In this blog post I will explain how to configure your browser to use the OWASP ZAP Proxy to click through a web application running on local host. Also I will explain its various findings and how to solve them.
Configuring OWASP Zap
I will be using OWASP Zap version 2.2.2, which can be downloaded here. As its a proxy it will sit between your browser and the web application allowing it to inspect all traffic. Think of it as a man-in-the-middle :-). The first thing that needs to be done is making sure that your browser is using the ZAP as a proxy. If you're using Firefox 24 or better you're in luck as version 2.2.2 contains the a 'Plug and Hack' feature which allows automatic configuration of Firefox and includes a command line interface in the browser. The button is on the Quick Start page in ZAP.
For all other browsers, you will need to open your connection settings and configure a proxy.
- Chrome : 'settings' -> 'show advanced settings' -> 'network' -> 'Change proxy settings'
- Internet explorer : 'tools' -> 'internet options' -> 'connections' -> 'LAN settings'
Make sure you set the host to localhost and the port to 8080, these are the default ZAP proxy ports. Make sure to use these settings for all protocols.
Now when you surf to a website the ZAP proxy will log all HTTP requests and responses and tell you if something is wrong with them.
Starting your web application
Most of the time when I develop a web application I let it run on port 8080. In this case that is not possible as the ZAP proxy is using that port. Also its using port 8081 for its AJAX proxy. So the web application needs to be reconfigured running on a different port. If you're using the tomcat7-maven-plugin its easy as you can just change the port in the configuration tag to another value, like 8082. Alternatively you can reconfigure ZAP to use a different port in 'tools' -> 'options' -> 'Local proxy'. Remember to also reconfigure your browser to use the changed proxy port.
Now with your web application and ZAP running, point your browser to the URL of the application and hit enter and see what happens!
You will notice that the URLs you navigate and all the resources required to render the page will be displayed in the Sites tab on the left of the screen (you can expand the nodes to see a directory like view of all URLs accessed). In the middle section of the screen there are the request and response tabs. Here you can examine all the details headers and content of the request and responses. In the bottom of the screen there are History, logging all requests sequentially, and the Alerts tab. When there is something potentially wrong with a request or response a warning will appear here. In the right part of this tab there is an explanation of the issue. Clicking on the URL with the alert will display the offending part in the response tab.
Also notice the top left drop down box, it allows you to set the mode ZAP is working in. Safe mode is sufficient for now, the other options, protected and standard mode, also allow offensive tests to be performed.
While navigating through your web application, more and more warnings will appear (at least it did with mine :-) Below I have compiled a list of the alerts I was able to create and what can be done about them in terms of Java software development.
Common Alerts and their Solutions
Session ID in URL rewrite (Medium Risk)
The container or web application is using URL rewriting to put the Session ID in the URL. This is typically used as a fallback if the browser doesn't support cookies as a session mechanism. When the Session ID is in the request it may be bookmarked, cached or disclosed in the
referer
header. This is bad as it allows session hijacking.Solving this alert is easy if you have a Servlet 3.0 web container, just put the following snipped in the
web.xml
. It will instruct the container to just use cookies.
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
If you use a container supporting an older Servlet specification where are container specific ways to do this. For example in Tomcat 6 you can put the
disableURLRewriting="true"
attribute in the context.xml.Referer expose session ID (Medium Risk)
This is actually the same as the above alert only this time it warns about a link to an external host which may allow the Session ID to be exposed using the HTTP
referer
header. The referer header tells the website receiving the request who referred to them (and yes, referer is a typo which got into the HTTP specification ;-)Secure pages including mixed content (Medium Risk)
This alert is given when the page itself is delivered through HTTPS but some of its resources (such as images and scripts) are not. This lowers the trustworthiness of the page as the unsecured parts of the page may be sniffed or fall victim to a man in the middle attack. The solution? Make sure all your resources are delivered over HTTPS. Yes, blog.42.nl is an excellent example of this warning :-)
Application Error disclosure (Medium Risk)
This alert is triggered when ZAP thinks an error message containing implementation details (such as a stacktrace or a file path) is present in the response. This is bad as this information can be used to launch further attacks against the web application. The solution? Have a generic error page and log the stacktrace. In the Servlet API 3.0 this can be done in a one-liner in the web.xml. For older Servlet versions a little more work is needed.
