I have written an application that (amongst other things) runs a local service in windows that acts as a SOCKS v5 proxy for Firefox.
I'm in the debugging phase right now and have found certain websites that don't work correctly. For example the Java Applet for Picture Uploading on Facebook.com fails because is is unable to lookup domains.
My app overrides a hidden FF config setting network.proxy.socks__remote__dns setting it to true. The whole purpose of the app is to allow access to websites when behind a firewall (e.g. if the user is in China), so this setting is essential to ensure domains are resolved remotely also (and not just HTTP requests).
In the JRE6 settings (documented here) there isn't an equivalent setting, and since remote DNS resolution is a feature of SOCKS v5 and not v4 as the documentation seems to imply I'm worried that it's just not possible.
How can I programmatically make sure the JRE uses a SOCKS v5 proxy for all requests (including DNS)?
UPDATE:
Steps to reproduce this problem:
Make sure you are behind a firewall that blocks (or redirects) internet access including DNS
Install PuTTY and add a dynamic SSH tunnel on some port number of your choice (e.g. 9870). Then login to a remote server that has full access to the internet
Launch Firefox and you will not be able to browse the web
In FF network settings set the SOCKS v5 proxy to localhost:9870
In FF go to about:config, change network.proxy.socks__remote__dns to true
You will now be able to browse the web.
Go to facebook.com, login, go to your profile and attempt to use the picture uploader java applet to add some pictures
It will fail with a series of class not found errors looking similar to:
load: class com.facebook.facebookphotouploader5.FacebookPhotoUploader5.class not found.
I believe this is failing because the JRE is unable to resolve the domain that the class resides on. I'm basing this belief on the fact that the documentation (http://java.sun.com/javase/6/docs/technotes/guides/deployment/deployment-guide/properties.html) talks only about SOCKS v4 (which as far as I know does not support remote DNS). My deployment.properties file is located in %APPDATA%\Sun\Java\Deployment. I can confirm that modifications I make in the Java Control Panel get written into that file. If instead of "Use browser setting" the network settings for Java I override and attempt to use the SOCKS proxy settings manually, I still have the issue. There does not seem to be an easy way to force the JRE to do DNS remotely through the Proxy.
UPDATE 2:
Without the SOCKS proxy, from my local client
www.facebook.com resolves to 203.161.230.171
upload.facebook.com resolves to 64.33.88.161
Neither host is reachable (because of the firewall)
If I login to the remote server, I get:
www.facebook.com 69.63.187.17
upload.facebook.com 69.63.178.32
Both these IPs change after a few minutes, as it seems Facebook uses round-robin DNS and other load-balancing.
With the Proxy settings set in Firefox, I can navigate to www.facebook.com without any difficulty (since DNS is being resolved remotely on the Proxy). Whey I go to the page with the Java applet it fails with the stacktrace messages I've already reported.
However if I edit Windows\System32\drivers\etc\hosts, adding the correct IP for upload.facebook.com I can get the applet to load and work correctly (restart of FF is sometimes necessary).
This evidence seems to support my theory that the Java Runtime is not resolving DNS on the Proxy, but instead just routing traffic though it.
My application is for mass-deployment, and needs to work with java applets on other sites (not just facebook). I really need a work-around for this problem.
UPDATE 3
Stacktrace dump a requested by ZZ Coder:
load: class com.facebook.facebookphotouploader5.FacebookPhotoUploader5.class not found.
java.lang.ClassNotFoundException: com.facebook.facebookphotouploader5.FacebookPhotoUploader5.class
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 7 more
Exception: java.lang.ClassNotFoundException: com.facebook.facebookphotouploader5.FacebookPhotoUploader5.class
Dumping class loader cache...
Live entry: key=http://upload.facebook.com/controls/2008.10.10_v5.5.8/,FacebookPhotoUploader5.jar,FacebookPhotoUploader5.jar, refCount=1, threadGroup=sun.plugin2.applet.Applet2ThreadGroup[name=http://upload.facebook.com/controls/2008.10.10_v5.5.8/-threadGroup,maxpri=4]
Done.
new InetSocketAddress(hosta, port) which resolve IP by Default, and SocksSocketImpl use IP first if the target address is resolved.
