The gstreamer WebRTC sendonly example works only locally. The examples are deployed on machine with a public IP address.
I am using gstreamer 1.20 on ubuntu 20.04LTS.
Furthermore, in the browser of the local machine where sendonly is deployed, when I use 127.0.0.1 the example works. However when I use the public IP of the machine, it does not work.
When it does not work, the sendonly program does not receive an SDP answer (soup_websocket_message_cb)
That is because you are not using https. In order to use it with http, the browser should allow this. For example, you can do this in chromium based browsers, by enabling Insecure origins treated as secure in chrome://flags/. You should add your unsecured website there, for example "http://www.example.com"
Related
I have registered a wildcard certificate for *.dev.example.com which I use on my locally installed nginx server, to serve websites and to be able to test them on all devices, Android, iOS, etc...
The workflow is as follow (briefly)
The routers dnsmasq is configured to route all *.dev.example.com requests to 192.168.1.xxx
192.168.1.xxx runs nginx, which is configured to use the wildcard certificates for *.dev.example.com
Accessing https://dev.example.com and https://xxx.dev.example.com from any device within the LAN worked without problems.
Now, since of today, Google (Brave) are denying the certificate and won't request the URL properly -> nginx returns File not found
If I call the URL from an Android REST-client (like Restler), or Firefox or Opera, everything works as expected.
Has anything changed in Chromium regarding this manner?
The problem was, that Brave had Use secure DNS enabled (maybe through a recent update), which circumvented my router's DNS settings.
I have developed a WebRTC based application along with Kurento-Media-Server.
Problems with this application is:
It works but only on open network (i.e. if run on a network without firewall).
When in firewall it runs sometimes (once out of 10 attempts).
I have tried several things with the firewall, I have disabled all kind of incoming/outgoing traffic. I have created a port-forwarding for my application as well as Kurento-media server.
I am not sure how much useful this information might be but I am deploying my
application on the same physical box along with Kurento-Media-Server. I have configured google's STUN server on my client.js, I have also configured same STUN servers on kurento using code. I haven't configured TURN server.
Just confirming this, signaling server can be behind firewall along with rest of the application, correct?
I am not sure what to look for now, any help in this area would be great.
EDIT-1
From this link I learned that my current network on which my isn't working it has issues with plain websocket connection, it doesn't allow it, it only allows secure Websocket connections.
EDIT-2
Image of netscan:
In my phone network where my app works fine I see all greens in Websocket's "plain" column.
EDIT-3 Solved
Finally found the problem, We were using a router for testing and development and I found that the router had issues, I used LAN cable on the same router and everything worked fine. Calls from application were working just fine. Firewall related details help in configuring the firewall later on.
Based on your problem description it seems all the UDP traffic is not open in your firewall. WebRTC media run on UDP ports.As you mentioned it works one out of 10 times whch means only few UDP ports are open in your firewall.You are lucky when traffic comes via tose ports.You can open port-range in your firewall and configure the same in kurento-media-server config.Your job should be done.
Even if you configure TURN server you need to open certain ports for outgoing and incoming UDP traffic.For TURN server default port is 3478 or 8443 for sending data towards it but for incoming traffic you need to configure port-range on your TURN server and open those ports in your firewall. Always remember TURN server is assured way to connect but it's always costly.
I'm interested in using Fiddler to inspect HTTP(S) API traffic on my home network. I want two networks/routers; "Normal" and "Fiddler". I want the devices to easily connect to either network. I do not want to manually configure/unconfigure proxy settings when moving devices between normal and Fiddler proxy network. I just want to select a new access point and have the device work. How can this be done? Will some kind of port-forwarding on the "fiddler" router suffice?
After several weeks of experimentation and discussion, my conclusion is that neither Fiddler nor Charles Proxy support transparent proxy which is key to making a simple router setup work. OTOH, mitmproxy does work well. mitmproxy runs on OS/X and Linux. For Windows there are two options, mitmdump is a UI-less version of mitmproxy, and mitmweb (available but not presently released) has a very promising UI.
Indeed you easily configure a router to gateway to a mitm system. From there mitm will show http requests and responses. If you want to see HTTPS, you'll simply need to have the device accept an mitm certificate. Do so by visiting the special domain name http://mitm.it and follow instructions.
For a more detailed discussion see Best Way to Inspect HTTP(S) APIs of Many Devices
I wrote up the procedure for configuring a router to proxy client traffic to a transparent proxy. Works great with MitmProxy. The beauty of this approach is that you can simply connect a client device, wired or wireless, to the router and HTTP(S) traffic will be displayed by MitmProxy. No need to fiddle with each device's proxy settings. You simply choose the router's network, when done you flip back to the usual router.
Best Way to Inspect HTTP(S) API Traffic in a Multi-Platform Multi-Device Environment
http://fiddlerbook.com/fiddler/help/hookup.asp --- have you checked this? I think this helps.
SharpPcap is a great library. I'm building http packet viewer for linux using it and it works fine! However is it possible to capture and decrypt ssl traffic? From one hand it would be exactly what ssl is designed against and so I would say the answer is no. On the other hand I see things like PacketDotNet.LinuxSLLPacket which give hope. So is this possible and if so where could I get some info on how to do this?
You should look at mitmproxy. It does exactly what you want it to do.
The way it works is by allowing you to set your proxy settings to mitmproxy running on 8080 by default. You install the certificate for the mitmproxy on your machine, phone, browser and it will essentially provide you with a man-in-the-middle.
I need to monitor HTTP traffic in my dev env which is PHP/Apache/Windows. But Apache seems to refuse the HTTP requests coming from fiddler which sits between the browser and Apache.
Error is No connection could be made because the target machine actively refused it
I suppose there should be some configuration on Apache which allows traffic via Fiddler. Can any one help me with it?
What windows version are you using?
What browser are you using?
Does the Apache reside on localhost?
Try disabling IP6 support (in the Fiddler options -> General -> uncheck "Enable IPv6 if available")
If apache is on localhost try http://machinename:port instead of http://127.0.0.1:port or http://localhost:port
Also check Fiddler know issues
I'm going to assume that your browser and Fiddler are installed on the same machine and the deve enviroment is remote. I would install Wireshark and capture the native browser requests, and the ones proxied through Fiddler. See what is different between them. I would seem they would be comming form the same src IP, so I would look at the various HTTP request headers, and see what is different.