<!-- Servlet API 3.0 -->
<error-page><location>/oops.html</location></error-page>
<!-- Older Servlet API versions (more HTTP error codes may be required) -->
<error-page><error-code>500</error-code><location>/oops.html</location></error-page>
<error-page><error-code>503</error-code><location>/oops.html</location></error-page>
Content-Type header missing (Low Risk)
If the Content-Type header is missing in the response the browser must guess the content.
Cookie no http-only flag (Low Risk)
If a cookie has no http-only flag its accessible from JavaScript. When the page has a cross site scripting (XSS) vulnerability the value of the cookie may be stolen and used to hijack the session if its a session cookie. Make sure that the http-only modifier is set on the cookie. There are various ways to do it. The easiest is when you have a Servlet API 3.0 container, there you can just declare it in the web.xml:
web.xml
<session-config>
<cookie-config>
<http-only>true</http-only>
</cookie-config>
<session-config>
Cookie without secure flag (Low Risk)
The secure flag of a cookie makes sure that the cookie is only used over HTTPS connections. If it is not set, it may also be used over non HTTPS connections allowing for session hijacking. In a Servlet API 3.0 container you can set the secure tag to true in the
web.xml
to make the cookie https only.Cross-domain JavaScript source file inclusion (Low Risk)
The page includes one or more script files from a third-party which is outside the control of this web application and as such may contain 'unexpected' functionality.
Incomplete or no cache-control and pragma HTTPHeader set (Low Risk)
Part of the browsers functionality is to cache downloaded pages and resources. This speeds up browsing. However, in most web applications a page is different on each request so caching must be disabled. In most cases the
no-cache, must-revalidate
options are sufficient, however if your page holds data of a personal nature additional options are required. no-store
disallows storing the page and private
disallows caching by a shared cache such as a proxy. Not setting these options may cause the personal data to be stored somewhere and worst case delivered to some other user. Cache settings must be applied for both versions of HTTP because you never know what version a proxy supports. You will need to add the following headers:Version | Header | Value |
---|---|---|
HTTP/1.1 | Cache-Control | no-cache, no-store, must-revalidate, private |
HTTP/1.0 | Pragma | no-cache |
For more information see RFC2616.
Password Autocomplete in browser (Low Risk)
Most users find remembering a password hard so they are quite happy with the browser remembering them. However this also imposes a security risk: any one using that browser can now access the application protected by the password. If you want to disable the password auto-complete feature you can add the
autocomplete="off"
attribute to the input tag that will hold the password.Private IP disclosure (Low Risk)
A private IP address such as 10.x.x.x, 172.x.x.x or 192.168.x.x has been found in the HTTP response body. This may be helpful for further attacks targeting internal systems.
X-Content-Type-Options header missing (Low Risk)
Besides the Content-Type header its also possible to serve some options with it using the X-Content-Type-Options. One of them is the
nosniff
option which prevents browsers from guessing the right content type if for some reason the wrong one was specified. This is risky as it may trick your browser into loading a page disguised as something else (an image for example). Read this for more details. Adding a header is easy using for example a Servlet filter. The upcoming Spring-Security 3.2 has built in support for this and other headers.
httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
IE8's XSS protection filter not disabled (Info)
The XSS protection filter in IE8+ protects against reflected cross site scripting (this is the kind of cross site scripting where the evil script is in the request URL or parameters). Sometimes this filter breaks existing functionality, so it can be turned off or on by the server using a proprietary header. Read this stackoverflow entry for more details. Turning the filter on or off (for Internet Explorer only) works like this:
httpServletResponse.addHeader("X-XSS-Protection", "1; mode=block"); // on
httpServletResponse.addHeader("X-XSS-Protection", "0"); // off
X-Frame-Options header not set (Info)
Without this header present your web application may put into an IFRAME on any another page, perhaps as part of a clickjacking scheme. The X-Frame-Options header allows you to specify which domains may put your web application into an IFRAME. See RFC7034 for more details.
