Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

Wednesday, April 6, 2016

Debugging Toolbar For Rack Applications Implemented As Middleware - Rack-Bug


Rack::Bug adds a diagnostics toolbar to Rack apps. When enabled, it injects a floating div allowing exploration of logging, database queries, template rendering times, etc.


Features
  • Password-based security
  • IP-based security
  • Rack::Bug instrumentation/reporting is broken up into panels.
    • Panels in default configuration:
      • Rails Info
      • Timer
      • Request Variables
      • SQL
      • Active Record
      • Cache
      • Templates
      • Log
      • Memory
    • Other bundled panels:
      • Redis
      • Sphinx
    • The API for adding your own panels is simple and powerful

Rails quick start


script/plugin install git://github.com/brynary/rack-bug.git

In config/environments/development.rb, add:


config.middleware.use "Rack::Bug",
:secret_key => "someverylongandveryhardtoguesspreferablyrandomstring"

Add the bookmarklet to your browser:


open http://RAILS_APP/__rack_bug__/bookmarklet.html


Using with non-Rails Rack apps

Just 'use Rack::Bug' as any other middleware. See the SampleApp in the spec/fixtures folder for an example Sinatra app.
If you wish to use the logger panel define the LOGGER constant that is a ruby Logger or ActiveSupport::BufferedLogger


Configuring custom panels

Specify the set of panels you want, in the order you want them to appear:


require "rack/bug"

ActionController::Dispatcher.middleware.use Rack::Bug,
:secret_key => "someverylongandveryhardtoguesspreferablyrandomstring",
:panel_classes => [
Rack::Bug::TimerPanel,
Rack::Bug::RequestVariablesPanel,
Rack::Bug::RedisPanel,
Rack::Bug::TemplatesPanel,
Rack::Bug::LogPanel,
Rack::Bug::MemoryPanel
]


Running Rack::Bug in staging or production

We have have found that Rack::Bug is fast enough to run in production for specific troubleshooting efforts.

Configuration

Add the middleware configuration to an initializer or the appropriate environment files, taking the rest of this section into consideration.

Security

Restrict access to particular IP addresses:

require "ipaddr"

ActionController::Dispatcher.middleware.use "Rack::Bug"
:secret_key => "someverylongandveryhardtoguesspreferablyrandomstring",
:ip_masks => [IPAddr.new("2.2.2.2/0")]

Restrict access using a password:


ActionController::Dispatcher.middleware.use "Rack::Bug",
:secret_key => "someverylongandveryhardtoguesspreferablyrandomstring",
:password => "yourpassword"


Authors
  • Maintained by Bryan Helmkamp
  • Contributions from Luke Melia, Joey Aghion, Tim Connor, and more

Development

For development, you'll need to install the following gems: rspec, rack-test, webrat, sinatra




Share:

0 comentários:

Post a Comment

Note: Only a member of this blog may post a comment.

Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition