<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <link rel="stylesheet" href="/styles/font-awesome/css/font-awesome.min.css" /> <link rel="stylesheet" href="/styles/styles.css" type="text/css" /> <link rel="stylesheet" href="/styles/affiliates.css" type="text/css" /> <link rel="stylesheet" href="/scripts/highlight/styles/railscasts.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Cookie" /> <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" /> <link rel="apple-touch-icon" href="/apple-touch-icon.png" /> <link rel="alternate" type="application/rss+xml" title="Latest Updates" href="https://digi.ninja/rss.xml" /> <link rel="manifest" href="/manifest.json" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta name="Author" content="Robin Wood - DigiNinja" /> <meta name="twitter:site" content="@digininja" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="theme-color" content="#272727" /> <script type="text/javascript" src="/scripts/highlight/highlight.pack.js"></script> <link rel="canonical" href="https://digi.ninja/blog.php" /> <title>The DigiNinja Blog - DigiNinja</title> <meta name="Description" content="My occasional thoughts, ideas and rants which don't become projects will end up here. Expect articles to be few and far between." /> <meta name="Keywords" content="blog,thought,index,thoughts,open source,projects,development,wifi,web,site,security,ethical,hacking,penetration,testing,website,application,ninja,digininja,freedom,software,karma,jasager,madwifi" /> <meta property="og:title" content="The DigiNinja Blog - DigiNinja" /> <meta property="og:description" content="My occasional thoughts, ideas and rants which don't become projects will end up here. Expect articles to be few and far between." /> <meta property="og:url" content="/blog.php" /> <meta property="og:image" content="https://digi.ninja/graphics/blog.png" /> <meta property="og:type" content="website" /> <meta property="og:sitename" content="DigiNinja" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:title" content="The DigiNinja Blog - DigiNinja" /> <meta name="twitter:description" content="My occasional thoughts, ideas and rants which don't become projects will end up here. Expect articles to be few and far between." /> <meta name="twitter:site" content="@digininja" /> <meta name="twitter:creator" content="@digininja" /> <meta name="twitter:domain" content="digi.ninja" /> <meta name="twitter:site" content="@digininja" /> <meta name="twitter:image" content="https://digi.ninja/graphics/blog.png" /> </head> <body> <div id="wrapper"> <div id="header"> </div><!-- header --> <div id="section"> <div id="nav"><!-- nav --> <ul><li><a class="link-breadcrumb" href="/">Home</a></li><li><a class="link-breadcrumb" href="/about.php">Hire me</a></li><li><a class="link-breadcrumb" href="/labs.php">Labs</a></li><li class="active"><a class="link-breadcrumb" href="/blog.php">Blog</a></li><li><a class="link-breadcrumb" href="/projects.php">Projects</a></li><li><a class="link-breadcrumb" href="/contact.php">Contact</a></li></ul><ul class="social"> <li><a title="RSS Feed" href="/rss.xml"><i class="fa fa-rss" aria-hidden="true"></i></a></li> <!-- twitter --> <li> <a title="Share on Twitter" id="twitter-share" href="https://twitter.com/share?text=The DigiNinja Blog&amp;url=https://digi.ninja/blog.php" rel="noopener" target="_blank"><i class="fa fa-twitter"></i></a> </li> <!-- facebook --> <li> <a title="Share on Facebook" id="facebook-share" href="https://www.facebook.com/sharer/sharer.php?u=https://digi.ninja/blog.php" rel="noopener" target="_blank"><i class="fa fa-facebook"></i></a> </li> <!-- google plus --> <li> <a title="Share on Google+" id="google-plus-share" href="https://plus.google.com/share?url=https://digi.ninja/blog.php" rel="noopener" target="_blank"><i class="fa fa-google-plus"></i></a> </li> <!-- pinterest --> <li> <a title="Share on Pintrest" id="pinterest-share" href="https://pinterest.com/pin/create/button/?url=https://digi.ninja/blog.php&amp;description=The DigiNinja Blog" rel="noopener" target="_blank"><i class="fa fa-pinterest"></i></a> </li> <!