I am using Karate to tests some APIs.
I created a script which loops over a set of urls to be tested, but for some of them I need to pass through a proxy of which I have only the ip address.
I saw that in Karate there is the possibility to set up some proxy configuration, but I found guides in which it is used the normal https address.
Does someone know if it is possible to configure the proxy using the ip address?
Thanks a lot in advance
Related
Can you tell me how can I configure the proxy while using #BotDeclaration from express-msteams-host?
Basically, my server's network traffic must be routed via a proxy URL because I have a URL whitelisting in place. I'm just looking for a similar option while using this package.
Something like this: https://github.com/microsoftgraph/msgraph-sdk-javascript/blob/dev/src/IClientOptions.ts#L29 (I'm using this for Microsoft Graph API)
express-msteams-host internally trying to reach https://login.botframework.com and that is where the issue is. My server is inside a corporate network and without specifying a proxy option the package can not connect to https://login.botframework.com
Any help is appreciated.
Thank You.
I am trying to build a new DNS, which will act as a proxy for certain domain names and uses a public DNS as upstream.
My understanding of DNS:
Client asks DNS (x.x.x.x) about example.com
DNS will look up inside its zones (or parent and root) and find example.com can be found at i.i.i.i
DNS will send i.i.i.i to the client.
Now, client asks the ip address of restricted.test and DNS server knows it is a restricted website, so instead of giving the direct ip to the website, it gives it's own proxy address p.p.p.p to the client.
Please correct me if I'm wrong till now, but when the client tries to connect to p.p.p.p how the proxy server knows which website the client wants to go in?
I really want to know how these work under the hood
Thanks in advance.
This mechanism you are asking about is the Proxy Auto-Configuration (PAC) file.
Read more about it here :
https://developer.mozilla.org/en-US/docs/Web/HTTP/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_file
And here :
https://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_explained.aspx
Essentially in corporate networks, a PAC file is pushed out to every computer, and browser settings are also configured to enable the PAC file. But it can also be done manually. Just check your browser proxy settings to see the location of the PAC file it is pointed to.
How does JMeter determine what subnet it is on ?? I don't see a subnetMask property in the jmeter property file.
My client is on x.y.76.54, my server is on x.y.77.75. The subnet mask is 255.255.254.0
Technically, these two IPs are on the same subnet. I am seeing a "connection refused" response from the Server. Firewalls are off. Should JMeter be able to handle the ip's as provided above ?
JMeter relies on your operating system network settings, given both hosts are able to "see" each other - JMeter will be able to do this as well.
Your setup assumes hosts from x.y.76.1 to x.y.77.254 so it's a valid use case, you can double check it using i.e. Online IP Subnet Calculator
It's hard to say what exactly is wrong without seeing how you're launching JMeter master and slave and log files for both, RMI properties like client.rmi.localport, server.rmi.localport, java.rmi.server.hostname property, etc.
It might also be the case JMeter is trying to use IPv6 addresses so it might worth trying setting java.net.preferIPv4Stack property to true
See How to Perform Distributed Testing in JMeter article for more details and if you will be still experiencing problems consider providing more information on the above points.
Can anyone help me setup web polygraph for testing an HTTPS servers via proxy servers in middle
linux machine:192.168.21.7
proxy server :192.168.21.9
https server : 192.168.21.11
This link contains the needed information:
http://www.web-polygraph.org/docs/userman/simple.html
Basically polygraph has couple files which are bundled with it and use for testing.
The manual I gave you give example that uses polysrv but on different distributions you will probably have different names for the tool(on ubuntu it's polygraph-server and polygraph-client)
You need to set the listening service ip+port outgoing "robot" ip and then start it using command line.
For https setup we will configure our pg file on server and client with SslWrap module.
Details of same can be found in http://www.web-polygraph.org/docs/reference/models/ssl.html
Okay, so we implement Recaptcha in production. We get errors because it can't reach the IP address it needs to use the service. We open a port for the IP address to reach Google. No problem. We do that and configure that IP address explicitly to work. It works great. Then, the next day, we start getting errors again because Recaptcha is using a different IP address. I can allow requests from that IP address, too, but now I'm unsettled. Where are these addresses coming from? How do I configure this to work reliably?
Recatpcha from Google can use any Google IP address and there are lots of them.
Ran this from Windows:
_netblocks.google.com text =
nslookup -type=TXT _netblocks.google.com
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
That's all the network Google uses currently. These can change so check them often.
Google suggest allowing port 80 to all IPs outbound, this highly insecure. They recommend going through a proxy server but again that is highly insecure if your web server is an DMZ. Proxy aware trojans do exist. All that need to be done is exploit a vulnerability to execute arbitrary code and you can create reverse connection on port 80 through a proxy server to download the payload. Then it is trivial to escalate privileges and own the box. I don't mean just Windows servers but Linux as well. I've done it in lab environment on security was on. It's really easy to do.
This is the Google website I got this from:
http://code.google.com/p/recaptcha/wiki/FirewallsAndRecaptcha
I wanted to append to this answer with more recent information. The documentation that Chris is pointing to does not include all of the TXT records necessary to dig (thanks Google):
_netblocks2.google.com (IPv6 subnets)
_netblocks3.google.com (Additional IPv4 subnets)
In my particular case, the _netblocks3 entry contained 2 large /19's that made my initial rule ineffective
(I found additional references here: https://support.google.com/a/answer/60764?hl=en)
Perhaps you should be using a hostname rather than IP