Ok so what I want to do is create a background agent that monitors http traffic to/from a certain application and performs actions when there are requests and responses to a certain website. Is there a good way to do this in Cocoa? I'd like to avoid using really low level sniffing and/or requiring root access to do this (admin access is ok).
If the application your trying to monitor supports proxy servers you could write one and use that in your app. That probably is the easiest solution.
If that doesn’t work you could use something like mach_inject and mach_override to overwrite some socket system calls (socket and write probably are enough) in the program you’re going to monitor. That’s some kind of dark art though, so you’re probably better off using a packet sniffer like tcpdump and control that using a pipe.
Admin privileges (which are almost the same as root) are required for all of this, except the proxy solution.
Here's tcpdump and it's library libpcap:
http://www.tcpdump.org/tcpdump_man.html
and
http://www.tcpdump.org/pcap3_man.html
There's a tutorial here:
http://www.tcpdump.org/pcap.htm
Like Sven said you'll need admin privileges to do anything spectacular.
Related
I need answer to one very basic question.
Is it necessary to have telnet access to hit an API while systems are connected over VPN? For example, if my system exposed an API for other systems to hit and they are connected in VPN using IPsec, does a third party system needs telnet access to my server for using that API? The API uses soap protocol for receiving request and sending response.
(I did not find out the solution using google. The question is so naive that I had to assume everyone must already know the answer and does not bother to discuss it in web. Sorry for bothering with this simple question)
This is very strange. Accessing an http endpoint for anything else than dev using telnet doesn't really make much sense to me. If someone is using telnet to fetch informations from a server in an application. Something is already really wrong. If telnet is timing out while doing http requests. It's not really your fault and you shouldn't have to worry about edge cases like this.
If the dev is using telnet to discover security issues. This is a different issue and you could probably log anything that come from this particular client. If you gave hime some credentials, it should be easy to find who is doing which request. (I believe you might be already doing this).
You should probably ask the dev "why are you using telnet?". If for whatever reason the dev though he could send a plain SOAP request to your server using telnet without sending HTTP headers and so on.... then yes the connection is likely to timeout because the server isn't going to handle the request.
In my twisted mind, I can imagine some kind of legacy application calling scripts that open telnet sessions to parse some data and return the "parsed" data to the patched legacy project that doesn't handle http/tcp. I'd have in mind some sort of old Cobol application. Much more easier to do system call than to rewrite the whole thing to support APIs.
If for whatever reason, the client claims that telnet is needed for whatever reason. You can tell him back that telnet shouldn't be considered secure. Your api can be accessed using https. As far as I remember telnet doesn't encrypt anything unless you send encrypted data. If your client was able to hack a solution using telnet, I'm pretty sure they can hack a different solution wich use an actual http client.
I am very new to both node and Javascript, and am completely lost when it comes to PHP and Apache/nginx. I have an Amazon EC2 instance running my node server, which I am accessing through my browser via http://[my-ip]:[port-number]/.
There are a couple of things I'd like to accomplish -- most importantly, I'd like to require a username/password before the server will accept a client. A secondary objective, but one that I feel may be required in order to password protect the server, is to do away with the port number specification through some kind of proxy forwarding.
I've seen that others have accomplished this by adjusting server configurations and/or other utilities such as haproxy, but the examples were a little over my head and I'd like to understand what I'm doing at each step, because for me this project is more about learning than anything else.
Again, I am VERY inexperienced, so an easy-to-follow, bottom-up suggestion for how I should go about doing this would be very much appreciated!
So let's split your question into two:
a) Password protect server
I'm guessing you are talking about the basic HTTP auth. If you are using Express, you can use the Connect middleware in order to achieve that.
Find the example here: https://github.com/senchalabs/connect/blob/master/lib/middleware/basicAuth.js
Read more about it here: http://senchalabs.github.com/connect/middleware-basicAuth.html
b) You want a proxy. In production I'd say to choose HAProxy like you were suggested, but there are also other alternatives written in Node.js like bouncy or node-http-proxy which you can find more easy to understand.
My task is to write a Messenger program for both internal and external staffs, I actually made it. However, I thing this is really not a good approach by using the client software keep "check-mesg" from server. So I think I am just simulating the IM program.
I want to make the client app become a listening server, and let user p2p talking without a "mesg-centre" at the main server(unless offline mesg happen). The question is how do I tell the external user ( other client app ) my location while I am behind a router ?
Are those other IM programs running on the client machine as a server too? and how do they get through ?
Thanks in advance!
It's quite complicated to connect to systems behind a router and not always possible. A well-documented way to do this with UDP is the STUN protocol (used mainly for SIP-based VoIP). If it is not possible to get behind the router, you can only use a server in the open network as intermediator (some P2P systems also promote well-connected peers to such intermediators). SIP uses TURN for as intermediator protocol. SIP's protocol to find out the right solution for a client is ICE.
See also NAT traversal.
I have a mini API that is only for an app I have built. The API service is on a separate domain to my app. I make jsonp calls to it and receive json in return.
Therefore I only want my app to be able to access it. Can I just list a series of IP addresses for my app and allow them? Is there a better way to stop requests from anyone else to my API?
The best way to implement IP-based filtering would be at the web-server level. Here's a brief introduction to access control with Apache. If that happens to be your web-server.
If the IP stays the same throughout time, yes this is a valid idea. Another way would be with an id and a key, if you expect further usage from other (dynamic) ip adresses.
What operating system is the API service running on? If it's Linux, look into iptables to only allow a certain IP to access a specific port.
Honestly, I wouldnt go with an IP based solution. While it may work in the short term, it will make things hard in the future. For example, what if your ip provider decides to do a reset? Most likely (unless you have explicitly established the need for static ip with your provider) your ip will change. Then your program will error and you wont know why (or worse, you wont know that a computer is now disconnected). Furthermore, if you want to add machines, think about managing 1000 ips....yikes! The 'right' way of doing this would be to authenticate the machines using some other scheme (user/pass, pki, etc.)
I have the need to be able to cycle my linksys router via a program, the reason I want to do this is complex, so let's just assume there is no better option.
Is there anyway to do this? I think there is because when I install a firmware update to the router via the admin console, it cycles the router.
If you can find the function to do that on the router's web interface, you can achieve the same via a suitable HTTP request. Also, you can often telnet to the router and reboot it through its command-line interface. Programmatically you can achieve the same, by using a tool like expect.
If you have access to the local web interface of the router you might be able to access the "reset" function of the router. You can try to call this via a http request, e.g. via wget. But this depends very much on the router. Some routers also support SNMP or a telnet interface.
Another possibility is to plug the router into an ethernet-connected power strip which can be remotely controlled. These power strips usually have a simple http server build in, so you can individually switch on and off the devices that are connected.
If it's a Linksys WRT54G, I highly recommend DD-WRT. It's an open source firmware replacement, and it has this feature built in for timed restarts. A programmatic restart with an HTTP request should be quite easy as well, as the restart function is available through the admin GUI.
https://github.com/danielrussellLA/restart-linksys-EA2700-router you can try using a nightwatch bot similar to this one to programatically restart your router through its browser ui. This works well if your router does not have a command line interface that you can access (through telnet, ssh etc). It's pretty hacky, but it gets the job done.