If you want RemoteDNS, you can new Socket you An Proxy,then connnect to a InetSocketAddress which is constructed by InetSocketAddress.createUnresolved(host, port).
You Socks Server must be SOCKS5, java SocksSocketImpl auto detect is version.
Proxy p = new Proxy(Proxy.Type.SOCKS, paddr);
Socket s = new Socket(p);
InetSocketAddress addr = InetSocketAddress.createUnresolved("host.blocked.by.gfw", port);
s.connect(addr);
JRE certainly supports Socks V5. I have been using it since Java 1.4. JRE only uses V4 if your SOCKS server is V4. The first byte from your server response must be 5.
The V4 support was buggy. It only works with IP address, not domain name because it doesn't know how to resolve the domain name before hand. So you must be use V5 if Socks works at all.
I suspect that your proxy setting is incorrect so socks doesn't work at all. This should be easy to trace with Wireshark. Just check which port the applet is using.
Also the stacktrace will be very helpful. It will show you if Socks is used. For example,
load: class test.MyApplet.class not found.
java.lang.ClassNotFoundException: <name>.class
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.net.SocketException: Malformed reply from SOCKS server
at java.net.SocksSocketImpl.readSocksReply(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
I pointed SOCKS proxy to my HTTP server so this error is expected.
Related
I am trying to test my API using Jmeter Load testing and i am encountering this error whenever i tried to test 10 or more concurrent request in 20 seconds or more:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.jmeter.protocol.http.sampler.hc.LazyLayeredConnectionSocketFactory.connectSocket(LazyLayeredConnectionSocketFactory.java:92)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl$JMeterDefaultHttpClientConnectionOperator.connect(HTTPHC4Impl.java:326)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:850)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:561)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:67)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1282)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1271)
at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:627)
at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:551)
at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:490)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:257)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 27 more
10 concurrent user for 10 seconds is successful but when i up my testing, some request replied the above error and some request had been successful during the testing. I think this is not a code issue anymore. In this regard, May i know what is the problem for this? I am trying to test my API from my workstation(Windows) to Linux Dev server where the API is located and i am curious why only some request replied with this error while some is successful since my API URL uses HTTPS.
If you're getting this SSL peer shut down incorrectly error only under the load most probably it means that your system under test gets overloaded and cannot properly respond/gracefully end the connection.
Check your system under test logs for any suspicious entries
Make sure that the system under test has enough headroom to operate in terms of CPU, RAM, Network, etc, it can be done using JMeter PerfMon Plugin
From JMeter side of things you can:
Make sure to follow JMeter Best Practices
The same as for the system under test - make sure that JMeter doesn't lack underlying operating system resources, if it does - consider running JMeter in distributed mode
You can also add javax.net.debug=all line to system.properties file, this way you will get way more information regarding underlying connections problems in stdout
In addition you can add the next lines to log4j2.xml file, this way you will see more details on network connections level in the jmeter.log file
<Logger name="org.apache.http" level="debug" />
<Logger name="org.apache.http.wire" level="debug"/>
I was recording script in Jmeter and got error like this:
There is a problem with this website's security certificate
then I click Continue to this website (not recommended)
and got connection timed out like this:
java.net.ConnectException: Connection timed out: connect at java.net.DualStackPlainSocketImpl.connect0(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.
Please help.
UPDATED
I should run jmeter using proxy due to proxy enabled in my area.
After running using proxy, I found new error SAML Authentication (https://www.blazemeter.com/blog/how-load-test-saml-sso-secured-websites)
Ensure you add the JMeter Certificate Authority to your browser following this documentation:
http://jmeter.apache.org/usermanual/component_reference.html#HTTP(S)_Test_Script_Recorder
Installing the JMeter CA certificate for HTTPS recording
This file is generated in "jmeter/bin/ApacheJMeterTemporaryRootCA.crt" when your start the recorder.
I'm trying to use OWASP ZAP to proxy a connection to a website that I maintain.
