proxying through corporate firewall - proxy

I'm trying to get some protocols work through my company's firewall. Until now I have been succesfull in masking either http or https data by setting a http proxy on localhost and one on a remote server I own. The communication is done via $_POSTed and received modified .bmp files that contain a header and the encripted serialised request array.
This works fine, but there are a few drawbacks that make me think I might have taken a wrong approach.
Firstly I do not use apache's mod-proxy. instead I just created a local subdomain (proxy.localhost) and use that in browser's proxy settings. the subdomain's index.php does all the work. This creates some problems. I cannot use http and https simultaneously or the server will complain of using either "http on a https enabled port" or "incoresc ssl response length".
The second problem is, well, other protocols. I could make use of some ftp, sftp, remote deskoptop, ssh, nust name another... I need it
there are 2 solutions I can think of: First is if I run a php script in CLI so that it listens on a predefined port and handles the requests differently, or some sort of ssh tunnel. Problem is I haven't had any success with freeSSHd and putty because of my ignorance.
Thanks in advance for any advice.

I used the free version of bitvise SSH Client and server and it seems to work just fine.

Related

WeeChat/irc - Tor Proxy

I dont think this is a very hard to solve problem, never the less I didnt find anything about it online. I am pretty new to irc/weechat and obviously dont want to leak my ip whenever i join a room. So I want to use a proxy, specifically tor. The thing is, everything I've tried didnt work out.
For clarity, I now my proxy does work, I tested it on firefox.
The things I did to connect an irc server to my proxy where the following:
add tor proxy (no username or password):
/proxy add torproxy socks5 <ip-address> 9050
set proxy on server:
/set irc.server.<server_name>.proxy torproxy
then just connect:
/connect <server_name>
and its always the same output:
irc: disconnecting from server
irc: reconnecting to server in 10 seconds
and after 10 seconds, the exact same output, but with 20 seconds, and the number just goes up
some parameters you might want to consider is that I dont run the proxy at localhost. Its a server in my lan, but i tested it on other computers and the proxy does work, so thats not the problem. Also I want to configure the proxy directly in weechat, and not use some system wide setting or something.
Thanks for your help!
You may need to disable SSL verification.
/set irc.server.<server_name>.ssl_verify off
Another factor to consider is that the server might not accept connections from tor. If the network has multiple servers, try connecting to a different one.

Can I change the current network interface in Windows CMD?

In my current setup I have two interfaces, one is my normal connection and the other for my VPN, which is the default interface.
My VPN isn't nearly as fast as my connection so for some heavier load I use my normal connection. The problem I am having is that I want to send files to Google Drive by using their api via CMD, but googleapis.com simply resolves to too many IP's to route them all. Currently I am solving this issue by connecting through a proxy so I only have to route that proxy to my normal interface.
What I would rather do is just set the interface of my normal connection to the CMD session like I do with the proxy. I have tried playing around with netsh but so far with no success.
Does anyone have an idea on how to solve this problem?
It isn;t that your VPN is your "Default Interface" it's that it has a Lower Route Metric for Traffic because whoever set it up made it so that all traffic routes t the VPN instead of only internal traffic.
If this is intentional, and you don;t want to change it then your only real option is to use a Proxy as you need to be able to sniff the packet headers to match the API URL, and it's it's HTTPS traffic, that is encrypted, and only passing through a proxy will be able to get around that.

Changing web to https

I am trying to change my site to https (port 443). Everything works correctly except for one thing, on my site i'm using a service call Yawcam which allows to stream a webcam (I'm using port 8081 to that end).
It is working when I use for my Apache server port 80 (http://myip:8081), but when using port 443 it doesn't respond (https://myip:8081).
All ports mentioned are opened to Public (80,443,8081) through my Windows Server firewall.
I'm out of ideas, do you have any?
This is nothing to do with your firewall, this is to do with the fact that you are using mixed content.
Chances are you are using http:// for the external service and this will be blocked by browsers as they do not like it when you try to load a less secure resource than the loaded page.
Try changing your external content URLs to https:// if possible.
You can see here for a little more info on what you could try: https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content

