I'm currently using CefSharp in an application and trying to load a web page hosted on port 6668 and the web page is unable to load but hosting the web page on a port chromium doesn't consider unsafe works.
List of restricted chrome ports
For chrome there is a command line arg for explicitly allowing unsafe ports
ex: chrome.exe --explicitly-allowed-ports=81,84,87
However I don't see any information that says CEF supports or doesn't support this command line argument or has a way to allow unsafe ports.
I've tried adding the argument before initialization but it still doesn't allow the port. I've also tried putting a "-" or "--" before explicitly-allowed-ports just to test it in the example below but neither work. Not including the preceding -'s seems to be correct from looking at the CefSharp example as well.
var settings = new CefSettings();
settings.CefCommandLineArgs.Add("explicitly-allowed-ports", "6000,6665,6666,6667,6668,6669");
Cef.Initialize(settings);
Is there another way to allow restricted ports for CEF or does CEF just not support this command line arg?
Looks like CEF would need to be patched to make the net::SetExplicitlyAllowedPorts call in the browser process. See https://cs.chromium.org/chromium/src/chrome/browser/ui/startup/startup_browser_creator.cc?l=593&rcl=e756eda1d880f2481c88b1e599963e8f46b8b485 .
Related
We've created a Selenium test project that starts the (ASP.NET) web application and runs a couple of tests using the ChromeDriver. Locally this all runs fine (in headless and non-headless mode).
But on the build server (using an Azure DevOps agent) this fails without ever starting the tests. It looks like it fails when starting the ChromeDriver: the driver starts, but then it's immediately followed by 403 errors. It never gets to the part where it actually loads a webpage.
Any ideas where to look?
Answering my own question to document possible solutions.
After some rigorous investigation (which included using the source code to get to the bottom of things) we found out that the proxy server somehow got in the way. It turned out that the ChromeDriver tries to communicate over a local port (e.g. http://localhost:12345), which was redirected through the proxy server. This failed with a 403 error.
This gave us a lead on possible solutions. First we tried to use the .proxybypass file to exclude localhost addresses. This didn't work -- it turns out that this proxy bypass only works for https requests. And the ChromeDriver control commands are sent over http :-(
We then made sure that no proxy was used in our test code. We did this with the following lines:
var options = new ChromeOptions();
options.AddArgument("--no-sandbox");
options.AddArgument("headless");
options.AddArgument("ignore-certificate-errors");
options.Proxy = new Proxy()
{
Kind = ProxyKind.Direct
};
var driver = new ChromeDriver(options);
In addition to these settings (note that some arguments were added to solve other issues and might not apply to your own situation), we also disabled the proxy for other requests:
WebRequest.DefaultWebProxy = null;
HttpClient.DefaultProxy = new WebProxy()
{
BypassProxyOnLocal = true,
};
This allowed our tests to finally run on the build server without the 403 errors.
One last remark (which might be obvious) is to always run your tests in non-headless mode if you encounter any issues. This allowed us to see the "invalid certificate error" which would otherwise be hidden.
I'm trying to open a serial port in a Universal app following the instructions found in https://ms-iot.github.io/content/en-US/win10/samples/SerialSample.htm
My app has the correct DeviceCapability in Package.appxmanifest and I can enumerate correctly all the devices and all of them are found when calling to:
var selector = SerialDevice.GetDeviceSelector();
var devices = await DeviceInformation.FindAllAsync(selector);
The problem arise when I try to open any of the serial ports. The call to SerialDevice.FromIdAsync always returns null.
var serialPort = await SerialDevice.FromIdAsync(devices[0].Id);
Then, as explained in https://channel9.msdn.com/events/Build/2015/3-81, I try to analyze the problem calling to DeviceAccessInformation.CreateFromDeviceId and the surprise is that this call throws a FileNotFoundException.
The string I'm passing to DeviceAccessInformation.CreateFromDeviceId is:
"\\?\ROOT#UBLOXVCP#0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
but it also throws the exception with:
"\\?\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
both of them throws the FileNotFoundException.
