODLE (TLS 1.2 only)
2- SSlstrip ONLY work if your site have the (http AND https), other than that, shove up to your ass.
3- If you're going to open in work+school , the last thing to worry about is the SSL ( as all sys admin install monitoring software in the client computer that capable to stream directly from it , if they want)

however, that doesn't mean its secure and nothing else will be, as I mentioned here in other comment www.funnyjunk.com/Addy+helps+you+get+porn/text/5349921/169#169 , you can go around it with other ways.
#176 - fragman (11/10/2014) [-]
The server doesn't need to accept HTTP in order for sslstrip to work, that's the whole point of sslstrip... The user will see that it's an HTTP connection but that's useless unless the user is aware that this specific site is designed to be HTTPS only. HSTS would help there but still isn't that ideal.
the whole point here is that the original statement is dead wrong, seeing which URLs someone is requesting has nothing to do with HTTPS, encrypted content CAN be intercepted and admin shouldn't say shit that makes users feel more secure than they actually are
#177 - haheho (11/10/2014) [-]
Thats not how sslstrip works !
It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon.

An attacker in a privileged position - as mentioned - can intercept traffic when the user is in the http site and manipulate it to get a Man-In-The-Middle attack under HTTPS. An application is vulnerable if it have both HTTP and HTTPS.

