Get application name from session in Fiddler - windows

I need detect application name, that communicate from internet.
Is it possible detecting application from catched communication?

If you're actually asking about Fiddler (which runs locally on your PC), the originating Process Name is shown in a column and is available via the LocalProcess property of the Session.

Related

RPC authenthification explained with windows api

I would like to make a IPC between two processes using Windows RPC. Please explain me like I am five how my application should achieve good security. I want to use ncalrpc protocol (processes on the same computer). More exactly:
How my client application knows that the server is trusty?
How my server know if the callee is the trusted one?
What options do I have? I didn't get RpcBindingSetAuthInfo function.
Thanks
For a local connection having the client authenticate the server is fairly hard (for example confirming that some other service did not start in place of the desired program) but having the server identify the client is not, call RpcBindingInqAuthClient and use the username to determine what action to take, or just use RpcImpersonateClient if you can rely on existing secured objects. Most of the RPC security apparatus is for remote connections rather than ncalrpc.

Calling an embedded XPCService from external App

I have two independent applications (cocoa), one main, the other slave.
The main application application is embedding a XPCService, which is correctly launched when the application is opened. No problems so far for connecting and exchanging data with that service (I also see this XPCService in the Activity Monitor).
But I want the other slave application to connect and send data to that XPC Service (and then to the main first application) after it has been launched by the main one.
Using NSXPCConnection (with initWithMachServiceName), and the correct Service bundle identifier doesn't work: no NewConnection delegate is called so the slave application never reach the service.
What am I missing ? Is what I want is possible with NSXPCConnection ?
Is it because I need the XPCService (within plist) to be shared in some way ? In that case what should I do ?
I can't find any information about this sort connection !
Thanks a lot for your help !
"I have two independent applications "
As stated in Apple's Documentation for XPC:
an XPC service is private, and is available only to the main application that contains it.
For security, an application that contains an XPC helper app gets signed to ensure that only the main application is allowed to call up on its helper.
However, it should be noted that the documentation also states
A connection is a virtual endpoint; it is independent of whether an actual instance of the service binary is running. The service binary is launched on demand.
A connection can also be sent as a piece of data in an XPC message. Thus, you can pass a connection through XPC to allow one service to communicate with another service (for example).
Though I've not seen this in practice, it does imply that you may be able to initiate the connection from the main application to the XPC helper and send this connection to your 'slave' app.

931107 - configuring squid

i'm too beginner in squid. i want a way to remain anonymous over the net. i also want to be able to access the contents of the internet which are filtered. my Windows computer is beyond firewall (filtered). my server (CentOS 5) is not. for example, when i enter http://facebook.com in the browser url, it redirects to an intranet ip which tells me to avoid going to this site!
now i've installed squid on server and traffic is propagated through this server. but this redirection occurs. so still i can't open filtered sites.
what can i do? a friend of mine told that the only way is to use https. ie. the connection between browser (Firefox) and the server must use this protocol. is it right? and how can i do that?
what's your suggestion? i don't want necessarily to use squid. besides, https protocol gets banned or decreased in speed in my country sometimes. so i prefer the protocol remain http. i thought also about writing a code in client and server to transform, compress/decompress and packetize as hoax binary http packets to be sent as much speed and success as possible. but i'm not an expert in this context and now i prefer more straightforward ways.
i respect any help/info.
I assume you are located in Iran. I would suggest using TOR if you mainly access websites. The latest release works reasonably well in Iran. It also includes an option to obfuscate traffic so it is not easily detectable that you are using TOR.
See also this question: https://tor.stackexchange.com/questions/1639/using-tor-in-iran-for-the-first-time-user-guide
A easy way to get the TOR package is using the autoresponder: https://www.torproject.org/projects/gettor.html
In case the website is blocked, it works as follows:
Users can communicate with GetTor robot by sending messages via email.
Currently, the best known GetTor email address is gettor#torproject.org.
This should be the most current stable GetTor robot as
it is operated by Tor Project.
To ask for Tor Browser a user should send an email to GetTor robot
with one of the following options in the message body:
windows: If the user needs Tor Browser for Windows.
linux: If the user needs Tor Browser for Linux.
osx: If the user needs Tor Browser for Mac OSX.

