I have an application made in Java for Android platforms, and I need to send quite a lot of data, the data I am sending is the previous weeks SMS messages received and sent. That includes the following data:
Sent by Phone number
Sent by Name
Sent to Phone number
Sent to Name
Time sent
Message
And you can imagine this data can be really big for some people so I need a way to minimize/encrypt it on one side, and then using an HTTP request I can send it over to my server, and decrypt this data with PHP. What is the best method to do this? What size limit does HTTP POST have?
I think you should zip+encrypt(say, using aes) the data on Android side before sending the data to your server and decrypt+unzip it on the server side.
Post size depends on the config on the server side -> What is the size limit of a post request?.
p.s. why would anyone want to send all their sms messages to your server? :)
You'll want to send the data using an HTTP POST. The limit on the HTTP POST size depends on the server receiving the data. For example a PHP server has the post_max_size property that (I think) by default is 16M. In terms of encryption start by making sure the request is being sent over HTTPS.
Do you have Gzip option turn on in your Apache HTTPD server?
This way the web server will compress and serve slightly packed files to and bro your browser.
Related
I am trying to simulate a response from a web server login confirmation to a windows application. I have the captured packets that detail the conversation between the server and the application for successful login already as it is my application, this is for debugging and MIME simulation to test application and network security. communications create what I hope can be a custom foolproof way to prevent a MIME but I dont have a way to test it, so here I am to ask for guidance.
How would I go about simulating the response from the server to the application?
I have some idea in the direction I would possibly need to go to achieve my desired outcome:
Utilizing my network:
I have a Linux machine set up as a dynamic router, dhcp, routing, and my Linksys router just acts as an access point and ethernet switch.
1: Set up web server on Linux machine.
2: redirect traffic from application port to Linux server.
3: run server-side script to respond to application request using packets captured to establish replay successful login to server.
So, I am kinda new to using Linux tools. I have setup a Linux router, captured basic information utilizing Wireshark, and am able to program in VB, javascript, some java. I have not done much network-oriented programming other than some simple communication for authentication I have successfully established.
Any information to point me in the right direction I am grateful for!
Most logins use encryption (https / TLS) so capturing the packets won't help.
If not, the packets will form a http request, and you should be able to see the format of the request, whether the login credentials are part of the URL for GET or part of the http body for POST. It is not hard to create your own http request.
How are parameters sent in an HTTP POST request?
Each http request will be followed by an http response from the server, and the format of the headers or body will contain the login result (http requests and responses are similar in format, but the headers are not the same).
More sophisticated logins may involve a series of requests/responses.
You will need to write a simpler server to receive the requests and send the responses. Java is probably your best choice, given the languages you know, plus there will be plenty of examples online. With JS it may be possible but for the most part JS is used in browsers, so not a great choice. VB is a Windows language not supported on Linux.
Overview:
I currently have a fully functioning mobile application that communicates with a Java server running on Windows via WebSockets. The ServerEndpoint is running off of an AWS machine. The Java server is a ClientEndpoint running on a private network, and there can be multiple app users at any given time that are also ClientEndpoints.
I currently have everything working properly when it comes to sending String messages back and forth, as the ServerEndpoint is maintaining the Java server Session along with the mobile application Sessions. Almost all communication is initiated via the mobile applications at which time a JSON String is sent to the Java server session to be able to maintain which mobile application session should receive the return message.
I am now trying to implement functionality to be able to send PDF files via binary messages from the Java server to the mobile applications in the same fashion. The mobile applications are developed using Codename One, and they do not provide the ability to increase the maximum binary message size, so I seem to be limited to 8kb (8,192 bytes) per binary message. This is fine as I am sending multiple binary messages and rebuilding the file within the mobile app.
I currently have this working in the simplest case where there is only one mobile application user at a time requesting a PDF file.
Current Flow:
App A sends JSON message to ServerEndpoint which then forwards message to Java server A. Java server A sends JSON message back to ServerEndpoint which forwards message back to App A. The JSON objects contain the session id to send the messages back to. The ServerEndpoint needs to know which App Session to send messages to that come from the Java server.
When it comes to binary messages, App A sends a String message to the ServerEndpoint which then forwards message to Java server A. Java server A now needs to send multiple binary messages back to the ServerEndpoint which ALL must get forwarded to App A for the file to be rebuilt properly. This is the part that I'm not sure how to handle. It currently works fine if there is only one App session, but if multiple App sessions were to request files at the same time, it would not work properly.
Problem:
When sending String messages, it is easy enough to pass the callback mobile application session id as part of the JSON object back and forth to ensure the correct mobile application session gets the response. When it comes to sending the binary messages, what is the best way to guarantee that if users A and B request a file at the same time, that user A gets the file he/she requested and user B gets the file he/she requested?
You should be able to track the session without having to pass a session ID. For example, see this sample web service endpoint.
Notice how you can pass a Session object as the first parameter with the #OnMessage annotation.
You can use this to know who you're talking to.
One other small point/question. Your statement "The mobile applications are developed using Codename One, and they do not provide the ability to increase the maximum binary message size," seems to suggest that other platforms do allow you to set a maximum binary size on the client. AFAIK this is not part of the WebSocket spec, and isn't implemented by any browser. What other implementations do allow you to set the max size?
EDIT In response to your refinement of the question:
There are multiple ways to skin this cat. One thought is that you only need to chunk the "last mile" (between the middleman and the client). Since the middleman and the end server are JavaEE servers, you have control over the buffer size, and could potentially send the full file in one shot (within reason). Then just do the chunking in the middle server, which will know which client he is dealing with.
