I'm developing new app. This is app need to get information from my website so I use HTTP request using vb.net.
Sub Main()
'Address of URL
Dim URL As String = http://whatever.com
' Get HTML data
Dim client As WebClient = New WebClient()
Dim data As Stream = client.OpenRead(URL)
Dim reader As StreamReader = New StreamReader(data)
Dim str As String = ""
str = reader.ReadLine()
Do While str.Length > 0
Console.WriteLine(str)
str = reader.ReadLine()
Loop
My problem is , I found an app called fiddler http://www.fiddler2.com/fiddler2/
This app could find all HTTP request that maked using my app , so this put my website at risk.
Is There any way how to hide HTTP request from been detected ????
I'm not familiar with this "fiddler" product, but just from reading the page that you reference, it is something that runs on the user's machine and monitors traffic between that computer and the Internet. I don't see how it would be even theoretically possible to prevent this. Signals are moving over wires leaving the user's computer. He presumably has physical access to his own computer. If nothing else, he could attach something to the cable coming out the back of the computer that monitors the signals moving over the wire.
You could encrypt messages so that it's difficult for the user to interpret what they mean, but you can't stop him from reading the message as it was sent.
I wonder, by the way, how it is a security problem for a user to know what messages are being sent from his own computer. Are you trying to hide what you are doing from the person using your program? Frankly, if I discovered that an application I have on my computer was trying to hide what it was doing from me, I would immediately delete it. Why would someone want to hide what he's doing to MY computer unless what he is doing is something sinister, trying to steal my personal data or some such?
Just to be slightly sarcastic, your question sounds a little like asking, When I visit a business associate, how can I prevent him from finding out out what I did in his office when he stepped out for a few minutes?
There is a way using the Proxy method just add this Code in the HTTP request:
Request.Proxy = New WebProxy()
cause how fiddler works it sets itself as the proxy using the above code it cannot set fiddler proxy and thats how you stop it from reading anything
Related
First of all, excuse me If I misunderstood some concepts, since web requests and cookies are not my fort.
Well, the thing is that I would like to get all the cookies stored in the WebBrowser's session for the current url. This will help me for example after interactively logging in a website, I can retrieve the cookies from the WebBrowser instance to use them in background with the HttpWebRequest class. (the website has security measures like a captcha and a random question, so for me is not viable to try automate it using requests in background to login and store the cookies, I prefer to use a webbrowser)
This is what I tried so far, it seems that it works fine but I'm not sure whether I did it all ok without missing any important thing to take into account, and I think my approach seems a little dirty solution, I mean maybe exists a direct way to get this from the abstraction layer of the WebBrowser control...
<HideModuleName>
Public Module WebBrowserExtensions
<Extension>
<DebuggerStepThrough>
Public Function GetCookieContainer(ByVal wb As WebBrowser) As CookieContainer
Dim uri As Uri = wb.Url
Dim cookieContainer As New CookieContainer()
Dim cookies As String() = wb.Document.Cookie.Split({";"c}, StringSplitOptions.None)
For Each cookie As String In cookies
Dim name As String = cookie.Substring(0, cookie.IndexOf("="c)).TrimStart(" "c)
Dim value As String = cookie.Substring(cookie.IndexOf("="c) + 1)
cookieContainer.Add(uri, New Cookie(name, value, "/", uri.Host))
Next cookie
Return cookieContainer
End Function
End Module
So, my question is: It is all ok with my approach?, if not then which would be the proper way to do this?.
PS: I know the WebBrowser is a embedded instance of Internet Explorer, but I'm not sure about how the WebBrowser manages the cookies, I mean if the cookies persists only during the lifetime of the current application or the WebBrowser instance, or just the cookies are stored in the system and are the same cookies used by Internet Explorer. As I said, excuse me If I misunderstood some concepts.
My client will access my company's site to retrieve data information, using a sub I am working on. This has to be done using a secured proxy, since his company blocks access to some sites. I can't test my sub on his computer and obviously he cannot send the proxy information (ie.:Username, passoword, ip, port...)
Sub login_sub()
url = "http://localhost/php004/loginExcelAddin.php?username=" + username + "&password=" + password
Dim httpObject As Object
Dim response As String
Set httpObject = CreateObject("WinHttp.WinHttpRequest.5.1")
httpObject.Open "GET", url, False
httpObject.SetProxy HTTPREQUEST_PROXYSETTING_PROXY, proxyIP + ":" + proxyPortNumber
httpObject.send
response = httpObject.responseText
On Error GoTo errorHandler
If response = True Then
loggedIn = True
MsgBox "You are logged in"
End If
Application.Calculate
Exit Sub
errorHandler:
MsgBox "Login has failed"
End Sub
(Username, password, proxyPortNumber, proxyIP are public variables filled in a form)
I am struggled with this issue for a while. Anyone could tell me if I am going to the right direction, can I send this code for the client?
Thanks
Ah, I've been through this before many times in my career. From a test strategy perspective (rather than a review of your code above), there are several possible combinations of ways to test all this out:
The client's IT department should be able to provide you with specifications on how their proxy expects client identification information to be included in the outbound request. Some proxies may use alternative authentication information data in the request headers; you need to know exactly how the client's proxy requires the authentication data to be passed (this can get troublesome on Enterprise proxies that may use Active Directory/LDAP as intermediaries).
The ideal first stage of testing is to setup inside your own company a test authenticating proxy in as close as possible the same make, version, and configuration as the client's. Put your Excel code onto a laptop, and connect the laptop to the "outside" of this test proxy. This will allow you to test the code to work out bugs with accessing a similar proxy under your control.