Disconnecting a browser tab (testing what happens when the user connection breaks)

I'm looking for a way to force a connection break (a way to disconnect) a browser tab.
What I'm trying to do is to test my site, where I open a websocket to the server from the browser, and then emulate a disconnection, but just on that browser tab (or even just on the browser), because I need my connection to check what happens on the server in that precise instant.
I was looking for a chrome extension to do so, but I don't find any. But any way to accomplish that would be fine.
My client OS is MacOSX 10.5
In Chrome, use Menu | Tools | Task Manager to see a list of tabs. You can kill a tab in the middle of a page load from there.
You could just kill the browser process. In that case the browser wouldn't be able to close the connection gracefully. It would pretty much look like a severed network connection to the server.
See this question on superuser.com for how to kill a process on MacOS.
An even more realistic test would be to set up a virtual machine, run the client there (or the server), and then interrupt the virtual network connection.
Another option would be to set up a local proxy server (note that few proxy servers already support WebSockets), connect to the server through this proxy, and then simulate an interrupted connection by killing the proxy. That way you could observer both the servers and the clients reaction to the event.
In chrome now there's an "offline" option, under the Network tab from the DevTools, but if you are looking for a websocket disconnection, like myself, you must be aware of this:
https://bugs.chromium.org/p/chromium/issues/detail?id=423246

How can I detect another instance of the same Win32 application running on another workstation?

I have a small application, which is free for personal use, but requires a paid license for corporate use.
It is most likely that in a corporate environment my application will run on multiple workstations. If it is the freeware version, I want to show an unobtrusive message. (and continue)
It doesn't have to be bulletproof, if it is not possible (i.e. firewall) then the application should just continue. And I don't want to make the user set up some kind of central service to track the instances. I don't want to annoy my users (especially not the paying ones *g*)
Is there any way to achive this kind of functionality?
I remember an older version of Dreamweaver had this kind of feature. You couldn't run it more than once in the same network.
One way: Listen for UDP broadcast on specific ports. Let each instance send broadcast UDP packet on this port to local network. If application receives such packet, and recognizes its structure, it knows that other instance is running.
You can include license details to avoid messages if two valid licenses are used.
Broadcasts usually aren't routed, so this works on local network only. (And user can disable it completely via firewall too... but if you will use some standard port like 53 (DNS), it won't be blocked).
Other way is to use custom server, which is informed about all running instances around the world ;-)
There are two primary ways to achieve this:
First, you can set up a small server application on each workstation that communicates with other workstations on the network (personally I would use Bonjour for discovery, but there are other options). The drawback here is that you're going to write quite a bit more code to make this work than option #2.
Second (probably simpler) would be to use WMI to enumerate processes on other workstations (again, probably use a Bonjour-like system for discovery), and find your process running on other machines. The drawback to this is that your enumeration code will require privileges on all machines to conduct the search.
When the application starts, it sends out a UDP broadcast on a specific port. This will be restricted to the local subnet, and might not make it through firewalls. This is the "is anyone else running, or can I start?" query.
If there are no responses, the application starts as normal, listening for this UDP broadcast. If it sees one, it responds with an "I'm already running; you can't start" packet.
The application that's just started receives this response packet and then refuses to start or (if you don't want to be that strict) displays a warning to the user.
You'd want to include the product ID and license key (or a hash) in the initial request, so that you can have more than one license on the same network. The response probably wants the machine name in it, so that the second user can go and find the first user and ask if they really need to use the application.
Evil corporation solution:
Have the application call home every time it starts. If more than one application for a license wakes up, tell it not to. If there is no internet connection, don't start at all.

Resources