Another option is to create your own pseudo protocol. You're returning byte arrays, but you could choose to allocate the first n-bytes of each chunk to contain metadata, which the middleman would parse out. This metadata could be used to tell the middleman which client the chunk is destined for.
Zip the files you want to send and send it via binary, in server unzip it to get the data, i think size is not of a problem(havent tried Codename One though). If it is then you could send chunks of binary data that is structured to a jason object with a type and serial number that you can check to find the type of file you are sending and the number of chunk of the file it is. the flow will be like
get chuncks -> Json Object (Type="PDF", SerialNumber="1", Data="Binary data converted to String") -> zip the json object -> send to server. Do the reverse in server.
I have the following URL
http:actionname.php?user=username&password=pwd&sender=no&audio_file=somefilehere
I want to send an audio file along with the above parameters.
Is it possible to send an audio file as a request parameter?
Thanks in advance...
You can send the name of a file, but not the file itself. URL lengths are limited, practically to about 2000 characters. Theoretically they may be a bit longer, but this is not supported on all browsers. See this answer.
If the file is publicly available, and the file name is a URL itself, the server may fetch the file later.
If you want to send a file, consider having a POST request with the file content in it.
As usually, you will send anything as request to web server, the file content will be transferred as internals of HTTP message (POST parameters as file name, and content separately) outgoing from you to the server, until it finished (it is TCP session and it won't be break up while data is streaming), it could be considered as "request" to web server.
Theoretically, you could send something via URL (HTTP GET request), but you could develop some kind of transport data-over-HTTP-GET protocol to send escaped binary data chunks as GET parameters. It is possible :)
Even sending (uploading) file via POST request also no so plain as submitting form with usual POST parameters, you should use multipart/form-data encoding in the form and special treatment on the server side for that.
It is not good, but not so weird as transmitting data via URL, you could send some data within GET request to the server, look here for more.
Here is the situation. There are server and client in network. They communicate like this:
Client sends request for some function.
Server sends to client function parameters.
Client trying to perform function and sends answer to server.
Server sends to client data which it should show.
But sometimes client can't perform function and sends error. I want to catch all packets from step 2, analyze them (I've already have tools for that), prevent some of them to reach client, process them with my program and form packet like in step 3. This must be done on client side. I have no access neither to server nor to client.
So, the question is: Is there libraries for changing, injecting and removing tcp/ip packet in c++ or java? The solution should be working in both Win and Linux systems.
Also, may be you have better ideas to expand client functionality?
Thanks for any help!
I tried to google how to change packets, but all I got were unanswered questions and sniffers=(
Edit: Actually, I don't really need injecting and removing packets, I can manage it with only changing packet data. Also, there is no multiple requests in the same packet, and a single request across multiple packets is not a problem.
You have to build a Proxy for your server. The client connects to the proxy, and the proxy itself connects to the server. It just routes all the packages between client and server.
BUT it is now able to intercept specific messages and to modify them. Imagine a filtering HTTP proxy, it works the same way.
I have personal experience with libpcap on linux and freeBSD, a kind of lowlevel library that helps to catch or inject packets. I did use it in an IPV6 network bridge project... But i know there is a windows port for it.
http://sourceforge.net/projects/libpcap/
You can let the library to:
catch packets using a filter
extract data from packet
you can process the data (modify them)
reinject it again using the same library
But you would have to work with internal data in a quite raw matter. Best documentation for this library are comments inside its header file, that is the most up to date info. Maybe there are some more comfortable highlevel libraries.
What is the best way for the communication between an Android app(native app) & a desktop App(C#/Java Client) over GAE?
One way I found was Channel API. Unfortunately I found no client side scripts other than Javascript supports Channel API.
Another way was to make a static class and communicate through these static variables.
This is what I'd like to achieve:
I want an Android app to send a message to GAE.
This message should be retreived by my PC App(C#/Java client)
PC App should return a response to this message
PC response should send to Mobile App.
Actually I am trying to execute commands on the windows command prompt from my mobile.
How about:
Android <-> App Engine : C2DM
Here's a good video about it:
http://www.youtube.com/watch?v=M7SxNNC429U
C#/Java <-> App Engine : Http Post/Get, create a http servlet at the app engine side.
And standard http request on c#/java.
Here's a blog about the servlet side:
http://zawoad.blogspot.com/2010/04/how-to-call-servlet-in-gwt.html
Basically this is how it works:
GAE handler receives messages from mobile device over http, and stores it to datastore. Here is an example of request which is done by movile device over http:
POST http://myapp.appspot.com/messages
Content-type: application/json
{"message":"Message from mobile device","userid":"myuserid",[other data..]}
Desktop app makes repetitive requests (every 10 sec or so) to GAE over http. GAE handler will give an empty response if there are no new messages, but if message has arrived, message is loaded from datastore and served over http, so you application will receive it. Here is request example:
GET http://myapp.appspot.com/messages?last_message_id=...
Database query example:
SELECT * FROM messages WHERE message_id > LAST_MESSAGE_ID
Response example:
Content-type: application/json
[{'id':1, 'message':'Message 1 from mobile device','userid':1},
{'id':2, 'message':'Message 2 from mobile device','userid':1}]
With Channel-API, it is possible to make one long request (long-polling) instead of many repetitive every 10 seconds. It is more efficient but it will be more difficult to implement if libraries does not exists.
I cannot recommend you specific libraries because I don't code in C# or Java, but all you need is a library which can make http requests, and also a library which encodes and decodes data in your chosen format. JSON data encoding is used in my example.