Of course, its quite possible that the client's proxy may not behave quite like your test proxy, so even after doing step 2, there may still be problems once you give it to the client. If the client is allowed to use window sharing services like WebEx, you could then set up a WebEx session with the client, and have them share their screen with you while they are using your code for the first time. If it fails, you can talk them though a debugging session with Excel's debugger while you are watching the debugging results.
3a. If the client's IT Dept will allow a more comprehensive sharing tool that allows YOU to remotely control the client's desktop (while they are watching) that would even be more ideal. But if the client's IT Dept is already doing outbound proxying, they are likely too paranoid to allow this.
If a WebEx-like session is not allowed, then you could add diagnostic outputs into a log file which they could then send you, or verbally tell you in a telecon. This is not an optimal way to accomplish the debugging.
4a. Again if WebEx-like method is not allowed, but if the client has an Excel expert and an IT expert, you can get them to do the testing with you on a telecon. Again not optimal but is better than 3 because you are not talking with a clueless client.
Finally and worst-case, you may have to travel to the client's site to do final testing on their own computers (under of course the supervision of the client).
This would be easier if I were able to have the external computer get its own name and just pass it to a web service as a variable, but I'm not able to do that right now. There are a variable number of computers from several different entities that regurarly access a web service on one of our servers. Changing only some VB.Net code on the server and nothing at all on any of those external computers, how would I be able to get their names programmatically in VB.Net? Thanks!
EDIT: Some of the answers look like they're designed to get the IP of either the server, the server's router, or something else along those lines. Maybe I'm just misreading the code or something, but I was talking about getting the names of client, external computers who try to access a webmethod on the server, using the webmethod's code to do so.
If there is no address translation and computers has DNS entries:
Dim ip As String = System.Web.HttpContext.Current.Request.UserHostAddress
Dim name as String = System.Net.Dns.GetHostEntry(ip).HostName()
System.Net.Dns.GetHostAddresses(My.Computer.Name)(5).ToString
Quick solution for getting external IP in VB.Net
Dim sIp As String
Dim webClient As System.Net.WebClient = New System.Net.WebClient()
sIp = webClient.DownloadString("http://lbb.ie/ip.php")
And that's it It is my own php file on my own server so go ahead :) Enjoy
I am basically sending a URL to control the tilt and pan of an IP camera, so all I need to do is send the request, I am not worried about receiving anything. Currently I am using:
Dim Request As HttpWebRequest = WebRequest.Create("http://xxx.xxx.xxx.xxx/nphControlCamera?Direction=TiltDown&Resolution=320x240&Quality=Standard&RPeriod=0&Size=STD&PresetOperation=Move&Language=3")
Dim Response As HttpWebResponse = Request.GetResponse
My problem here is, if I hit it two or three times it locks up my program. So what am I either doing wrong, or what is the best way to send this URL?
Thanks
You might have better luck calling it asynchronously, and preventing the user from sending the request again until the camera gets itself situated?
Basically you'd use BeginGetResponse instead of GetResponse.
This might be of use: How do you call an Asynchronous Web Request in VB.NET?
Are you returning any response at all from the camera? It seems like your program is waiting for a response and getting nothing.
Despite my lack of coding knowledge I managed to write a small little app in VB net that a lot of people are now using. Since I made it for free I have no way of knowing how popular it really is and was thinking I could make it ping some sort of online stat counter so I could figure out if I should port it to other languages. Any idea of how I could ping a url via vb without actually opening a window or asking to receive any data? When I google a lot of terms for this I end up with examples with 50+ lines of code for what I would think should only take one line or so, similar to opening an IE window.
Side Note: Would of course fully inform all users this was happening.
Just a sidenote: You should inform your users that you are doing this (or not do it at all) for privacy concerns. Even if you aren't collecting any personal data it can be considered a privacy problem. For example, when programs collect usage information, they almost always have a box in the installation process asking if the user wants to participate in an "anonymous usage survey" or something similar. What if you just tracked downloads?
Might be easier to track downloads (assuming people are getting this via HTTP) instead of installs. Otherwise, add a "register now?" feature.
You could use something simple in the client app like
Sub PingServer(Server As String, Port As Integer)
Dim Temp As New System.Net.Sockets();
Temp.Connect(Server, Port)
Temp.Close()
End Sub
Get your webserver to listen on a particular port and count connections.
Also, you really shouldn't do this without the user's knowledge, so as others have said, it would be better to count downloads, or implement a registration feature.
I assume you are making this available via a website. So you could just ask people to give you their email address in order to get the download link for the installer. Then you can track how many people add themselves to your email list each month/week/etc. It also means you can email them all when you make a new release so that they can keep up to date with the latest and greatest.
Note: Always ensure they have an unsubscribe link at the end of each email you send them.
The guys over at vbdotnetheaven.com have a simple example using the WebClient, WebRequest and HttpWebRequest classes. Here is their WebClient class example:
Imports System
Imports System.IO
Imports System.Net
Module Module1
Sub Main()
' Address of URL
Dim URL As String = http://www.c-sharpcorner.com/default.asp
' Get HTML data
Dim client As WebClient = New WebClient()
Dim data As Stream = client.OpenRead(URL)
Dim reader As StreamReader = New StreamReader(data)
Dim str As String = ""
str = reader.ReadLine()
Do While str.Length > 0
Console.WriteLine(str)
str = reader.ReadLine()
Loop
End Sub
End Module
.NET? Create an ASMX Web Service and set it up on your web site. Then add the service reference to your app.
EDIT/CLARIFICATION: Your Web Service can then store passed data into a database, instead of relying on Web Logs: Installation Id, Install Date, Number of times run, etc.