httpServletResponse.setHeader("X-Frame-Options", "DENY"); // DENY, SAMEORIGIN, or ALLOW-FROM
Conclusion
There is a lot to learn by just clicking through a web application and examining the alerts ZAP gives you. Fixing most of the issues found require a little configuration or a few lines code but can have great impact on the security of your web application. Of course finding big flaws like injection, cross site scripting and id guessing requires a more active approach. ZAP also supports this and it may be subject of another blog post in the near future :)
Great Article
ReplyDeleteCyber Security Projects for CSE Students
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
Thanks for sharing us. web design company lakeland
ReplyDeleteI think this is an informative post and it is very beneficial and knowledgeable. Therefore, I would like to thank you for the endeavors that you have made in writing this article. All the content is absolutely well-researched. Thanks... UK VPS
ReplyDeleteBut a smiling visitant here to share the love (:, btw great style and design . new york web design company
ReplyDeleteI need to verify with you here. Which isn’t one thing I often do! I get pleasure from reading a publish that can make people think. Additionally, thanks for allowing me to remark! new york website design company
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteYeah bookmaking this wasn’t a risky decision outstanding post! . branding agencies in san francisco
ReplyDeleteFor a great many people, local application gives off an impression of being a characteristic decision as these applications are stylish and give rich client experience.토토먹튀
ReplyDeleteYou completed a number of nice points there. I did a search on the issue and found nearly all people will have the same opinion with your blog. design agency san francisco
ReplyDeleteWe are not going to charge a fortune for our services, only pay what you need with flexible add-on packages. We are known for providing cost-effective solutions for all your digital problems. web development agency in usa
ReplyDeleteI am typically to blogging and i actually recognize your content. The article has actually peaks my interest. I am going to bookmark your web site and maintain checking for brand new information. web design san francisco
ReplyDeleteI really treasure your piece of work, Great post. website designers san francisco
ReplyDeleteYou’re the best, beautiful weblog with great informational content. This is a really interesting and informative content. design agency san francisco
ReplyDeleteF*ckin’ awesome issues here. I’m very satisfied to peer your post. Thanks a lot and i am having a look forward to touch you. Will you kindly drop me a e-mail? web designer san francisco
ReplyDeleteMy wife and i ended up being absolutely fulfilled Chris managed to carry out his studies from your ideas he had out of the web pages. It is now and again perplexing to just happen to be releasing facts that many many others may have been selling. Therefore we remember we now have the blog owner to thank because of that. All of the explanations you made, the easy blog menu, the relationships you can help to engender – it’s got mostly spectacular, and it’s really assisting our son and us reason why the theme is exciting, which is very indispensable. Many thanks for the whole thing! design agency san francisco
ReplyDeletecontinue with the the great work on the site. I love it. Could maybe use some more updates more often, but im sure you got better things to do , hehe. =) los angeles web design
ReplyDeleteyou can always count on search engine marketing if you want to promote products online., los angeles web agency
ReplyDeleteI am delighted that I observed this web blog , just the right info that I was looking for! . design firms los angeles
ReplyDeleteThere are a handful of intriguing points with time here but I do not know if I see these people center to heart. There is certainly some validity but I’ll take hold opinion until I take a look at it further. Good post , thanks and we want a lot more! Added to FeedBurner also los angeles web design
ReplyDeleteThis kind of lovely blog you’ve, glad I found it!?? top web design agencies
ReplyDeleteThanks for taking the time to discuss this topic. I really appreciate it. I’ll stick a link of this entry in my blog. website design company
ReplyDeleteInteresting column , I am going to spend more time reading about this topic website tips
ReplyDeleteacer laptops have much brighter lcd screens compared to other brands* branding agency la
ReplyDeleteeCommerce Website Designers who are 100% Australian developers from Website Development Australia. We build high performing eCommerce websites. ecommerce
ReplyDeleteI wanted to thank you for this excellent read!! I definitely loved every little bit of it. I have you bookmarked your site to check out the new stuff you post. SEO Agency Vancouver
ReplyDeleteWow, What a Excellent post. I really found this to much informatics. It is what i was searching for.I would like to suggest you that please keep sharing such type of info.Thanks wordpress web design agencies
ReplyDeleteThanks, foг ones marvelous posting! I genuinely enjoyed reading it, you miggһt Ƅe a great author. I wiⅼl made certain to booҝmark your blog and ѡill often come back sometime soon. I want to encoᥙrage yourself to continue your great job, have a nice evening!