-- linkedin --> <li> <a title="Share on LinkedIn" id="linked-in-share" href="https://www.linkedin.com/shareArticle?mini=true&amp;url=https://digi.ninja/blog.php&amp;title=The DigiNinja Blog" rel="noopener" target="_blank"><i class="fa fa-linkedin"></i></a> </li> <!-- reddit --> <li> <a title="Share on Reddit" id="reddit-share" href="https:////www.reddit.com/submit?url=https://digi.ninja/blog.php&amp;title=The DigiNinja Blog" rel="noopener" target="_blank"><i class="fa fa-reddit"></i></a> </li> <!-- hacker news --> <li> <a title="Share on Hacker News" id="hacker-news-share" href="https://news.ycombinator.com/submitlink?u=https://digi.ninja/blog.php&amp;t=The DigiNinja Blog" rel="noopener" target="_blank"><i class="fa fa-hacker-news"></i></a> </li> </ul> </div><!-- nav close --> <div id="banner"></div> <div id="content" class="clearfix"> <div id="article" class="clearfix"> <h1><span>Blog</span></h1> <ul class="breadcrumbs"> <li><a class="link-breadcrumb" href="/">Home</a></li><li><a class="link-breadcrumb" href="/blog.php">Blog</a></li> </ul> <p>I've always been more of a coder than a writer so entries here may be few and far between but I do have some ideas for things I'd like to get off my chest so check back occasionally or keep an eye on the RSS feed just in case.</p> <ul> <li><a class="link-title" href="/blog/ninja_run_22.php">SteelCon 2022 Ninja Run</a>As SteelCon is back for 2022, so is the Ninja Run.</li> <li><a class="link-title" href="/blog/cracked_flask.php">Cracked Flask Lab</a> A brief description of how to crack Flask session cookies and an introduction to the Cracked Flask Lab.</li> <li><a class="link-title" href="/blog/wsl2_dns.php">WSL2 DNS Oddness</a> The DNS server used by WSL2 does not return records in the same format as a normal DNS server.</li> <li><a class="link-title" href="/blog/split_xss.php">Splitting XSS Payloads</a> Splitting an XSS payload over more than one input to get around size limits and filtering.</li> <li><a class="link-title" href="/blog/alert_hijack.php">Alert Function Hijacking</a> Overriding the JavaScript alert function to find a hidden XSS.</li> <li><a class="link-title" href="/blog/cors_demos.php">The CORS Demos</a> A set of CORS requests and responses to demonstrate all the different permutations.</li> <li><a class="link-title" href="/blog/entering_community.php">Entering a new community</a> A story about sometimes having to push through elitism to get to the real community.</li> <li><a class="link-title" href="/blog/ninja_run_19.php">SteelCon 2019 Ninja Run</a> An offer to take some friends running during SteelCon 2019.</li> <li><a class="link-title" href="/blog/ots_tls_cert.php">TLS certs for internal OTS hardware</a> A walkthrough of a process which allows off the shelf hardware to automatically acquire a valid TLS certificate on startup.</li> <li><a class="link-title" href="/blog/jsurixss.php">An odd quirk with XSS through JavaScript URI</a> Working through debugging why an easy XSS exploit was failing.</li> <li><a class="link-title" href="/blog/becoming_accessible.php">Becoming More Accessible</a> A call out to readers to help me make the blog more accessible.</li> <li><a class="link-title" href="/blog/pipelining.php">Using HTTP Pipelining to hide requests</a> Examples of how to use HTTP Pipelining to hide requests/</li> <li><a class="link-title" href="/blog/cloudflare_example.php">Domain Fronting with Cloudflare</a> A worked example of using ESNI to do domain fronting through Cloudflare.</li> <li><a class="link-title" href="/blog/cloudfront_example.php">Domain Fronting with Cloudfront</a> A worked example of setting up domain fronting using AWS CloudFront.</li> <li><a class="link-title" href="/blog/domain_fronting.php">A 101 on Domain Fronting</a> An introduction to domain fronting with examples.</li> <li><a class="link-title" href="/blog/hiding_bash_history.php">Hiding from Bash history</a> Some research on how to hide commands from the Bash history.</li> <li><a class="link-title" href="/blog/svg_xss.php">Protecting against XSS in SVG</a> An investigation of different ways to protect a site against malicious scripts stored in SVG files.