Ubuntu .desktop WebApps

If you use a web app a lot, you’re running Gnome and want it to appear in the dash and dock you can create a custom .desktop file. This is really useful if you work with office applications and want to have Outlook to appear as an app.

Create your app under /usr/share/applications/ e.g. Twitter

sudo vim /usr/share/applications/webapp-twitter.desktop
#!/usr/bin/env xdg-open
[Desktop Entry]
Comment=Twitter desktop webapp
#Exec=webapp-container --store-session-cookies --webappUrlPatterns=https?://*.twitter.com* --user-agent-string='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36 Edg/85.0.564.44' https://twitter.com/home %u
Exec=/opt/google/chrome/google-chrome --app=https://twitter.com/home

Put the icon under /usr/share/pixmaps – grab it from here

It’s important to know the value of “StartupWMClass” as you want your app to appear with its own logo and not be grouped with Chrome.

Open a terminal and type

xprop WM_CLASS

This will display a little crosshair where you simply click the window of your newly created app and should display in your terminal e.g.

WM_CLASS(STRING) = "twitter.com__home", "Google-chrome"

Simply paste the value, in this case “twitter.com__home” into the .desktop file and save.




SSH SOCKS Tunnel with an HTTP Proxy (Burp)

You have an Internet connection but there’s restrictions on what sites you can visit etc. To get around this you can use an SSH SOCKS tunnel.


SSH Server

First off make sure you have an Internet facing SSH server. You can grab a pretty cheap VPS for ~€10 a year – https://securedragon.net/#openvz

SSH should be set up on the server. If not you’ll have to set it up.

Change the port its listening on to reduce the amount of bots scanning port 22. Edit the following file with your fav text editor (vim);


Change the port to something other than port 22.

port 22 -> port 40001

Restart the SSH server (Debian/Ubuntu)

service ssh restart


SSH Client config

For passwordless login, on your client generate an SSH key

ssh-keygen -t rsa

Upload it to your remote SSH server

ssh-copy-id user@x.x.x.x

Create a SOCKS proxy

ssh -p 40001 -D 9999 -CqN user@x.x.x.x

-p: Specify the port the SSH server is listening on (if not running on port 22)
-D: Sets up a SOCKS tunnel over SSH on a specified port number
-C: Compresses the data before sending it
-q: Set quiet mode
-N: No command to be sent over SSH – we just want a tunnel

You can put all this in your .bashrc to quickly run it from a terminal.

alias sshtunnel="ssh -p 40001 -D 9999 -CqN user@x.x.x.x"

Now simply type sshtunnel to run!

Note: ssh -D opens a local port without having a specific endpoint like with -L. Running ssh -L 9999:google.com:80 and in the browser if you hit localhost:9999 you’ll go to google.com.

With ssh -D 9999 you’re telling the browser to use localhost:9999 as a SOCKS proxy. Everything your browser requests goes through the ssh tunnel. It’s as if you were browsing the web from your ssh server instead of from your computer.


Browser Set up

Using Firefox with FoxyProxy (to quickly switch between proxies) set up the browser to route through the proxy.

Proxy Type: SOCKS5
IP: localhost
Port: 9999


Go to http://www.whatsmyip.org/ to verify your IP is that of your SSH server.


HTTP Proxy setup (Burp / ZAP)

Now if you want to use an HTTP proxy with the browser instead of;

Browser -> SOCKS proxy (SSH tunnel) -> Internet

you’ll have to set up

Browser -> HTTP proxy (Burp) -> SOCKS proxy (SSH Tunnel) -> Internet

Firstly create a new FoxyProxy profile for HTTP

Proxy Type: HTTP
Title: Burp
IP: localhost
Port: 9999


Now configure Burp suite to go through the SSH SOCKS tunnel

User options -> SOCKS Proxy

Use SOCKS proxy: ✓
SOCKS proxy host: localhost
SOCKS proxy port: 9999



Again go to http://www.whatsmyip.org/ to verify your IP is that of your SSH server. Check the Proxy -> HTTP History tab to verify the traffic is running through Burp.



HTTP2 traffic in Wireshark

Since HTTP/2 is supported in Firefox 36 and there is a partially functional http2 dissector in Wireshark I thought I’d take a look at what HTTP/2 packets look like in Wireshark. I’m using Kali where I needed to grab the following;

  • Wireshark dev – 1.99.2
  • Firefox 36

Firefox 36 by default uses TLS 1.2 when communicating over HTTP/2 you can view HTTP/2 traffic in the ‘Network’ tab in Firefox’s developer tools (f12).


To see these packets in Wireshark you need to point Wireshark at the SSLKEYLOGFILE that is written by NSS. This enables you to see the http2 packets and decrypt any encrypted data over SSL, TLS etc. Here’s a quick set up to get that up and running;


  • wget https://1.eu.dl.wireshark.org/src/wireshark-1.99.2.tar.bz2 -O /opt/
  • tar -jxf wireshark-1.99.2.tar.bz2

Install dependencies

  • apt-get install libpcap-dev

Configure and install

  • cd wireshark-1.99.2
  • ./configure --with-gtk2
  • make && make install

Edit /etc/ld.so.conf

Add the line > include /usr/local/lib

Then run the command ldconfig

Run Wireshark > ./wireshark


  • wget firefox -O /opt
  • tar -jxf firefox-36.0.tar.bz2

Make a file on the file system and set an environment variable enabling NSS to write key logs so that Wireshark can decrypt any TLS traffic.

  • mkdir ~/tls && touch ~/tls/sslkeylog.log
  • export SSLKEYLOGFILE=~/tls/sslkeylog.log

Run Firefox (within the same terminal you set the environment variable or add the env. variable to your .bashrc) > ./firefox


Point Wireshark to the sslkeylog.log so that it can decrypt TLS traffic.

  • Edit -> Preferences -> Protocols -> SSL
  • (Pre)-Master-Secret log filename -> /root/tls/sslkeylog.log


Start a new live capture in Wireshark and in Firefox navigate to an HTTP/2 enabled website e.g. https://twitter.com and view the HTTP/2 packets.