ReplyDeleteWeb Development Course
best web development courses
web development classes
web development course near me
Web Development Training
training on web development
web development training program
web development training course
web development summer training
If you set out to make me think today; mission accomplished! I really like your writing style and how you express your ideas. Thank you. web design in Switzerland
ReplyDeleteHey friend, it is very well written article, thank you for the valuable and useful information you provide in this post. Keep up the good work! FYI, please check these depression, stress and anxiety related articles:
ReplyDeleteMental Stress in Children
Depression In College Students
How To Save Your Relationship
Depression in Men
You can also contact me at depressioncure.net@hotmail.com for link exchange, article exchange or for advertisement.
Thanks a lot
Emma
Download All Movie Subtitles Here for Hollywood, Bollywood and all kinds of movies. Download English SRT Subtitles Here subtitleplanet.com
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThanks for a very interesting blog. What else may I get that kind of info written in such a perfect approach? I’ve a undertaking that I am simply now operating on, and I have been at the look out for such info. Epik-protocolEPIK
ReplyDeleteWe are a top SEO services agency in Pakistan with a success rate of 91%. Seo Services In Pakistan
ReplyDeletePretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. I will do 70 dofollow backlinks SEO service high tf cf
ReplyDeleteMeraas Cherrywoods Townhouses at Al Qudra Road, which offers 3 and 4 bedroom townhouses starting price AED 1,625,000, decorated with full living amenities.
ReplyDeleteArada The Boulevard 2 Apartments
ReplyDeleteAwesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! edge hosting
ReplyDeleteSearching for a free domain name and cheap web hosting? Stop waisting your valuable time viewing hundreds of web hosting companies. Read an honest review of the best free domain name and cheap web hosting packages available. Then focus your efforts on what's important, building your website. top web hosts in 2020
ReplyDeleteDamac Green Acres Park Villas
ReplyDeleteIt’s really a cool and useful piece of info. I’m glad that you simply shared this useful information with us. Please stay us informed like this. Thank you for sharing. Website Development Company in UK
ReplyDeleteThey make it sound simple to construct a beneficial web business, yet reminder time: fabricating a productive, web-based business takes difficult work, extended periods and, in particular, cautious arranging and determination of the correct sellers. Woke Hosting
ReplyDeletedsgdsgdsg
ReplyDeleteThe internal team was impressed with best app design companies creative insight, attentive customer management, and exceptional product quality.
ReplyDeleteSamana Golf Avenue apartments which offers studio, 1 and 2 bedroom apartments starting price AED 415,000 located in Dubai Studio City.
ReplyDeleteI’m eager to find the valuable information and for me this is the right place to get the good stuff.
ReplyDeletehow to open bulk urls
For instance, in the event that you just need certain consultants, you can list that in your task depiction. Professional graphic design
ReplyDeleteافضل خدمات المكافحة ورش المبيدات بخميس مشيط وابها بافضل المعدات والاجهزة العالمية
ReplyDeleteشركة تنظيف موكيت بخميس مشيط
شركة مكافحة حشرات بابها
شركة مكافحة حشرات بخميس مشيط
شركة رش مبيدات بابها
شركة رش مبيدات بخميس مشيط
شركة مكافحة حشرات ببريدة
This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. download trafficize
ReplyDeleteiPods, iPads, Blackberries, DVRs, Kindles and more - all fascinating forms of technology. As the technology era continues to explode, there's something interesting that's exploding with it. Stress. Discover how to overcome stress from technology today. Bluehost hosting discount
ReplyDeleteGreat post, and great website. Thanks for the information! Take me to another useless website
ReplyDeleteThis is really likewise an incredibly beneficial placing most of us severely encountered shopping as a result of. It truly is faraway from each and every day we have now possibility to think about something. Software Programmer
ReplyDeleteiPods, iPads, Blackberries, DVRs, Kindles and more - all fascinating forms of technology. As the technology era continues to explode, there's something interesting that's exploding with it. Stress. Discover how to overcome stress from technology today. iPhoneIMEI.net
ReplyDeleteEmaar introduced Club Villas at Dubai Hills Estate which offers 3 and 4 bedroom villas, Book with 5%.