I suggest you to check the PoC on blackhat DC 2009 for more info
#198 - fragman (11/10/2014) [-]
You don't really have a clue about this, do you?
In sslstrip, the attacker's machine opens a HTTPS connection to the server while relaying the decrypted information to the client using a separate HTTP session. So it seriously doesn't matter at all if the server allows HTTP or not, it only gets HTTPS requests anyway (by the attacker).
If an application(!) requires HTTPS, it doesn't work (obviously, since functionality wouldn't be provided by the HTTP session given by the attacker), that is correct. However, with web browsers and therefore websites this isn't the case. If it were that easy, sslstrip wouldn't be that big of an issue. The only real countermeasures for sslstrip is using HSTS (as mentioned) which still leaves some weaknesses or better blocking TCP 80 on your client's network
#8 - How in ****** name do you get that result without shaving?  [+] (1 new reply) 11/09/2014 on No shave November +1
#23 - xmattx (11/10/2014) [-]
that's from monitor burn
#13 - Obviously. Who doesn't know the old verse: Remember, r… 11/09/2014 on I'm not a clever man +23
#28 - like that is in any way related. being tired doesn't mean … 11/09/2014 on How Do You Sleep? +4
#91 - ************* comps... 11/09/2014 on Uberfacts Comp 4 +1
#22 - Everytime I see one of those comics I just remember this  [+] (1 new reply) 11/08/2014 on Jesus Wept +13
User avatar #54 - dyalibya (11/08/2014) [-]
Soup nazi
Seinfeld SOUP NAZI best bits.
#13 - I couldn't resist  [+] (2 new replies) 11/08/2014 on Kentucky Fried Chaika +34
User avatar #21 - youmotherfather (11/08/2014) [-]
11/10
User avatar #14 - colalars (11/08/2014) [-]
KENTUCKY FRIED CHAIKA
#12 - Yeah... I remember that some places where I've been on holiday… 11/06/2014 on bike -9
#9 - I've been walking on sidewalks and driving a car long enough t…  [+] (4 new replies) 11/06/2014 on bike -17
User avatar #31 - thetallbeverage (11/07/2014) [-]
Where the hell do you live?
#11 - turbanmasher (11/06/2014) [-]
But you obviously haven't rode a bike on a street. It's like shitting bricks because even on residential streets, they go twice your speed. And as shown in the gif nobody even respects bike lanes.
#10 - SupperEffective (11/06/2014) [-]
Thats cool. I understand. Im not those kinda people. It just angers me that I ride within the realm of the law all the time and the one time I disobey it to protect myself I get fined basically 320 dollars for trying to avoid an accident that costs thousands of dollars and lives. I also drive and dont really run into those cyclists (except those full on tour de france cyclists to take that seriously). Maybe we live in different places, but these damn cops better at least have a bicycle lane if theyre gonna fine me for riding on the side walk
#12 - fragman (11/06/2014) [-]
Yeah... I remember that some places where I've been on holiday the cyclists were usually pretty decent. Sadly that's not the case here, they're prett much asswipes. And that while we literally have designated bike lanes on about all of the streets in towns/cities.
#6 - if you have to leave the road for your own safety (which is a …  [+] (6 new replies) 11/06/2014 on bike -25
#8 - SupperEffective (11/06/2014) [-]
I take youve never ridden a bike for practical purposes. That second part sounds stupid as shit. I think youre misestimating the dangers of a bike. You think Im going to ride my bike on the sidewalk and hit everything I see and still expect people to move out the way for me? Fuck you im riding on the sidewalk if I need to
#9 - fragman (11/06/2014) [-]
I've been walking on sidewalks and driving a car long enough to know what a fucking hazard most cyclists are. If they're on the road approaching a red light, they switch over to the sidewalk to avoid it... I see shit like that at least 3 times a week so you'll exuse me for not wanting those cunts in the space made for pedestrians.
User avatar #31 - thetallbeverage (11/07/2014) [-]
Where the hell do you live?
#11 - turbanmasher (11/06/2014) [-]
But you obviously haven't rode a bike on a street. It's like shitting bricks because even on residential streets, they go twice your speed. And as shown in the gif nobody even respects bike lanes.
#10 - SupperEffective (11/06/2014) [-]
Thats cool. I understand. Im not those kinda people. It just angers me that I ride within the realm of the law all the time and the one time I disobey it to protect myself I get fined basically 320 dollars for trying to avoid an accident that costs thousands of dollars and lives. I also drive and dont really run into those cyclists (except those full on tour de france cyclists to take that seriously). Maybe we live in different places, but these damn cops better at least have a bicycle lane if theyre gonna fine me for riding on the side walk
#12 - fragman (11/06/2014) [-]
Yeah... I remember that some places where I've been on holiday the cyclists were usually pretty decent. Sadly that's not the case here, they're prett much asswipes. And that while we literally have designated bike lanes on about all of the streets in towns/cities.
#4 - If you're riding your bike on the sidewalk, you shouldn't be t…  [+] (8 new replies) 11/06/2014 on bike -32
#5 - SupperEffective (11/06/2014) [-]
Id rather be punched in the throat than die cause those people coming off the 405 are mad as shit cause traffics. Also I was on the sidewalk for like half a block. I only went on there to make sure I can secure a safe path to get back on the tiny 18 inches of curb space Im barely allowed to be on
#6 - fragman (11/06/2014) [-]
if you have to leave the road for your own safety (which is a valid reason) you get off the fucking bike and push it until you can reenter traffic. Sidewalks are for pedestrians, not cyclist twats.
#8 - SupperEffective (11/06/2014) [-]
I take youve never ridden a bike for practical purposes. That second part sounds stupid as shit. I think youre misestimating the dangers of a bike. You think Im going to ride my bike on the sidewalk and hit everything I see and still expect people to move out the way for me? Fuck you im riding on the sidewalk if I need to
#9 - fragman (11/06/2014) [-]
I've been walking on sidewalks and driving a car long enough to know what a fucking hazard most cyclists are. If they're on the road approaching a red light, they switch over to the sidewalk to avoid it... I see shit like that at least 3 times a week so you'll exuse me for not wanting those cunts in the space made for pedestrians.
User avatar #31 - thetallbeverage (11/07/2014) [-]
Where the hell do you live?
#11 - turbanmasher (11/06/2014) [-]
But you obviously haven't rode a bike on a street. It's like shitting bricks because even on residential streets, they go twice your speed. And as shown in the gif nobody even respects bike lanes.
#10 - SupperEffective (11/06/2014) [-]
Thats cool. I understand. Im not those kinda people. It just angers me that I ride within the realm of the law all the time and the one time I disobey it to protect myself I get fined basically 320 dollars for trying to avoid an accident that costs thousands of dollars and lives. I also drive and dont really run into those cyclists (except those full on tour de france cyclists to take that seriously). Maybe we live in different places, but these damn cops better at least have a bicycle lane if theyre gonna fine me for riding on the side walk
#12 - fragman (11/06/2014) [-]
Yeah... I remember that some places where I've been on holiday the cyclists were usually pretty decent. Sadly that's not the case here, they're prett much asswipes. And that while we literally have designated bike lanes on about all of the streets in towns/cities.
#12 - I wasn't talking about the game but the enforced "service…  [+] (1 new reply) 11/06/2014 on GTA V Pc first person +1
User avatar #13 - thunderxcatsxhoooo (11/06/2014) [-]
I just signed up to have multiplayer in GTA 4, never did anything else with the social club thing, never had any issues either. It's like when people complain to me about Uplay's game launcher and how they hate Uplay, while as I love uplay, and their games, and have never once had an issue with my account or their game launcher or their servers.
#10 - How the **** do people still consider playing games by …  [+] (3 new replies) 11/06/2014 on GTA V Pc first person 0
#11 - thunderxcatsxhoooo (11/06/2014) [-]
Rockstar? Seriously? If anything throw COD into that category with a new shooter every damn year, GTA games come out once ever 4 or 5 years, they put a lot of time and money in their games to make them fantastic. Rockstar are saints.
#12 - fragman (11/06/2014) [-]
I wasn't talking about the game but the enforced "service" bullshit, i.e. Rockstar Social Club.
This is the worst fucking atrocity that has ever been coded.
User avatar #13 - thunderxcatsxhoooo (11/06/2014) [-]
I just signed up to have multiplayer in GTA 4, never did anything else with the social club thing, never had any issues either. It's like when people complain to me about Uplay's game launcher and how they hate Uplay, while as I love uplay, and their games, and have never once had an issue with my account or their game launcher or their servers.
#91 - My wife. jk obviously I'm not married 11/06/2014 on Oldest thing 0
#205 - Unless the webserver you're using to display the "outside… 11/06/2014 on fj #2 domain idea 0
#203 - I don't follow regarding the login question, please elaborate.…  [+] (2 new replies) 11/06/2014 on fj #2 domain idea 0
User avatar #204 - codebacon (11/06/2014) [-]
Well, I meant about having fake outside website or something. When you login you see FunnyJunk. That's just my though, I don't really know how those fucking shit wroks.(About "Security" systems).
#205 - fragman (11/06/2014) [-]
Unless the webserver you're using to display the "outside website" also acts as a proxy, it wouldn't really work since your computer would still try to request content from the original site. Take FJ as an example: When you're browsing to funnyjunk.com , your browser also sends out requests to other domains, like fjcdn.com (which is where images are stored for example). So if you were to block fjcdn.com you can still browse FJ, but won't see any images.
#133 - True. But execution of protable apps can be prohibited and the…  [+] (1 new reply) 11/05/2014 on fj #2 domain idea 0
#144 - gjsmo (11/05/2014) [-]
The big one is of course blocking portable apps. I can get around this by using a laptop with wifi or ethernet. You'd be surprised how easy it is to print a config page for a printer, get the MAC address and spoof it, and use that for ethernet. As in it takes about 30 seconds. Blocking the protocol is admittedly possible, but I find that it never happens especially due to its ability to disguise itself as HTTPS as you mentioned.