</li> <li><a class="link-title" href="/blog/vulndap_walkthrough.php">vuLnDAP Walkthrough</a> A walkthrough of my <a href="/projects/vulndap.php">vuLnDAP</a> project.</li> <li><a class="link-title" href="/blog/pippa_steelcon_logic.php">Pippa's SteelCon Logic Challenge</a> In 2017, Pippa was learning about cryptography and set a couple of crypto challenges for the SteelCon kids track, this year we are working on logic gates so she has set a challenge based on that.</li> <li><a class="link-title" href="/blog/lighttpd_rewrite_bypass.php">Invalid HTTP requests and bypassing rewrite rules in lighttpd</a> Using an invalid HTTP request to bypass rewrite rules in lighttpd and the story of how I found the problem.</li> <li><a class="link-title" href="/blog/snmp_to_shell.php">SNMP Config File Injection to Shell</a> A walk through from getting injection into an SNMP config file to getting a shell.</li> <li><a class="link-title" href="/blog/dotnetsheff_headers.php">dotnetsheff Headers and Cookies Slides</a> A copy of the slides from my <a href="https://dotnetsheff.co.uk/">dotnetsheff</a> talk on HTTP security headers and cookies.</li> <li><a class="link-title" href="/blog/programming_with_google.php">Programming With Google</a> The slides and video from my talk at Wild West Hackinfest on programming by copying and pasting from Google.</li> <li><a class="link-title" href="/blog/telnet_shellshock.php">Shellshock and the Telnet USER Variable</a> quick example of how to exploit the Shellshock vulnerability on telnet by the USER variable.</li> <li><a class="link-title" href="/blog/xss_steal_csrf_token.php">Stealing CSRF tokens with XSS</a> Techniques using both raw JavaScript and jQuery to use XSS to grab a CSRF token and then submit the form it protects.</li> <li><a class="link-title" href="/blog/mutual_auth.php">Web App Mutual Authentication Fail</a> A write up on how a common mutual authentication scheme used by a number of banks can be easily proxied and turned against the bank.</li> <li><a class="link-title" href="/blog/crashplan.php">Accidentally Sharing CrashPlan Data</a> A story of how Christmas generosity resulted in a friend's files being accessible by all his family.</li> <li><a class="link-title" href="/blog/christian_bruhin_plagiarism.php">The plagiarism of Christian Bruhin</a> Christian Bruhin's site takes RSS feeds from popular sites and publishes them without proper credit or attribution. </li> <li><a class="link-title" href="/blog/rdp_show_login_page.php">Windows RDP client, show login page</a> A short how-to on getting the Windows RDP client to show the server login page rather than ask for credentials itself.</li> <li><a class="link-title" href="/blog/murder_heart.php">SANS Murder Board Heart Rate</a> The results of a small experiment to see what my heart rate was like during my SANS instructor murder board.</li> <li><a class="link-title" href="/blog/asking_for_help.php">Asking For Technical Help</a> I see a lot of requests for technical help with tools and projects, some good, some bad. This post covers what I like to see when someone asks a question.</li> <li><a class="link-title" href="/blog/git_hooks.php">Catching API Keys With Git Hooks</a> Using Git hooks to prevent sensitive information, such as API keys, from ending up in Git repos.</li> <li><a class="link-title" href="/blog/enable_right_click.php">Re-enabling the browser right click</a> A couple of options to re-enable right click when testing a web app.</li> <li><a class="link-title" href="/blog/missing_a_vuln.php">Missing a vulnerability</a> Asking the question, when it is acceptable to miss a vulnerability on a test.</li> <li><a class="link-title" href="/blog/ee_no_password_change.php">EE, Why no password change?</a> Trying to understand why the EE web portal doesn't have a password change feature on its web portal.</li> <li><a class="link-title" href="/blog/xss_through_csrf.php">XSS Through CSRF</a> A short guide to exploiting POST based reflected XSS using CSRF and iframes.</li> <li><a class="link-title" href="/blog/interactive_pentesting.php">Interactive Pentesting</a> A write up of my recent experiences of getting clients involved during testing.