websocket will not connect from remote server

I have a web page to control a thermostat on a raspberry pi, and I'm running into difficulties when trying to get websockets to work from a remote client. It seems to work fine when on LAN however. I'm obviously missing something (and likely something basic), but I can't seem to figure out what it is.
The pi's local ip is 192.168.1.134. The web page (served from apache server) has the URL http://192.168.1.134:8010/thermostat.html. The page starts up some javascript, which then tries to connect to the pi's main program using websockets via ws://192.168.1.134:9000. (the server on the pi is running libwebsockets). The websocket comes up, and it seems to work fine. I then tried to connect via a remote client (a cell phone, where wifi was turned off) from http:\\23.239.99.99:8010\thermostat.html. The html/js files load fine, but the web socket attempts to connect to uri ws:\\23.239.99.99:9000, and this fials.
As far as I can tell, the NAT seems to be configured properly:
name ext ext protocol int int ip addr interface
port port port port
start end start end
Thermostat3 8010 8010 TCP 8010 8010 192.168.1.134 eth3.1
Thermostat5 8000 8000 TCP/UDP 80 80 192.168.1.134 eth3.1
Thermostat_ws 9000 9000 TCP/UDP 9000 9000 192.168.1.134 eth3.1
I checked, and the router does not have any firewalls set up, neither does my modem. I didn't install a firewall on the pi (I checked, and there's no odd iptables rule). Does anyone know what I'm missing?
--- EDIT ---
I'm still stuck on this. I called my ISP and they assure me there are no firewalls on their servers. Is there any way to tell if port 9000 is being blocked, and by who?
Bind your apache server to 0.0.0.0 address to make it accessible from remote machines
Try this tool to determine if the port is inaccessible (use the custom port): http://www.whatsmyip.org/port-scanner/
Everything else looks fine. As a sanity check I would try putting the ws port to 8010 to see if that works. I would also recommend using a tool like Advanced Web Client to isolate networking issues.
This is interesting. I once had a similar problem. I set up a WebSocket (I was using a nodejs ws) and once I tried to access it from remote client I was not able to reach it with ws://yourip:port but instead I had to use http://yourip:port. I don't know if you have the same problem, mine was due to a proxy I was using.
I still have an advice for you how you might be able to solve your problem. I don't know how concerned you are about security but as far as I understood your idea you basically connect to your raspberry pi through a WebSocket and tell it to change the temperature.
Back when did a similar project I found it rather hard to secure my WebSocket connection. I was basically sending a password plus command through the WebSocket to my server which then checks wether the password is correct. Otherwise everyone on the internet could heat your house. Not cool...
But therefore, I had to tunnel the connection through https to prevent a middleware attack.
I quickly threw the towel and decided to go with a completely different solution. Basically I set up a nodejs express server (can easily be configured with a self signed certificate to use https or used behind a nginx/apache https server) and authenticated with username and password. When someone made a POST request to /api/thermostats?id=0 with a temperature request, the server checks if the user is authenticated and then executes a terminal command from within node.
Maybe this idea also fits your demands.

Node.js: Running example of Chat?

Trying to setup an example for node.js chat on Windows x64.
Command line:
D:\Websites\dev\chat>node server.js
Server at http://127.0.0.1:8001/
Now when server part runs, trying http://dev/chat/index.html
After submitting Name, it gives me "error connecting to server".
Same error message on http://chat.nodejs.org/
Does the thing actually work? =)
Do I need to set up an Apache's mod_proxy to handle /join to port 8001?
Some of the issues are with using http://dev/chat/index.html and also, I suspect, with:
Do I need to set up an Apache's mod_proxy to handle /join to port 8001?
Node's http module is more for creating the server than it is for integrating with other servers like Apache. (It's possible, e.g. iisnode, but not the default.)
While node server.js is running, you should be able to access index.html via either:
http://localhost:8001/
http://127.0.0.1:8001/
Then, /join, /recv, /send, etc. should be able to route through the same origin.
Otherwise, using http://dev/ has 2 problems:
Requests will route based on the current address. For example, /join will request http://dev/join rather than http://127.0.0.1:8001/join, likely resulting in a 404 response. And, even if you modified the client script to specify the origin...
Same-origin policy. Pages requested from http://dev/ cannot make Ajax requests to http://127.0.0.1:8001 without exceptions, which this demo does not have established.

Resources