However although the proxying is working for other sites (both https and http) connections to the one I actually want to analyse just return a 502 - Bad gateway message with the following text:
ZAP Error [java.net.ConnectException]: Connection refused: connect
Stack Trace:
java.net.ConnectException: Connection refused: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
at sun.security.ssl.SSLSocketImpl.<init>(Unknown Source)
at sun.security.ssl.SSLSocketFactoryImpl.createSocket(Unknown Source)
at org.parosproxy.paros.network.DecoratedSocketsSslSocketFactory.createSocket(Unknown Source)
at org.parosproxy.paros.network.SSLConnector.createSocket(Unknown Source)
at org.apache.commons.httpclient.HttpConnection.open(Unknown Source)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source)
at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source)
at org.parosproxy.paros.network.HttpSender.send(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source)
at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
The URL I'm requesting via the browser works fine when not proxied through OWASP ZAP, and the request headers captured by ZAP also work fine when copied and pasted as Raw into a Fiddler Request, these are as below:
GET https://nottellingyou.net/ HTTP/1.1
Host: nottellingyou.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
Just for information,
1.) There is no proxy chain set in ZAP, or elsewhere on my PC / Browser / Fiddler settings.
2.) ZAP Proxy is running at the default address localhost:8080
3.) ZAP Dynamic Certificate has been saved and imported into the test browser (Firefox Developer Edition)
Given that ZAP is working for other sites, I'm at a brick wall as to what might be wrong here, can anyone help?
I've seen firewalls that have clearly had specific rules to block ZAP, eg by checking the default ZAP user agent.
That particular issue is unlikely to be the case here but you could still be hitting a similar problem.
Try resending the request from within ZAP while tweaking the headers.
The other possibility is that its checking something in the ZAP root cert, eg the DN. You can import you own root certs into ZAP - try that using very different settings to the ZAP one.
If that doesnt work head over to the ZAP User Group and we'll keep trying different things - there will be a solution to this ;)
I've found a workable solution by accident.
As I wasn't sure if the Request I was seeing in ZAP was the request it received from the browser or the request it forwarded on (or both). I, therefore, wasn't sure if my checking the Request was working in Fiddler was a valid test.
So I set ZAP to forward all its requests to Fiddler on the same machine so I could be sure of exactly what was being sent out.
As soon as I did this, I was able to access the website, and record the requests / responses in both Fiddler and ZAP.
Based on this I'm going to go with Psiinon's suggestion that somewhere along the chain requests from ZAP are being blocked by some security / Firewall rules. Being as I have no control over these and struggle to get anything other than vague grunts out of the networking guys I'm going to carry on with my workable solution.
I'm trying to build DIY application on OpenShift that implements WebSockets. I started with this example:
https://www.openshift.com/blogs/how-to-build-java-websocket-applications-using-the-jsr-356-api
If I run it locally, it works perfectly. When I upload the code to a DIY OpenShift cartridge and compile it, I get an error. I modified the code so that the Server connects to $OPENSHIFT_DIY_IP on port 8000, but when the code reaches the line server.start(); it crashes with the following error.
What am I doing wrong? I tried other ports (17500 and on) without any luck.
Error:
Binding server to 127.7.177.1:8000
Jun 04, 2014 10:28:02 AM org.glassfish.tyrus.server.ServerContainerFactory create
INFO: Provider class loaded: org.glassfish.tyrus.container.grizzly.GrizzlyEngine
java.net.SocketException: Permission denied
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:444)
at sun.nio.ch.Net.bind(Net.java:436)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:214)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at org.glassfish.grizzly.nio.transport.TCPNIOBindingHandler.bindToChannelAndAddress(TCPNIOBindingHandler.java:131)
at org.glassfish.grizzly.nio.transport.TCPNIOBindingHandler.bind(TCPNIOBindingHandler.java:87)
at org.glassfish.grizzly.nio.transport.TCPNIOBindingHandler.bind(TCPNIOBindingHandler.java:64)
at org.glassfish.grizzly.AbstractBindingHandler.bind(AbstractBindingHandler.java:140)
at org.glassfish.grizzly.AbstractBindingHandler.bind(AbstractBindingHandler.java:159)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.bind(TCPNIOTransport.java:470)
at org.glassfish.grizzly.http.server.NetworkListener.start(NetworkListener.java:658)
at org.glassfish.grizzly.http.server.HttpServer.start(HttpServer.java:264)
at org.glassfish.tyrus.container.grizzly.GrizzlyEngine$1.start(GrizzlyEngine.java:88)
at org.glassfish.tyrus.server.TyrusServerContainer.start(TyrusServerContainer.java:119)
at org.glassfish.tyrus.server.Server.start(Server.java:122)
at org.neo.wordgame.server.WebSocketServer.runServer(WebSocketServer.java:23)
at org.neo.wordgame.server.WebSocketServer.main(WebSocketServer.java:11)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.mojo.exec.ExecJavaMojo$1.run(ExecJavaMojo.java:293)
at java.lang.Thread.run(Thread.java:744)
Please press a key to stop the server.Jun 04, 2014 10:28:04 AM org.glassfish.tyrus.server.Server stop
INFO: Websocket Server stopped.