ReplyDeleteTechnology is in the society. The society is into technology. The society contributes the human and material resources necessary for technology to blossom. There is no denying the obvious fact that technology has indeed, blossomed. The point of discourse is what technology has taken, and is still taking away from the society in its course for growth. cheap uk windows vps
ReplyDeleteI would like to say that this blog really convinced me to do it! Thanks, very good post. web-agency
ReplyDeleteUse your headline to grab the user’s attention and sub-headlines to keep them engaged or drive home your point. E.g. Selling a major benefit of your product or service in the headline, use your sub-headline to elaborate. affordable professional web design
ReplyDeleteIt is advertising and marketing offers advertisments so as to practical research ahead of placing. In other words to jot down more appropriate area in this way. Web Development
ReplyDeleteThank you very much for this great post. notebook
ReplyDeleteDepending on your needs for file storage space, you may need more or less. Generally the more disk space offered, the better. ssd vps hosting
ReplyDeleteThis is my first visit to your web journal! We are a group of volunteers and new activities in the same specialty. Website gave us helpful data to work. sayapro bin checker
ReplyDeleteThis has tackled consistent issues with web designers who are genuinely enthusiastic in their work who at some point can get excessively delicate to a little remedy or perception of his work. Webdesign Genk
ReplyDelete
ReplyDeletemicrosoft word not opening mac
how to restart word on mac
why is microsoft word not responding
microsoft word not responding
Great. Thanks for sharing.
ReplyDeleteweb design and development services
Damac Properties introduced Melrose Estates Golf Villas, which offers 3 to 5 bedroom villas located at Damac Hills, Dubai, limited edition golf villas that capture the true essence of California.
ReplyDeleteI invite you to the page where you can read with interesting information on similar topics. try these out
ReplyDeletePositive site, where did u come up with the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include. WordPress Developer Brisbane
ReplyDeleteHey there! I’ve been reading your web site for a long time now and finally got the courage to go ahead and give you a shout out from Austin Texas! Just wanted to mention keep up the fantastic work! 부산출장마사지
ReplyDeleteWordPress has been the most sought-after site when it comes to content management system. A responsive website development gets easier with WordPress. There are two preferred methods when it comes to developing and modifying sites using WordPress Development Company. They are Local development and Staging development. With a list of pros and cons of their own, both the kind offers a variety of features to the diverse audience and WordPress users. So here is a quick guide differentiating between Local development and Global development and how to choose the apt one for you. Buy Web Traffic to improve your SEO
ReplyDeleteThis is really intriguing, You’re an especially efficient writer. I have signed up with your feed additionally look ahead to finding your personal interesting write-ups. Furthermore, I’ve got shared the blog inside our social networks. 토토사이트
ReplyDeleteThis really is an incredibly amazing powerful resource that you’re offering and you just provide it away cost-free!! I comparable to discovering websites that view the particular price of providing you beautiful learning resource for zero cost. We truly dearly loved examining this web site. Be thankful! 부산출장마사지
ReplyDeleteHello, this weekend is good for me, since this time i am reading this enormous informative article here at my home.
ReplyDeletequenza app
Furthermore, an alternate society that will not partake in the aggregate sensibilities or enthusiasm of such society has, by the normal rationale, become a potential or real adversary and faces encounter on every single imaginable front. TutuApp web
ReplyDeleteYou there, this is really good post here. Thanks for taking the time to post such valuable information. Quality content is what always gets the visitors coming. pay monthly web design
ReplyDeleteDeciding which are the important features and components can be a confounding task. How do you decided on the best web hosting solution for your online business needs? managed-hosting-solutions.com examines the key elements of this important decision, and helps you make the best choice with ease. .net.au registration
ReplyDeleteThanks , I’ve just been searching for info about this topic for a while and yours is the greatest I have found out so far. But, what about the conclusion? Are you sure about the supply? free backlink
ReplyDeleteWeb designers and developers are the foundation of the Internet. If you are skilled in web design or web development you can make a growing income on the Internet. The secret to making money with your web design and development skills is to include web hosting in your web design or web development quotes or standard packages. ssd vps
ReplyDeleteMy Name Is Emily Albert i have 10 years of experience in digital marketing like SEO, Facebook ads google ads etc. last 6 months I'm connected with digimart. digimart USA base digital marketing company who have amazing digital marketing person. marketing agency near me