I should mention that school IT departments seem to be filled with the lowest payed, worst employees possible. I had an ethernet plug go out in a research lab, which prevented us from doing AD logins. This was out for a week and due to special software only installed in that lab, research was stalled for a week. At a research university. Believe it or not, they definitely *are* idiots.

Bottom line though I can get around it all, or at least everything in schools, if I feel like it. Then again sometimes it's just easier to use the Google "fresh proxies" group, which usually seems to work for the day that they're relevant.

items

Total unique items point value: 2050 / Total items point value: 2100
What do you think? Give us your opinion. Anonymous comments allowed.
User avatar #39 - myitems (07/04/2014) [-]
I've been advertising your channel skipper a lot lately, and someone suggested uploading a content for it. I did re-host it on userscripts, but if you don't mind I would like to upload a post about it. And yes, I have been making sure to give credit where it's due for you <3 It is an awesome thing.
#40 to #39 - fragman ONLINE (07/04/2014) [-]
sure, go ahead
User avatar #35 - DisgruntledTomato ONLINE (10/16/2013) [-]
Just a quick reminder, I still use your channel skipper <3
#36 to #35 - fragman ONLINE (10/17/2013) [-]
woah that is still a thing?
awesome, thanks
User avatar #37 to #36 - DisgruntledTomato ONLINE (10/17/2013) [-]
I don't know if others use it, but I still do. Probably going to write a UI for it as well. Pretty useful.
User avatar #33 - akkere ONLINE (06/19/2012) [-]
I decided to do an EZ setup
www.mediafire.com/?b5qdg8cez3563db

I wasn't able to finish it in time before the post was out of its 24 hour slot, but it has a readme with some instructions so you don't have to keep repeating yourself

What do you think?
User avatar #26 - venumb (06/18/2012) [-]
Is it alright if I take what you have so far and edit it and repost the results as long as I mention your name? I plan on adding GUI and other features other than Skipper. The auto thumb/thumb down will probably be in there too.