In the Channel 9 video, Arvind Aiyar says something like you can reboke the access to the serial ports with the Privacy configuration of Windows 10, but I can't found anything in relationship with Serial Ports in the Privacy configuration.
To test what's happening I tried to disassembly the DeviceAccessInformation.CreateFromDeviceId method with dotPeek and no way to access to the WinRT part so I decided to call to a different API.
If you search {86e0d1e0-8089-11d0-9ce4-08003e301f73} you'll see that it is the device interface class is defined for COM ports, so I called to:
DeviceAccessInformation.CreateFromDeviceClassId(new Guid("{86e0d1e0-8089-11d0-9ce4-08003e301f73}"));
and this method doesn't throws any exception and returns DeviceAccessStatus.Unspecified
I am using Windows 10 Pro x64 version 1511, compilation 10586.71, Visual Studio 2015 Update 1.
Am I doing something wrong?
Is all about permissions?
I am creating a simple Windows service that hosts a Nancy instance to provide views of its internal data. Everything works as expected when using a browser on the local machine; I see the view that it serves up. However, I cannot find any reason why it will not access from a remote browser (on the same network). Access from a remote browser simply delays a while; IE will eventually display "This page can’t be displayed;" Safari on an iPad shows the partial progress bar for a while and does nothing.
I'm binding using all local IPs, not just localhost.
I am using the GetUriParams() function at this link to discover all local IP addresses for binding. http://www.codeproject.com/Articles/694907/Embed-a-web-server-in-a-windows-service
_nancyHost = new NancyHost(GetUriParams(port));
_nancyHost.Start();
I discovered at this page that binding to localhost works for local access only. http://forums.asp.net/t/1881253.aspx?More+SelfHost+Documentation
The IPs that this function discovers are for Ethernet adapter, Wireless adapter, and two VMware Network adapters from a prior installation of a VMware player. I've tried the remote access both by machine name and by literal IP to the Ethernet adapter.
I added entries to urlacl list.
I have used the netsh http add urlacl command as recommended in many places, including at this link: Remote access to a Nancy Self Host
If I perform netsh http show urlacl, I see the entry for the port I'm using.
I tried different Nancy configs
If I set the Nancy configuration option for UrlReservations.CreateAutomatically, I will get security prompts, which after allowing, I see new entries in netsh http show urlacl list output for all of the local IPs, but it still does not allow remote access. I also tried the RewriteLocalHost option true and false.
I've tried starting Nancy with http://+:3684 or http://*:3684 (which gets parsing exception from Uri()) and with http://0.0.0.0:3684 (which gets exception from AddAllPrefixes() within HttpListener()).
I added the EXE to Windows firewall
I have created firewall exceptions as described here: https://msdn.microsoft.com/en-us/library/ms733768.aspx
The associated rule shows Private,Public and "Any" for every column with both TCP and UDP.
I tried running Nancy in different environments. I've run the code in: the Windows Service running as Local System, a console app within Visual Studio 2013 debugger, and the console app Run As Administrator.
I imagine it's a simple security setting, but I've googled and searched and tried various things for a couple of days now.
What am I missing?
This answer provided the clue I needed.
https://stackoverflow.com/a/21364604/1139376
This is because HttpListener is built on top of http.sys which will listen on the port you specified on behalf of your program.
It wasn't my EXE doing the actual listening. All I needed to do was to add an Incoming rule to the Windows Firewall set for the "System" program and the specific TCP port I'm using. That allowed remote access.
Use the HostConfiguration and let Nancy make the URL reservations automaticaly for you.
var config = new HostConfiguration
{
RewriteLocalhost = true,
UrlReservations = new UrlReservations { CreateAutomatically = true }
};
host = new NancyHost(new Uri("http://localhost:8080"), new DefaultNancyBootstrapper(), config);
host.Start();
Note that this will force ACL to create network rules for new ports if they do not already exist.
Background
I'm writing an web application so I can control an Ubuntu Server from a web site.
One idea I had was to run the 'screen' application from mono and redirect my input and output from there.
