Detect Malicious File in Java using Apache Tika

Dear Friends,

We often need to upload files in our web application/portal, and we start analyzing the risks associated with the activity.
I've been doing this over quite a certain period and realized this could be really fatal to our application, especially when you are working on a Production server in live internet.

After looking a lot over internet, Apache again came up as a savior with the API Apache Tika

At the time of writing this blog, the latest stable version  of Tika is

Maven Link

<!-- https://mvnrepository.com/artifact/org.apache.tika/tika-core -->
<dependency>
    <groupId>org.apache.tika</groupId>
    <artifactId>tika-core</artifactId>
    <version>1.24</version>
</dependency>

to get results, we merely need two lines

1. to initialize tika

2. to detect tika , any inputStream or File etc (attaching the screenshot)

ex:

Tika tika=new Tika();

System.out.println("File Detect : "+tika.detect(inputStream));

result:

File Detect : image/png

File Detect : application/x-msdownload now this file is malicious even though the hacker tried uploading the file using any valid extension.

Thank You :)

MySQL Transnational Log

Dear User,

Today I'm sharing my learning to how to view the transactions logs that got generated while working with MySQL.

Steps
1. Goto
C:\ProgramData\MySQL\MySQL Server 8.0\Data

2. Open File based on your machine name like

Thank You :)

Tomcat Set Custom Common Error Page

Hi Fellas,

Today I'm sharing my learning to how to set custom common Error Page in Apache Tomcat.
Question: Why it is required ?
Answer: Minimal Answer ->Infosec Team.
Elaborate Anser -> When we do not set these pages, the default Error Page gives sensitive data like Server Version.
Steps do to it.
1. Remove all of the content of webapps other than your application.war/ear files.
2. Set the custom page.

Step 1.
Take a backup of all of the content of webapps.

BackUp of webapps

to keep in same directory

Doing this step will stop exposing the default applications.

Step 2.

This Step consists of two parts

Step A.
Open conf folder under tomcat root directory, and edit web.xml
Add these XML tags before the closing of <web-app>
i.e. in between
<web-app></web-app>

  <error-page>
        <error-code>404</error-code>
         <location>/error.jsp</location>
</error-page>
<error-page>
        <error-code>403</error-code>
         <location>/error.jsp</location>
</error-page>
<error-page>
         <error-code>500</error-code>
         <location>/error.jsp</location>
</error-page>

Step B.
Create a folder ROOT under webapps.
and create a error.jsp and restart the server.

Error Page Example.

Thank You :)

Spring Error: The prefix "util" for element "util:list" is not bound.

Hi Friends,

Today I'm sharing my Spring learning to how to resolve the error

The prefix "util" for element "util:list" is not bound.

Open spring.xml and add the following lines in the beans tag

xmlns:util="http://www.springframework.org/schema/util"

http://www.springframework.org/schema/util 
http://www.springframework.org/schema/util/spring-util.xsd"

screenshot example:

Redirect JBoss on Default HTTPS Port 443

Hi Folks,

Today I'm sharing my learning, how to redirect JBoss on port 443 i.e. default https Port.
For this first you have to enable https on JBoss, I've already shared the post please go through the Enable Https in JBoss.

Later open the standalone.xml and do a small change

Change this tag <socket-binding name="https" port="8443"/>

to <socket-binding name="https" port="443"/>.

restart the server and see the changes.

thank you :)

Enable HTTPS in JBoss

Hi Folks,

Today I'm sharing my learning to how to Enable HTTPS in JBoss Server.

1. First Generate a self signed SSL Certificate using keytool from command prompt/terminal with the following command.

keytool -genkey -alias awc -keyalg RSA -keystore awc.keystore -validity 365

Here awc is the alias name and the awc.keystore is the the name SSL Certificate and validity is 365 days.

Now place the certificate parallel to standalone.xml, at jboss-eap-6.2\standalone\configuration.

Now edit the standalone.xml, add the following entries just below the http connector.

<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" enable-lookups="false" secure="true">

<ssl name="foo-ssl" password="Welcome123#" protocol="TLSv1" key-alias="awc" certificate-key-file="../standalone/configuration/awc.keystore" />

</connector>

here alias name is the same name as we mentioned while creating the certificate, password same as in the certificate and certificate-key-file is the location of the certificate.

and the port number in the http tag like:

<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>

Now re-start the JBoss server and start using the https protocol.

Thank You :)

Install Maven on Windows/Linux/MAC

Hi Fellas,

Today I'm sharing my learning to how to install Maven on Windows & Linux & MAC.

• Download it from Maven Website.
• You can download Binary zip archive file.

Windows:

• Extract zip to a particular location.
• Create a Environment Variable with name M2_HOME and path to extracted Location.

• Append M2_HOME/bin to the user path as described in the image 

• Check the maven version by entering the maven command mvn --version

Linux:

• Ubuntu

1. Extract zip to a particular location.
2. Open .bashrc and add M2_HOME & append path with M2_HOME/bin
3. Check version with command mvn --version

.bashrc

terminal

• REDHAT & MAC

1.  enter the following command export M2_HOME = path to the extracted location
2.  export PATH=path to extracted location/bin:${PATH}
3. execute command mvn --version to check the results.

In case of any query feel free to connect me at pratikgaurav88@gmail.com

Thank You :)