https://ankitmaurya.pages.dev/projects/ Recent content in Projects on Ankit Maurya Hugo en Sat, 15 Jun 2024 00:00:00 +0000 https://ankitmaurya.pages.dev/projects/mcp-monitoring/ Sat, 15 Jun 2024 00:00:00 +0000 https://ankitmaurya.pages.dev/projects/mcp-monitoring/ <p>This project is a proxy-based monitoring system for inspecting LLM context during conversations. It provides visibility into what&rsquo;s being sent to and from AI models.</p> <h2 id="features">Features</h2> <ul> <li><strong>Context Inspection</strong>: Monitor all prompts and responses going to LLM APIs</li> <li><strong>Security Logging</strong>: Capture and store interaction data for security analysis</li> <li><strong>Real-time Monitoring</strong>: Live view of active conversations</li> <li><strong>Data Export</strong>: Export conversation logs for analysis</li> </ul> <h2 id="architecture">Architecture</h2> <p>The tool sits as a proxy between your application and the LLM API, intercepting all traffic for inspection.</p> https://ankitmaurya.pages.dev/projects/cloudflare-tunnel/ Mon, 20 May 2024 00:00:00 +0000 https://ankitmaurya.pages.dev/projects/cloudflare-tunnel/ <p>A comprehensive guide to exposing self-hosted services securely using Cloudflare Tunnel and Nginx reverse proxy.</p> <h2 id="why-this-setup">Why This Setup?</h2> <ul> <li>No need to open ports on your firewall</li> <li>Automatic SSL/TLS encryption</li> <li>DDoS protection from Cloudflare</li> <li>Access control via Cloudflare Access</li> </ul> <h2 id="architecture-overview">Architecture Overview</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">User --&gt; Cloudflare --&gt; Tunnel --&gt; Nginx --&gt; Service </span></span></code></pre></div><h2 id="configuration-steps">Configuration Steps</h2> <ol> <li>Create a Cloudflare account and add your domain</li> <li>Install cloudflared on your server</li> <li>Configure the tunnel with your services</li> <li>Set up Nginx as a reverse proxy</li> <li>Configure SSL certificates</li> </ol> <h2 id="nginx-configuration">Nginx Configuration</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-nginx" data-lang="nginx"><span class="line"><span class="cl"><span class="k">server</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">server_name</span> <span class="s">service.example.com</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kn">ssl_certificate</span> <span class="s">/etc/ssl/certs/cert.pem</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">ssl_certificate_key</span> <span class="s">/etc/ssl/private/key.pem</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"> <span class="kn">location</span> <span class="s">/</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_pass</span> <span class="s">http://localhost:8080</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h2 id="security-considerations">Security Considerations</h2> <ul> <li>Enable authenticated origin pulls</li> <li>Use Cloudflare Access for sensitive services</li> <li>Implement rate limiting</li> <li>Log all access attempts</li> </ul> https://ankitmaurya.pages.dev/projects/n8n-automation/ Wed, 10 Apr 2024 00:00:00 +0000 https://ankitmaurya.pages.dev/projects/n8n-automation/ <p>Building an AI-powered automation system using n8n for security operations and workflow management.</p> <h2 id="overview">Overview</h2> <p>This system automates security tasks using n8n workflows, AI integrations, and various notification channels.</p> <h2 id="key-components">Key Components</h2> <ul> <li><strong>n8n Engine</strong>: Core workflow automation</li> <li><strong>Telegram Bot</strong>: Alert notifications and commands</li> <li><strong>Webhook Triggers</strong>: Integration with external services</li> <li><strong>AI Processing</strong>: GPT-based analysis and responses</li> </ul> <h2 id="workflow-examples">Workflow Examples</h2> <h3 id="security-alert-pipeline">Security Alert Pipeline</h3> <ol> <li>Receive webhook from security tool</li> <li>Parse alert data</li> <li>Send to AI for classification</li> <li>Route based on severity (Telegram/Email)</li> <li>Log to database</li> </ol> <h2 id="telegram-integration">Telegram Integration</h2> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-javascript" data-lang="javascript"><span class="line"><span class="cl"><span class="c1">// n8n Telegram node configuration </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nx">chatId</span><span class="o">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">TELEGRAM_CHAT_ID</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nx">text</span><span class="o">:</span> <span class="s2">&#34;Security Alert: {{ $json.alert_type }}&#34;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="nx">parse_mode</span><span class="o">:</span> <span class="s2">&#34;HTML&#34;</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> </span></span></code></pre></div><h2 id="benefits">Benefits</h2> <ul> <li>Automated incident response</li> <li>Reduced manual monitoring</li> <li>Faster alert routing</li> <li>Integration with existing tools</li> </ul> https://ankitmaurya.pages.dev/projects/jwt-analysis/ Tue, 05 Mar 2024 00:00:00 +0000 https://ankitmaurya.pages.dev/projects/jwt-analysis/ <p>Tools and techniques for analyzing JWT tokens for authentication vulnerabilities.</p> <h2 id="jwt-overview">JWT Overview</h2> <p>JSON Web Tokens (JWT) are commonly used for authentication but can introduce security issues if not implemented correctly.</p> <h2 id="common-vulnerabilities">Common Vulnerabilities</h2> <h3 id="algorithm-confusion-alg-none">Algorithm Confusion (alg: none)</h3> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-python" data-lang="python"><span class="line"><span class="cl"><span class="c1"># Exploit: Change alg to &#34;none&#34; and remove signature</span> </span></span><span class="line"><span class="cl"><span class="n">header</span> <span class="o">=</span> <span class="p">{</span><span class="s2">&#34;alg&#34;</span><span class="p">:</span> <span class="s2">&#34;none&#34;</span><span class="p">,</span> <span class="s2">&#34;typ&#34;</span><span class="p">:</span> <span class="s2">&#34;JWT&#34;</span><span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="n">payload</span> <span class="o">=</span> <span class="p">{</span><span class="s2">&#34;sub&#34;</span><span class="p">:</span> <span class="s2">&#34;1234567890&#34;</span><span class="p">,</span> <span class="s2">&#34;role&#34;</span><span class="p">:</span> <span class="s2">&#34;admin&#34;</span><span class="p">}</span> </span></span></code></pre></div><h3 id="key-confusion-rs256-to-hs256">Key Confusion (RS256 to HS256)</h3> <p>If the server uses RS256 but the library accepts HS256 with the public key as the secret.</p> <h2 id="analysis-tools">Analysis Tools</h2> <ul> <li>JWT.io for manual inspection</li> <li>Custom Python scripts for batch analysis</li> <li>Burp Suite extension for runtime inspection</li> </ul> <h2 id="validation-checklist">Validation Checklist</h2> <ol> <li>Verify signature with correct algorithm</li> <li>Check token expiration (exp claim)</li> <li>Validate audience (aud claim)</li> <li>Ensure proper key management</li> <li>Use strong secret keys (256-bit minimum)</li> </ol> <h2 id="best-practices">Best Practices</h2> <ul> <li>Always validate algorithm expected by your application</li> <li>Use asymmetric algorithms (RS256) when possible</li> <li>Implement token rotation</li> <li>Set appropriate expiration times</li> </ul>