I've some fishy application that makes HTTP requests to a website, i would like to intersect that request and send other data to the server. Is that possible in C#,java or C++?
EDIT: The application isn't mine, i just know the endpoint that it sends http requests
Fiddler might provide the functionality you need. At the very least it may enable you to see what is being sent to the web site.
in Java You can intercept request from Filter
You may want to look into using an HttpModule, whose purpose is to intercept incoming HTTP requests.
The ASP Column: HTTP Modules
Firstly are you aware of how it is connecting to the internet? For example, is it using the settings from Internet Explorer, or is it establishing a direct connection? If the latter, this may be tricky, there is no direct port forwarding as there in Linux, so you'll need some third-party tools to redirect the traffic to a server (which you can write in Java, C++ or C#, I would go for C# if you know it for pure speed of development) In that server you can intercept the request, and then create your own to actually send to the real destination.
Sounds like a cludge, but I think you're stuck with this approach due to the lack of direct port forwarding. You'll have to configure the third-party tool that you use to forward someother well known port to 80, and your server should write to this.
Related
First of all, my apologies for the most likely inappropriate wording of the question. Not knowing exactly how to describe the problem I need to solve has been a major roadblock in my attempts to solve it.
I currently have a web server (Laravel) that needs to communicate with a SQL server in a different network, which only permits outgoing traffic. I made it work by having a C# daemon, running inside the SQL server's network, poll it for data and send it to the server through HTTP POST requests.
However, I now need the web server to communicate with the daemon. Something as simple as:
someone looks up a username on the web server
the server requests the daemon to look it up on the database
the daemon returns whatever information it found to the web server.
What I'm struggling with is finding the best way to do this.
All I need is for the server to be able to push requests to the daemon in real time. The daemon can reply through HTTP POST requests to the server, just like it is doing already. The best potential solution I have found is WebSockets, but it also sound like it might be overkill.
Am I missing something or are WebSockets indeed the way to go?
Guzzle is what I use to make HTTP requests to external APIs in Laravel.
Websockets are mostly used when the user has no control over the responses, for example, a chat window. But if you need to, for example, click a button and wait for the response Guzzle is enough.
I want all web traffic (HTTP, HTTPS and DNS - Are there any others?) goes through a local application and goes to a server application and from there goes to internet. How can I do this?
I have wrote an Async TCP server and I know socket Async programming in C# using SocketAsyncEventArgs (I am not a master with just one project but I think I can understand some basics).
The only way to do this is to write a Windows network driver - you cannot do this from userland. This is how VPNs work.
There are userland tunnels you can develop that tunnel a single connection, but they require the user to configure their applications to use it first, so you cannot unilaterally redirect all network activity.
From your question, I'm guessing you're not too familiar with Winsock internals or writing kernel network drivers, so for now I'm going to say I think this is a take above your level of competence right now.
However if you'll settle for a bit of an impure approach, you can implement a SOCKS proxy easily enough, but this requires configuring browsers to use your proxy server - at least this way you'll tunnel HTTP and HTTPS, however I'm uncertain about whether or not browsers use SOCKS servers for DNS or if they use the OS-provided DNS functionality.
Like #Dai suggested, use a SOCKS proxy. It operates above the transport layer, therefore a SOCKS server can be configured to serve any application protocol operating on typical TCP/UDP.
This is exactly what TOR does to mask all traffic, not just HTTP.
I want to add some security to a client(iPhone) - server(c#) application I'm working on, mainly to encrypt messages sent between client and server.
I know i should use SSL but not really sure what the steps i need to do in both client and server to implement it.
Can someone please give me some guidance?
I don't use HTTP protocol, i use my own textual protocol, but any way with HTTP or my own protocol how do i add ssl support? i know that in c# there is SSLStream instead of regular Stream. And on ios there is some stream settings i need to configure, i just don't know how to do it.
Host the application using SSL in IIS, then use HTTPS as the service point. [edit] Don't forget you'll need a cert.
Take the easy approach, which is allowed to go on the App Store without having to go through all the encryption law stuff. Simply use a HTTP server and a client.
C# runs the HTTP server (maybe use IIS to handle that? Maybe C# has its own software for that) and the iPhone simply uses NSURLRequest.
Easy to implement and safe, since you'll benefit from patches from Apple and Microsoft.
Update for the updated question: I did some quick research and this kept popping up: kCFStreamPropertySSLSettings - maybe it helps you. It's apparently something for NSStream that allows it to create SSL connections, or something. I'm afraid I can't help you more than that.
I want to check which web sites is open in browsers ( IE, Firefox, Chrome ) to write a program in C# which can block web site which is in list of forbidden web site. Is there some API of browsers?
The better solution can be to write a TCP/IP filter, like most firewalls do.
UPD: this topic can be relevant: How do I hook the TCP stack in Windows to sniff and modify packets?
There is no generic "browser API" that allows access to this kind of information across all browsers.
I'm pretty sure the idea of doing this by accessing the browsers is doomed from the start. It is going to be almost impossible to implement, require frequent updates, and always extremely easy to circumvent (there are dozens and dozens of browsers that your program will not know.).
The only reliable way is to filter traffic on network level. I would recommend looking into using an existing proxy server or TCP filtering program. There are several Open Source ones that I'm sure you can use as a basis to rewrite or hook into.
The easier solution is to write an http listener that logs the requests.
Fiddler2 is one of these, you can check it out. it logs all incomming and outcomming http content.
I'm working with asp.net MVC. Now I don't know how to send data form a server (using asp.net ) to another server using (win32 console command line). Plz help me.
P/S: Is there any security hole in this method.
Well generally the case is that most ports today are blocked behind firewalls so setting something like that up with winsock, is outdated. If you are tring to connect two servers there are many options, You could look into the System.Web.WebClient,System.Net.HttpWebRequest,Microsoft's Sync Framework, Rhino queues but heres the run down on the first two.
In short, HttpWebRequest gives you more fine grained control over your
request. WebClient does not. It encapsulates most of the stuff for you.
WebClient is very useful if you want to do specialized, one-off tasks, eg:
download file, do forms post etc.
HttpWebRequest is useful if you want to do more complicated stuff.
The WebClient is especically simplified, we can use it's DownloadData,
DownLoadFile to retreive file/stream from remote webserver. Here are some
tech articles and resources describing using webclient or webrequest:
Hosting WCF services, WebClient
here
and webrequest here.
You have two servers trying to communicate. If you are going to use IP (I am assuming you will since you mentioned Winsock) you must choose between these two protocols:
TCP
UDP
Once you've decided which one to use, you can write a server process (the console application) that listen to a specific port (TCP or UDP port depending on what you've chosen) that will serve your client process (the ASP.NET application).
If you use TCP/IP, you use sockets to communicate. If you use UDP/IP, you will send and receive independent packets.
Here is a TCP/IP client/server code sample in C# you can use. You will wrap and run the client portion of this example is a class you can access within ASP.NET MVC.
Here is a UDP/IP server code sample in C#.
Regarding your question of the security of this approach, the question does not provide enough information to answer it properly. You will need to provide more information.