ReplyDeleteYoure so cool! I dont suppose Ive read something like this before. So nice to seek out any person with some unique ideas on this subject. realy thank you for beginning this up. this website is one thing that’s needed on the web, somebody with a little originality. useful job for bringing something new to the internet! Caribou social media
ReplyDeleteYou undoubtedly ensure it is look simple along with your business presentation however i come across this kind of topic being truly an issue that I think I might never recognize. It appears also complex and extremely wide personally. I will be impatient for your next article, I am going to try to get the hang of it! Matthew Fleeger supports local charities
ReplyDeleteAs soon as I found this internet site I went on reddit to share some of the love with them. we are caribou
ReplyDeletenaturally like your web site however you have to test the spelling on several of your posts. A number of them are rife with spelling issues and I in finding it very bothersome to tell the reality on the other hand I will surely come back again. Matthew Fleeger is CEO of Dallas company Gulf Coast Western
ReplyDeleteI got what you intend, thanks for putting up. Woh I am glad to find this website through google. cockatoo for sale
ReplyDeleteWhatsminer M30s++ has the highest hashrate of any commercially available SHA-256 miner. The M30s++ is built for reliability, stability and profitability. At 112Th/s and coming with all required plugs to mine out of the box, this is a perfect unit for a first time miner or large scale farms. The M30s++ is currently in hundreds of mining facilities worldwide. Bitmain
ReplyDeleteHey. Cool article. There's a problem with your site in chrome, and you may want to check this... The browser is the market leader and a huge component of other people will omit your wonderful writing because of this problem. brazilian sugaring
ReplyDeleteThanks for one’s wonderful post! We definitely liked reading it, you could be an great contributor. I shall always take a note of this blog page and will often come back later on, I wish to motivate that you continue this great job, enjoy your evening? BTW have you read Gaddafi remarkable headlines Regards Independent Financial Advisor covid in mexico
ReplyDeleteWelcome to today’s discussion about GST university admission 2020-2021 where we will be revealing all the necessary information regarding the combined admission process of the universities, 20 to be specific. All these universities have agreed to undergo a common admission test in a cluster system gst admission 2021
ReplyDeletegood day, your internet site is cheap. I do many thanks for succeed Buy OrCAD 17.2.0
ReplyDeleteHello, this weekend is good for me, since this time i am reading this enormous informative article here at my home.
ReplyDeleteคลินิกเสริมความงาม
I am definitely enjoying your website. You definitely have some great insight and great stories. how to make a site like fiverr
ReplyDeleteAs soon as I found this internet site I went on reddit to share some of the love with them. Corporation Wiki Matthew Fleeger
ReplyDeleteAs a seller of legal steroids, you can buy Crazy Bulk products, explore stacks and finally get the body you’ve always wanted What Is Dedicated Server Hosting
ReplyDeleteThanks, Your post is an excellent example of why I keep coming back to read your excellent quality content…. Dallas CEO Matthew Fleeger
ReplyDeleteAs soon as I found this internet site I went on reddit to share some of the love with them. general construction contractors near me
ReplyDeleteTraining and knowledge are necessary for a successful web design or web development. A web developer and a web designer are two different beings. Hone your talents in both these fields. Knowledge of the right software for the calling in hand is very necessary. Accomplishment lies in keeping it lucid. Social Media Creation, Design, Management and Optimisation
ReplyDeleteWhat a good perspective, nonetheless is not help make every sence whatsoever talking about that will mather. Every approach many thanks plus i had endeavor to discuss your own publish straight into delicius nonetheless it is apparently issues using your websites are you able to please recheck the item. with thanks again. check these guys out
ReplyDeleteBut wanna admit that this is very helpful , Thanks for taking your time to write this. click here
ReplyDeleteThank you of this blog. That’s all I’m able to say. You definitely have made this web site into an item thats attention opening in addition to important. You definitely know a great deal of about the niche, youve covered a multitude of bases. Great stuff from this the main internet. All over again, thank you for the blog. https://mattceramicmugs.blogspot.com/2020/11/matt-ceramic-mugs.html
ReplyDeleteThat is enterprise associated knowledge gaining article. This put up is truly the first-class on this valuable subject matter.
ReplyDeleteIdn Slot
I like this web site very much, Its a real nice spot to read and receive info . افلام
ReplyDeleteSuperbly written article, if only all bloggers offered the same content as you, the internet would be a far better place..
ReplyDelete먹튀검증사이트
I am hoping the same best effort from you in the future as well. In fact your creative writing skills has inspired me.
ReplyDelete메이저놀이터