</li> <li><a class="link-title" href="/blog/hacking_nasl.php">Hacking NASL scripts</a> A quick how-to on modifying Nessus NASL scripts to remove password obfuscation.</li> <li><a class="link-title" href="/blog/wifi_leakage.php">Tech for Troops slides</a> These are my slides on Wi-Fi leakage from the 2016 Tech for Troops conference.</li> <li><a class="link-title" href="/blog/sony_hack.php">The Sony Hack</a> A short article to cash in on all the page hits that are going around because of the Sony hack.</li> <li><a class="link-title" href="/blog/thanks_hackers.php">Thank you hackers</a> Rather than focus on a negative troll I want to say thank you to our amazing hacker community.</li> <li><a class="link-title" href="/blog/pipal_kippo.php">Pipal Kippo Log Parser</a> Pipal gets a Kippo log parser to show what passwords attackers are using when brute forcing SSH servers.</li> <li><a class="link-title" href="/blog/pipal_email_checker.php">Pipal email checker</a> A new Pipal checker which looks at the relationship between email addresses and passwords.</li> <li><a class="link-title" href="/blog/ebay.php">Comments on eBay password policies</a> My opinion of the eBay password reset policy which prevents pasting and caps at 20 characters.</li> <li><a class="link-title" href="/blog/reproduce_report.php">Reproducing Vulnerabilities in Test Reports</a> My thoughts on including steps to reproduce vulnerabilities in test reports</li> <li><a class="link-title" href="/blog/rip_v2.php">Exploiting RIPv2</a> Part two of exploiting RIP. Here I look at RIPv2 along with its authentication mechanisms and how to crack them</li> <li><a class="link-title" href="/blog/gmail_dos.php">Tracking down an accidental Gmail DoS</a> Write up of my efforts to track down what turned out to be an accidental DoS against my Gmail account</li> <li><a class="link-title" href="/blog/rip_v1.php">Exploiting RIP</a> How to set up a GNS3 lab with RIP and then exploit it</li> <li><a class="link-title" href="/blog/abusing_dtp.php">Abusing Dynamic Trunking Protocol - DTP</a> Using Cisco DTP to change a switch port from access to trunk mode</li> <li><a class="link-title" href="/blog/gns_vbox_vlan_lab.php">Adding VLANs to the GNS3/VirtualBox Lab</a> Expanding the lab to add VLANs and then jump between them</li> <li><a class="link-title" href="/blog/gns_vbox_basic_lab.php">Integrating GNS3 and VirtualBox</a> The first part of a series integrating GNS3 and VirtualBox to build a lab to play with layer 2 attacks</li> <li><a class="link-title" href="/blog/modsecurity_lab.php">Building a lab with ModSecurity and DVWA</a> A guide on how to set up a lab containing ModSecurity and DVWA</li> <li><a class="link-title" href="/blog/zap_web_sockets.php">OWASP ZAP and WebSockets</a> Part one of my introduction to WebSockets, a general introduction to ZAP and WebSockets</li> <li><a class="link-title" href="/blog/zap_fuzzing.php">Fuzzing WebSockets with ZAP</a> Part two of my introduction to WebSockets, this one focuses on fuzzing</li> <li><a class="link-title" href="/blog/pipal_goes_modular.php">Checkers and Splitters - Pipal Goes Modular</a> Pipal now has a modular structure allowing you to write your own Checkers and Splitters, this is a brief introduction to how they both work</li> <li><a class="link-title" href="/blog/brucon_5x5.php">My successful entry in the BruCON 5x5 competition</a> How I'm going to spend my share of the &euro;25,000</li> <li><a class="link-title" href="/blog/report_writing_comp.php">An idea for a report writing competition</a> A lot of conferences have CTFs but how about testing people's report writing skills as well?</li> <li><a class="link-title" href="/blog/dns_wildcard_recon.php">DNS Reconnaissance against wildcard domains</a> How to sort the wheat from the chaff when enumerating DNS servers which use wildcard records</li> <li><a class="link-title" href="/blog/hakin9_spam_kings.php">Hakin9 - The Kings Of Spam</a> About once a fortnight I get a request to write an article for Hakin9 or one of its sister publications, this article details my attempts to stop this spam</li> <li><a class="link-title" href="/blog/corelan.php">A review of the Corelan Live Win32 Exploit Dev Bootcamp</a> My experience of doing the course at BruCON 2012</li> <li><a class="link-title" href="/blog/zodiac_passwords.php">Are signs of the zodiac used as passwords?