Your application needs to listen on port 8080 on your $OPENSHIFT_DIY_IP, but you need to connect to it from the outside at http://app-domain.rhcloud.com:8000 or http://app-domain.rhcloud.com:8443 (ssl). Binding to port 8000 on your $OPENSHIFT_DIY_IP won't work.
It is just as developercorey says. Latest news about WebSockets on OpenShift I could find is this blog post, clearly saying that you have to access 8000/8443 from outside.
As a live example, I've deployed application using WebSockets into OpenShift. If you access it using http://vinbudin-openshift.anthavio.net/ui
Although application still works, because it can degrade to long-polling silently,
when you look into Chrome Developer Tool Network Tab, you can see rejected WebSocket upgrade request
Request URL:ws://vinbudin-openshift.anthavio.net/ui/PUSH/?v-uiId=0&v-csrfToken=bcd0c9a6-2a6f-4ddb-8332-7929e4337b2d&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.1.5.vaadin4-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json;%20charset=UTF-8&X-atmo-protocol=true
Request Method:GET
Status Code:501 Not Implemented
But using url with port 8000 http://vinbudin-openshift.anthavio.net:8000/ui yields better result
Request URL:ws://vinbudin-openshift.anthavio.net:8000/ui/PUSH/?v-uiId=0&v-csrfToken=bcd0c9a6-2a6f-4ddb-8332-7929e4337b2d&X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=2.1.5.vaadin4-jquery&X-Atmosphere-Transport=websocket&X-Atmosphere-TrackMessageSize=true&X-Cache-Date=0&Content-Type=application/json;%20charset=UTF-8&X-atmo-protocol=true
Request Method:GET
Status Code:101 Switching Protocols
I am facing a very strange problem.
I am using my application with RMI for 8 month in production but since a new (big) update I dont know what is wrong.
It is a server where 3 clients connect.
And when I am using only client with a certain method I can not find anything wrong especially because all other clients work perfectly.
Is there maybe with RMI any local "cache" which should be deleted otherwise I can't tell.
Here is the output of the client's console:
C:\Users\Claudia\Desktop>java -jar CLIENT_erp_auer_client_v0_8ASASADSD.jar
java.rmi.MarshalException: error marshalling arguments; nested exception is:
java.net.SocketException: Software caused connection abort: socket write error
at sun.rmi.server.UnicastRef.invoke(Unknown Source)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(Unknown Sou
rce)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(Unknown Source)
at $Proxy7.update(Unknown Source)
at client.entity_types.LieferscheinpositionService.aendereLieferscheinposition(
LieferscheinpositionService.java:60)
at client.lieferscheinverwaltung.TreeTableNEULieferschein.addLieferscheinpositi
onen(TreeTableNEULieferschein.java:912)
at client.lieferscheinverwaltung.TreeTableNEULieferschein.<init>(TreeTableNEULi
eferschein.java:204)
at client.lieferscheinverwaltung.LieferscheinErstellung.getTreeTableNeuLiefersc
hein(LieferscheinErstellung.java:916)
at client.lieferscheinverwaltung.LieferscheinErstellung.<init>(LieferscheinErst
ellung.java:773)
at client.lieferscheinverwaltung.LieferscheinManagement.openLieferschein(Liefer
scheinManagement.java:1055)
at client.lieferscheinverwaltung.LieferscheinManagement$9.mouseClicked(Liefersc
Thank you.