I am currently building a project to build an electron app that intercepts all network traffic and proxies it through another server. The problem is, I can't find any resources to achieve this.
**I don't want to just route electron app traffic through a proxy. I want the app to make changes to add a proxy setting in the underlying OS. **
I tried to use the protocol.interceptHttpProtocol
protocol.interceptHttpProtocol(scheme, handler)
scheme string
handler Function
request ProtocolRequest
callback Function
response ProtocolResponse
Returns boolean - Whether the protocol was successfully intercepted
Intercepts scheme protocol and uses handler as the protocol's new handler which sends a new HTTP request as a response.
but this just does the interception for just the electron app and doesn't intercept all network traffic going through the system.
Is it possible to intercept all network traffic going through the system ?
Related
I've set up my Iphone to intercept traffic using burp. Im able to intercept traffic for web browser requests and non xamarin applications. However im not able to intercept xamarin applications traffic. However the application is working fine sending and receiving traffic but burp is not intercepting the request. Can anyone tell me how this is possible. Is it because burp is not able to see the traffic or xamarin application is not connecting via proxy? Also how to intercept traffic for xamarin applications.
I've been looking at Apple's WWWDC 2015 Session 711: "Networking with NSURLSession". Towards the end, the speaker mentions URLSessionStreamTask, which can be used for direct socket I/O. And he mentions how a (HTTP) proxy connection can be transitioned to a stream-task.
A slide contains:
NSURLSessionStreamTask
DataTask conversion
NSURLSessionDataTask may be converted to a stream task
• Use NSURLSession to get through HTTP proxies
Conversion can occur when response is received
And the next slide has partial sample code:
func URLSession(session: NSURLSession, dataTask: NSURLSessionDataTask,
didReceiveResponse response: NSURLResponse,
completionHandler: (NSURLSessionResponseDisposition) -> Void) {
completionHandler(.BecomeStream)
}
func URLSession(session: NSURLSession, dataTask: NSURLSessionDataTask,
didBecomeStreamTask streamTask: NSURLSessionStreamTask) {
}
I want to know how to create the proxy connection in the first place. And using the data from the "System Preferences" : Network : Advanced : Proxies panel if possible. (Not just the "HTTP" proxy, but any of the other 4 with the same format.)
And since they usually use HTTP instead of HTTPS, do such connections trigger ATS (App Transport Security)?
What they're talking about is support for the WebSocket protocol, which allows you to open a connection to a web server, then upgrade that connection to a web socket, thus allowing you to communicate directly with whatever script or CGI program is on the other end without having to conform to the traditional request-response style.
What I think they were trying to say was that if you are sending HTTP (ick) requests via a proxy that actually supports WebSocket communications, iOS knows how to ask the proxies to upgrade the connection properly. This same upgrade mechanism is often used for making an HTTPS request through an HTTP proxy, where supported, and if you make an HTTPS connection, the subsequent WebSockets upgrade should work in spite of the proxy no matter what, because the proxy is already just passing bits back and forth by that point.
In starboard DRM API (src/starboard/drm.h), there seems no flow to handle Widevine device certificate request with provisioning server?
In my starboard DRM module, should I perform "HTTP POST" directly to provisioning server?
Thanks for your reply
Starboard DRM is intended to implement the Encrypted Media Extensions (EME). With EME, the web application requests a license from the Content Decryption Module (CDM) and sends it to the server. It then passes the response back down into the CDM. In this case, the SbDrm implementation represents the CDM.
So, the SbDrm implementation should not make any network requests to the license server. The web app should make those requests on behalf of the CDM.
I want to run a simple webserver in Go doing some basic authorisation and routing to multiple apps.
Is it possible to have the webserver running as a standalone executable and pass the response writer and http request to other executables?
The idea is that the app binaries can hopefully be compiled and deployed independently of the webserver.
Memory areas of running applications are isolated: a process cannot just read or write another application's memory (Wikipedia: Process isolation).
So just passing the response writer and the http request is not so easy. And even if you would implement it (e.g. serializing them into binary or text data, sending/passing them over somehow, and reconstructing them on the other side) serving an HTTP request in the background is more than just interacting with the ResponseWriter and Request objects: it involves reading from and writing to the underlying TCP connection... so you would also have to "pass" the TCP connection or create a bridge between the real HTTP client and the application you forward to.
Another option would be to send a redirect back to the client (HTTP 3xx status codes) after doing the authentication and routing logic. With this solution you could have authentication and certain routing logic implemented in your app, but you would lose further routing possibilities because further request would go directly to the designated host.
Essentially what you try to create is the functionality of a proxy server which have plenty of implementations out there. Given the complexity of a good proxy server, it should not be feasible to reproduce one.
I suggest to either utilize an existing proxy server or "refactor" your architecture to avoid this kind of segmentation.
What does it mean when an application calls another application via 2 way SSL.
Does it mean that an external application calls another application via https and also receives a https response.
Similarly if it was one way SSL, does it mean it sends a https request but the response will be http.