</a> I was wondering why dragon and monkey come up so often in Pipal analysis of password lists so I thought about the Chinese Zodiac</li> <li><a class="link-title" href="/blog/group_password.php">Did you know that Linux groups can have passwords?</a> I didn't till this afternoon, here is how you set them up</li> <li><a class="link-title" href="/blog/web_frameworks.php">Are secure web frameworks reducing long term security?</a> Why I think developers should always think about security, even when someone else is taking care of it for them</li> <li><a class="link-title" href="/blog/owasp_leeds.php">OWASP Leeds presentation slides</a> A copy of my slides from OWASP Leeds covering the perils of autoconfiguring web cams with a bonus set presenting "Whats in Amazon's buckets"</li> <li><a class="link-title" href="/blog/check_ctl.php">My CHECK Team Leader Web App Exam</a> How I found the CHECK Team Leader Web Application exam</li> <li><a class="link-title" href="/blog/burp_intruder_types.php">Burp Intruder Attack Types</a> A description of the different attack modes in Burp Intruder.</li> <li><a class="link-title" href="/blog/compress_filter_avoidance.php">Using decompression to avoid filters</a> Decompressing data to get it past filters such as IDS.</li> <li><a class="link-title" href="/blog/buggy_push.php">Bliss Buggy Push</a> Photos of my fancy dress buggy push for Bliss and a huge thanks to sponsors and supporters.</li> <li><a class="link-title" href="/blog/analysing_mobile_me.php">Analysing Mobile Me</a> Analysis of the content I found when trawling Mobile Me accounts looking for public information.</li> <li><a class="link-title" href="/blog/mobile_me_madness.php">Mobile Me Madness</a> A brief description of how Mobile Me allows access to its file listings and how to interpret them.</li> <li><a class="link-title" href="/blog/analysing_amazons_buckets.php">Analysing Amazon's Buckets</a> This application trawls Amazon's S3 system looking for public buckets and returns a list of the contents of any found.</li> <li><a class="link-title" href="/blog/whats_in_amazons_buckets.php">Whats in Amazon's buckets?</a> The description of how I wrote a tool to brute force bucket names from the Amazon S3 system and then take it a step further.</li> <li><a class="link-title" href="/blog/tomcat_laundanum.php">Going to WAR on Tomcat with Laundanum</a> Using Laundanum to attack Tomcat servers.</li> <li><a class="link-title" href="/blog/cleartext_creds.php">A little trick to extract FTP details</a> Setting up fake servers then capturing the clear text.</li> <li><a class="link-title" href="/blog/double_tunnel.php">Double tunnels to help a colleague in distress</a> Setting up SSH tunnels to allow external access to an internal network.</li> <li><a class="link-title" href="/blog/tiger_ctm.php">Tiger Scheme Check Team Member Exam</a> A review of the Check Team Member exam.</li> <li><a class="link-title" href="/blog/when_all_you_can_do_is_read.php">When All You Can Do Is Read</a> A look at what files are good to try to read when all you have is read only access to a machine, i.e. no directory listing ability.</li> <li><a class="link-title" href="/blog/nessus_over_sock4a_over_msf.php">Nessus Through SOCKS Through Meterpreter</a> Nessus Through SOCKS Through Meterpreter - Using a Meterpreter pivot and a SOCKS proxy to run Nessus scans through a compromised machine.</li> <li><a class="link-title" href="/blog/http_banner_grab_dir.php">HTTP Banner Grabbing Beyond The Root</a> Where do you do your web banner grabbing, just in the root?</li> <li><a class="link-title" href="/blog/pages_linux.php">Viewing Pages documents in Linux</a> A short shell script to display a document created in Pages in Linux</li> <li><a class="link-title" href="/blog/pocket_trojan.php">The Trojan in your pocket</a> Do you know what your phone is doing?