Running 'screen' from mono:
ProcessStartInfo info = new ProcessStartInfo("screen", "-m");
info.UseShellExecute = false;
info.RedirectStandardOutput = true;
info.RedirectStandardInput = true;
var p = new Process();
p.StartInfo = info;
p.Start();
var output = p.StandardOutput;
var input = p.StandardInput;
but running 'screen' with the RedirectStandardInput gives out the error:
Must be connected to a terminal
I've tried many different arguments and none seems to work with 'Redirecting Standard Input'
Other ideas for controlling a server will be greatly appreciated
I think this is the typical question in which you're asking how to implement your solution to a problem, instead of asking how to solve your problem. I don't think you should do hacky things like making a web app that tunnels the user actions to the server via a terminal.
I think you can bypass all that and, without writing a single line of code, take advantage of what the platform (Gtk+ in this case) already provides you:
You could run gnome-terminal in the server with the Broadway GDK backend. This way the gnome-terminal app will not run in the server, but open a web server on the port you specify. Later, you can use any WebSockets-enabled browser to control it.
This is the easiest and less hacky solution compared to the other ones offered so far. If you still are excited about using Mono for web development you still can, and you could embed this access in an iFrame or something.
(PS: If you don't want to depend on GTK being installed in the server; you could just use WebSockets in your client part of the webpage to be able to send events from the server to the client, and the library SSHNET to send the user's input directly through the wire.)
screen will need a terminal of some sort. It's also gigantically overkill.
You may wish to investigate the pty program from the Advanced Programming in the Unix Environment book (pty/ in the sources) to provide a pseudo-terminal that you can drive programmatically. (You'd probably run the pty program as-provided and write your driver in Mono if you're so inclined.) (The pty program will make far more sense if studied in conjunction with the book.)
The benefit to using the pty program, or functionality similar to it, is that you'd properly handle programs such as passwd that open("/dev/tty") to prompt the user for a password. If you simply redirect standard IO streams via pipe() and dup2() system calls, you won't have a controlling terminal for the programs that need one. (This is still a lot of useful programs but not enough to be a remote administration tool.)
There may be a Mono interface to the pty(7) system; if so, it may be more natural to use it than to use the C API, but the C API is what does the actual work, so it may be easier to just write directly in the native language.
A different approach to solve the same problem is shellinabox. Also interesting is this page from the anyterm website that compares different products that implement this kind of functionality.
Using shellinabox is very simple:
# ./shellinaboxd -s /:LOGIN
(this is the example given on their website) will start a webserver (on in your case the Ubuntu server). When you point your browser to http://yourserver:4200 you'll see a login screen, just like you would see when opening a session with ssh/putty/telnet/... but in your browser.
You could provide the required remote access functionality to the server's shell by just including an iframe that points to that service in your application's webpage.
I have a php script which i would need the following 3 web browsers to execute it respectively without revealing the respective browser interface to the user.
The 3 web browsers are,
Internet Explorer, Google Chrome, Mozilla Firefox.
I found this C# code snippet but it is documented that it only works for Microsoft Products like Internet Explorer.
ProcessStartInfo PInfo;
Process Pro;
PInfo.CreateNoWindow = true;
PInfo.UseShellExecute = false;
PInfo.WindowStyle = ProcessWindowStyle.Hidden;
Pro = Process.Start(Execute the Php script);
Can anyone advice me how can I hide the browser interface for the other (Google Chrome, Mozilla Firefox) while executing the php script ? Please do give links or code snippets. (Preferably in C#).
PHP is server-side code. A browser is client-side only. This would be impossible without some intermediary code ran on the client's system. This would no doubt be classified as malware.
You can however, try to open up a popup and attempt to hide that popup --but this is unreliable since the client ultimately has the say on how their client behaves. Most browsers already block popups blockers in place for this reason.
Another suggestion might be to be to simply insert an within the webpage with style="visible: hidden" attribute set. This will execute the PHP you seek without the direct knowledge of your client. However, if your primary objective is to hide chrome/ff/ie, I don't think it can be done using white-hat methods.