Really good work on the idea :)
#27 to #26 - fragman ONLINE (06/18/2012) [-]
I really wouldn't recommend the thumb down feature, there is a vote limit for a certain timespan which could have negative impact on functionality and would also motivate people to post their content outside the channel.
But expanding it in general, sure.
User avatar #28 to #27 - venumb (06/18/2012) [-]
I guess your right. I'll leave the thumbing out of the expanded release. I have other ideas that I'm am way more motivated on accomplishing anyway.
User avatar #21 - negrocop ONLINE (06/18/2012) [-]
If you want, I can make a quick step by step guide for you to post for Chrome users and how to edit the skipped channels.
#22 to #21 - fragman ONLINE (06/18/2012) [-]
this would be really nice. but since my 24 hour frame is almost done and this content will go back to the depths of *************** I dont think it will be necessary.
User avatar #23 to #22 - negrocop ONLINE (06/18/2012) [-]
Ah I truly doubt that. This was a huge step forward for FJ today, it'll be remembered for a while. And you could upload a Firefox guide and a Chrome guide for newbies in the following days. Especially probably around Thursday or Friday since a lot of Bendingtime posts will come about Saturday. There will be tons of bitchin about it. :P
#24 to #23 - fragman ONLINE (06/18/2012) [-]
good idea. I like it.
In this case it'd be wonderful if you could provide the chrome guide :)
#29 to #24 - negrocop ONLINE (06/18/2012) [-]
Rawr, this should be good.
Here is the Tampermonkey Beta link
chrome.google.com/webstore/detail/gcalenpjmijncebpfijmoaglllgpjagf
#31 to #29 - fragman ONLINE (06/18/2012) [-]
big yay for you, thx.
I think I'll have it ready by around thursday
User avatar #32 to #31 - negrocop ONLINE (06/18/2012) [-]
Sorry it took so long, I was PMing some people tryin to help them
User avatar #30 to #29 - negrocop ONLINE (06/18/2012) [-]
I'll have a friend try it out later with that when he gets home though
User avatar #25 to #24 - negrocop ONLINE (06/18/2012) [-]
I'll get to workin on it here in a few minutes :)
User avatar #12 - natedimes (06/18/2012) [-]
Which page did you fond the source code that showed the channels in an array?
User avatar #13 to #12 - natedimes (06/18/2012) [-]
find*
#14 to #13 - fragman ONLINE (06/18/2012) [-]
I don't quite get what you mean...
the code is fully hand-written
User avatar #15 to #14 - natedimes (06/18/2012) [-]
Oh, I thought you said that there was a way to edit the source code.
#16 to #15 - fragman ONLINE (06/18/2012) [-]
ah now I get it.
Depends on your browser. You might want to check out this if you're using chrome:
stackoverflow [DOT] com/questions/5258989/manually-adding-a-userscript-to-google-chrome
#17 to #16 - fragman ONLINE (06/18/2012) [-]
rest should be in the content description.
User avatar #18 to #17 - natedimes (06/18/2012) [-]
If you're referring to adding the channel skipper, don't worry about that it installed automatically :). I was just wondering about when you said that you could edit the source code so it only skips certain channels.
#19 to #18 - fragman ONLINE (06/18/2012) [-]
actually that's what I meant...
you'll need to find where the script is stored in order to edit it. that should be explained in the description pretty much, on the stackoverflow site you'll find the various user-datadir defaults for chrome.
then edit the file script.js in notepad++ or something like that
User avatar #20 to #19 - natedimes (06/18/2012) [-]
Ohhh ok now I get it :). Thank you, Sir.
User avatar #9 - missladyhalmighty (06/18/2012) [-]
You are a god. << Seriously, thank you.
#10 to #9 - fragman ONLINE (06/18/2012) [-]
you're welcome
User avatar #8 - fjdesign (06/18/2012) [-]
Good work my friend. I am truly proud of what you have done. If you ever need anything from us please do ask.
#11 to #8 - fragman ONLINE (06/18/2012) [-]
thank you.
#6 - Absolute Madman (06/18/2012) [-]
i ahve no ******* idea what a user scrpt is. how do i use it. inb4 newfag
#7 to #6 - fragman ONLINE (06/18/2012) [-]
I don't know you, and this is crazy...
but read the damn description maybe?

seriously the manual in there should be pretty straightforward
#34 to #7 - Absolute Madman (06/25/2012) [-]
**** you you, you analnutbag. go die in a ******* fire
#1 - Sunset has deleted their comment [-]
#2 to #1 - fragman ONLINE (06/16/2012) [-]
depends on your browser. if you're using firefox with greasemonkey, you can simply create a new user script (after you've defined a default userscript editor, e.g. notepad++) and paste the source code. then edit the array defined in line 9 to be filled with all the channels you'd like skipped, like this:
var skipit = new Array("channel1", "channel2", "channel3");
#3 to #2 - Sunset has deleted their comment [-]
#4 to #3 - fragman ONLINE (06/16/2012) [-]
this is a little ugly, but I don't know of any better way at this moment.
you'll find the script in C:\Users\%username%\AppData\Local\Google\Chrome\User Data\Default\Extensions\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\1_0\script.js
while "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" is a random string. I don't know how that's generated but if it's based on the script source code it should be "camaaaeklepkjffjiookkjabipiidofl".
In this folder there are two files, manifest.json and script.js (which is the one you can edit using any text editor and just save it)
#5 to #4 - Sunset has deleted their comment [-]
 Friends (0)