I need one server to receive ip requests from clients(there are not in the same intranet), and I can
route all the response packets to a special gateway server, and then I send the response packages to
clients after some processing. it is like VPN, but I want to do some development based one
opensource project, so i can control it myself.
any suggestion? thanks!
There is OpenVPN which is as the name already suggests open source.
You could set up the server on the local one as a kind of proxy (or reverse-proxy depending on your viewpoint) and have the clients connect to it.
It depends what protocol you're using, maybe it has explicit proxy capability or you can get an existing proxy program, or just proxy it using a simple socket forwarder program.
Related
I have a device (esp32s2) which is IoT enabled and communicating with AWS server.
The device is connecting to the internet via router. I want to check from the device, if the router is connected to the internet or not. If not connected, I need to disconnect mqtt broker instantly.
I know there is aws_iot_yield happening, but it is taking too much of time to change the client state (~5-10 mins) after disconnection. So, is there is any other way in which I can come to know if the device is connected to the mqtt broker or not using AWS sdk?
I want to avoid using pinging to some address/server as it will increase the usage of resources.
Thanks in advance!
Since the connectivity to the AWS server trough internet depends on the network elements, the only reliable way to know if you are connected to internet is to send a package to a know address and receive the response. Simplest way to do this is to use ICMP (ping) protocol. Usually the most reliable destination to ping is the Google DNS server 8.8.8.8 or 8.8.4.4 which is a cluster service and it's always replying on the ping.
You can control the pause between two pings and how many pings you will send in one session in order to preserve the resources.
Alternative approach is to use a router that can send messages to a monitoring device that the link state was changed (by example SNMP trap). But this is not fully reliable method since the router can not detect all scenarios where the connectivity to your AWS server is lost.
I am implementing a Web proxy (in C), with the end goal of implementing some simple caching and adblocking. Currently, the proxy supports normal HTTP sites, and also supports HTTPS sites by implementing tunneling with HTTP CONNECT. The proxy works great running from localhost and configured with my browser.
Despite all of this, I'll never be able to implement my desired features as long as the proxy can not decrypt HTTPS traffic. The essence of my question is: what general steps do I need to take to be able to decrypt this traffic and implement what I would like? I've been researching this, and there seems to be a good amount of information on existing proxies that are capable of this, such as Squid.
Currently, my server uses select() and keeps all client ids in an fd_set. When a CONNECT request is made, it makes a TCP connection to the specified host, and places the file descriptor of both the client and the host into the fd_set. It also places the tuple of fd's into a list, and the list is scanned whenever more data is ready from select() to see if data is coming from an existing tunnel. The data is then read and forwarded blindly. I am struggling to see how to intercept this data at all, due to the nature of the CONNECT verb requiring opening a simple TCP socket to the desired host, and then "staying out of it" while the client and host set up their own SSL sockets. I am simply asking for the right direction for how I can go about using the proxy as a MITM attacker in order to read and manipulate the data coming in.
As a brief aside, this project is solely for my own use, so no security or advanced functionality is needed. I just need it to work for one browser, and I am happy to get any warnings from the browser if certificate-spoofing is the best approach.
proxy can not decrypt HTTPS traffic
You are trying to mount a man-in-the-middle attack. SSL is designed to prevent that. But - there is a weak point - a list of trusted certificate authorities.
I am simply asking for the right direction for how I can go about using the proxy as a MITM attacker in order to read and manipulate the data coming in.
You can get inspiration from Fiddler. The Fiddler has its own CA certificate (certification authority) and once you add this CA certificate as trusted, then Fiddler generates server certificates for each connection you use on the fly.
It comes with serious security consideration, your browser will trust any site. I've even seen using the Fiddler core inside a malware, so be careful
My question is, how to connect to socket on romote mechine?
I can only connect sockets on same network..
I wrote a simple code (in c), that simulate a server (open socket and listen for client). in Mac.
I'm trying to connect this socket as a client from iPhone (with simple objectiv-c code).
If my internet on both, server and client, is on the same network (WiFi) and in client I trying to connect to 192.168.1.x, it's working.
But when, in client, I'm trying to connect via external IP (with the same port) connection is failed.
I never did this bofore. Maybe I miss somthing.. I've tried to turn my FireWall off. It did not help.
Thanks.
Edit: If it's not clear.. my Mac is connected by router.
In a setting like this, the "external IP" would typically be the IP of the router. In all likelihood you'll need to configure the router to forward the relevant port to the internal IP address.
It could also be the case that for the port forwarding to work, the request has to come in on the external (WAN) interface. This depends on how the router is configured. If that's the case, you'll need to make sure that you're accessing the external IP via the cellular network and not the Wi-Fi connection on your iPhone.
If you're connecting to your server via a local IP address (i.e., you're connecting to another machine on the same local router via a delegated DHCP address), then your issue is on the network, not the IP-stack of the local machine.
You'll need to look into your router settings ... many routers will block a number of services, especially those on custom ports, in order to prevent malicious attacks from sources external to the local network.
I understand how I can use a raw socket to listen to a server application and recieve information but I need an easy to access API and I am very familiar with REST.
Is there a way to push (not by using long pooling) data using a WCF service?
Here's my idea of how things should happen, at least at the begining:
The client accesses a URI with it's access parameters (ip, port, apikey).
The server responses with success/failure.
The server opens a socket for each channel with the client's details.
The server accesses a URI indicating that all channels are now streaming.
But how do I wrap the client or the server socket to access a URI?
Edit:
Maybe I should open a socket that notifies about changes on a channel and on the client side require that it will listen and raise the event accordingly.
This is not a very generic solution isn't it?
You should look into the Net.TCP binding, as described by Tomek (one of the WCF team members) here. You use it more-or-less like you would use the HTTP Duplex binding (i.e., the HTTP Long Poll), but it's much, much faster. It's still more complicated than REST, but it's dramatically easier than sockets, and I don't think you'll find a REST-type solution that does what you need.
I want to implement proxy support (SOCKS5 and HTTP CONNECT method) in my application. There are two parts that needs to be implemented:
Detection of proxy details (protocol, host, port): I am using libproxy for that.
Connecting to the the proxy server and telling it to relay the packets. Get the connected socket and then use it in your application.
Is there library for the #2 part?
You might be able to hack libmicrohttpd into doing what you want without too much effort, at least as far as the user end. I'm not aware of anything that does what you want straight out of the box.
Now there is proxysocket (https://github.com/brechtsanders/proxysocket/) to do exactly that.
Supports SOCKS4, SOCKS5 and HTTP CONNECT.
The result is a normal connected socket so you don't have to rewrite the rest of your application.
libcurl can receive webpage via proxy. You can send raw http header to it, and let it talk to the proxy