Enforce using HTTP proxy globally - windows

We have a task here - to redirect all http traffic from all applications running on computers running Win7 and Win8 to some proxy. So the only thing comes to my mind is to use WFP callout driver to inspect outgoing packets and modify them accordingly. So question is this - is it the only way to enforce using HTTP proxy globally for all applications running on Windows computer?
thanks.

Related

Can we record desktop applications using JMeter

Could some one please help me on the below
Is it possible to record desktop applications using JMeter?
I just tried the following, but didn't work
File--->Template--->Create
Workbench--->Recording Script-->Start
Launched my application which is desktop and perform some actions
Workbench--->Recording Script-->Stop
When I expand Threadgroup--->Recording Controller-Nothing recorded
Where am I missing?
You miss one important step:
configure your desktop application to use proxy and provide host and port where JMeter is running (localhost and 8888 if they live on the same machine
Also be aware that:
JMeter can record only HTTP or HTTPS traffic, if your application uses other protocol - the calls will not be recorded. In that case you can consider The Grinder as an alternative, it comes with TCPProxy which is more low level therefore is cable to capture more protocols
If your application uses HTTPS protocol you will need an SSL certificate in order to decrypt and record the requests, you can configure your application to use JMeter's certificate or vice versa.
On MS Windows you may need to add a Loopback Adapter
See How to Run Performance Tests of Desktop Applications Using JMeter article for more details on simulating multiple desktop applications using JMeter
As help explains:
The recorder is implemented as an HTTP(S) proxy server. You need to set up your browser use the proxy for all HTTP and HTTPS requests.
Technically browser is also a desktop application, so to answer your first question, yes, you can record desktop applications using JMeter. However, just like browser, your desktop application must have an ability to connect to the internet via user-defined proxy. And also recorder will only record HTTP traffic from and to the application, it will not record client-only UI events, or traffic generated by any other protocols.
So to sum up:
Any desktop application can use JMeter recorder
But only if you can configure it to use JMeter recorder as a proxy
And only if your goal is to record HTTP traffic related to your desktop application, nothing else.

Disable websockets on windows

I am working a project that involves a java client interacting with a socket.io based server over websockets. In order to test fallback from websockets to xhr-polling i need to simulate a websocket blocking on my windows host.
How can this be done ?
It is not trivial to disable websocket in Windows firewall. Disabling this protocol in browser is not a way - in case you want to test fallback when websocket supported by browser but blocked by firewall, antivirus, domain policy rules, ...
I've simulated this behaviour by running nodejs server with grunt-connect-proxy. By default it blocks ws:// protocol but you can easy enable it using
option.ws = true

SIP over websockets to true SIP

I'm trying to implement a sip server for connecting to from an HTML sip client(made using sipml5). During my research into doing this I've come across sip over web-sockets which might be useful to me, however, I am unsure if a user agent connecting through sip over web-sockets to a compatible server would then be able to successfully make a call to some one using an incompatible server(i.e. calling from SIP over web-sockets to true SIP).
I know webrtc2sip can be used for connecting to legacy networks but I would rather avoid using another proxy if at all possible. So, is it possible to connect to a compatible SIP server using SIP over web-sockets then make a call from this user agent to another that does not support SIP over web-sockets without using a gateway?
You are right, SIP over Websockets is a draft, not specification. And I do not know many SIP vendors who support this draft.
Possible solution is truly websocket-SIP gateway. For example Flashphoner Web Call Server is implemented as a gateway which works through websockets with browser and works via SIP(TCP and UDP) with SIP servers. Therefore it is compatible with any server that supports RFC3261 - standard SIP specification.
Brief signaling scheme is:
Browser - [Websockets] - Web Call Server - [SIP TCP, UDP] - any SIP Server
Brief streaming scheme:
Browser - [WebRTC = SRTP, DTLS, ICE, STUN ] - Web Call Server - [RTP UDP] - any SIP/RTP Server
An alternate way is to use kamailio as it understands both sip and ws sip .
when you say "implementing a sip server " is it a simple registrar or proxy server or you want cal control logic / presence other features ?
In all cases kamailio fulfills all requirements , plus it is opensource .
Mobicents SIP Servlets Example already provides a B2BUA Application taking care of that for you. The Media is peer to peer (or through a TURN Relay Server) but if you need to bridge to a Media Server, you can indeed patch the SDP Body to make the media of each party go through the Media Server (pending it supports Media related codecs from WebRTC, DTLS-SRTP etc) to add conferencing, recording type of capabilities.

operate in internet gateway mode to relay data - windows

I want to write a general solution to relay data that comes from different application protocols to a proxy (socks and or/http) in order to do web filtering. Are there any open source projects for windows that do that ?
Check out cntlm. Here's the link:
http://cntlm.sourceforge.net/
It's main selling point is that it does NTLM authentication, but it also works well as a general-purpose proxy. It also has a gateway mode that allows it to proxy network traffic to another proxy server.

How to build local web proxy without configuring the browsers

How does Netnanny or k9 Web Protection setup web proxy without configuring the browsers?
How can it be done?
Using WinSock directly, or at the NDIS or hardware driver level, and
then filter at those levels, just like any firewalls soft does. NDIS being the easy way.
Download this ISO image: http://www.microsoft.com/downloads/en/confirmation.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff
it has bunch of samples and tools to help you build what you want.
After you mount or burn it on CD and install it go to this folder:
c:\WinDDK\7600.16385.1\src\network\ndis\
I think what you need is a transparent proxy that support WCCP.
Take a look at squid-cache FAQ page
And the Wikipedia entry for WCCP
With that setup you just need to do some firewall configuration and all your web traffic will be handled by the transparent proxy. And no setup will be needed on your browser.
netnanny is not a proxy. It is tied to the host machine and browser (and possibly other applications as well. It then filters all incoming and outgoing "content" from the machine/application.
Essentially Netnanny is a content-control system as against destination-control system (proxy).
Easiest way to divert all traffic to a certain site to some other address is by changing hosts file on local host
You might want to have a look at the explanation here: http://www.fiddlertool.com/fiddler/help/hookup.asp
This is how Fiddler2 achieves inserting a proxy in between most apps and the internet without modifying the apps (although lots of explanation of how-to failing the default setup). This does not answer how NetNanny/K9 etc work though, as noted above they do a little more and may be a little more intrusive.
I believe you search for BrowserHelperObjects. These little gizmos capture ALL browser communication, and as such can either remote ads from the HTML (good gizmo), or redirect every second click to a spam site (bad gizmo), or just capture every URL you type and send it home like all the WebToolBars do.
What you want to do is route all outgoing http(s) requests from your lan through a reverse proxy (like squid). This is the setup for a transparent web proxy.
There are different ways to do this, although I've only ever set it up OpenBSD and Linux; and using Squid as the reverse proxy.
At a high level you have a firewall with rules to send all externally bound http traffic to a local squid server. The Squid server is configured to:
accept all http requests
forward the requests on to the real external hosts
cache the reply
forward the reply back to the requestor on the local lan
You can then add more granular rules in Squid to control access to websites, filter content, etc.
I pretty sure you can also get this functionality in different networking gear. I bet F5 has some products that do some or all of what I described, and probably Cisco as well. There is probably other proxies out there besides Squid that you can use too.
PS. I have no idea if this is how K9 Web Protection or NetNanny works.
Squid could provide an intercept proxy for HTTP and HTTPs ports, without configuring the browsers and it also supports WCCP.

Resources