</li> <li><a class="link-title" href="/blog/finding_interesting_db_data.php">Finding "interesting" columns in MSSQL databases</a> Automating searching through MSSQL databases for interesting data.</li> <li><a class="link-title" href="/blog/ultrasound.php">The best scan result ever</a> This ultrasound scan result beats any result I've seen from Nessus, Nikto or Nmap. I'm going to be a daddy!</li> <li><a class="link-title" href="/blog/giskismet_ignore_gps.php">Kismet log manipulation with GISKismet</a> A patch to GISKismet so it will import Kismet data which doesn't include GPS positions.</li> <li><a class="link-title" href="/blog/door.php">Whats behind the door?</a> I really want to know what is behind this door!</li> <li><a class="link-title" href="/blog/password_experiment.php">Would you give out your password?</a> A write up of an experiment where I asked a class to give me their passwords.</li> <li><a class="link-title" href="/blog/secvidofday.php">#secvidofday</a> My security video of the day.</li> <li><a class="link-title" href="/blog/ap_collection.php">AP Collection</a> A selection of AP's I tested as part of some rogue AP detection.</li> <li><a class="link-title" href="/blog/pentesterscripting.php">PenTester Scripting</a> How I got myself into yet another project.</li> <li><a class="link-title" href="/blog/gourmet_beef.php">Gourmet BeEF</a> A great photo advert for the BeEF project.</li> <li><a class="link-title" href="/blog/microsd.php">Micro SD Card Reader</a> A quick shot of a new micro SD card reader I got.</li> <li><a class="link-title" href="/blog/untrusted_vms.php">Untrusted VMs</a> Trojaning VMs and live CDs.</li> <li><a class="link-title" href="/blog/cardbus_convertor.php">Cardbus Converter</a> Convert old PCMCIA cards to PC Express.</li> </ul> </div><!-- article close --> <div id="aside"> <h3><span>Recent Archive</span></h3> <ul> <li><a href="/blog/ninja_run_22.php">SteelCon Ninja Run 2022</a></li> <li><a href="/blog/cracked_flask.php">Cracked Flask Lab</a></li> <li><a href="/blog/wsl2_dns.php">WSL2 DNS Oddness</a></li> <li><a href="/blog/split_xss.php">Splitting XSS payloads</a></li> <li><a href="/blog/alert_hijack.php">Alert Function Hijacking</a></li> <li><a href="/blog/cors_demos.php">The CORS Demos</a></li> <li><a href="/blog/entering_community.php">Entering a new community</a></li> <li><a href="/blog/ninja_run_19.php">Out running with friends at SteelCon 2019</a></li> <li><a href="/blog/jsurixss.php">An odd quirk with XSS through JavaScript URI</a></li> <li><a href="/blog/becoming_accessible.php">Becoming More Accessible</a></li> <li><a href="/blog/pipelining.php">Using HTTP Pipelining to hide requests</a></li> <li><a href="/blog/cloudflare_example.php">Domain Fronting with Cloudflare</a></li> <li><a href="/blog/cloudfront_example.php">Domain Fronting with CloudFront</a></li> <li><a href="/blog/domain_fronting.php">A 101 on Domain Fronting</a></li> <li><a href="/blog.php">More ...</a></li> </ul> <div> <h3><span>Support The Site</span></h3> <p> I don't get paid for any of the projects on this site so if you'd like to support my work you can do so by using the affiliate links below where I either get account credits or cash back. Usually only pennies, but they all add up. </p> <div class="amazon-links"> <p> <a class="bmc-button" target="_blank" href="https://www.buymeacoffee.com/digininja"><img src="/styles/images/bmc-new-btn-logo.png" alt="Buy me a smoothie" /><span>Buy me a smoothie</span></a> </p> <p> <a id="tpw-button" href="https://www.theproteinworks.com/referral-program/MTMyODg0NGoydA==/"><img src="/styles/images/tpw.png" alt="The Protein Works" /></a> </p> </div> </div> </div><!-- aside --> </div><!-- content close --> </div><!-- section close --> <div id="footer"> <p id="designedby"> All content created by <a href="https://twitter.com/digininja" rel='author'>Robin Wood</a> unless otherwise stated </p> </div><!-- footer --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-9T9CFM6WE0"></script> <script type="text/javascript" src="/google_analytics.js"></script> </div><!-- wrapper close --> </body> </html>