i need to send a request to a website when a user submits their url, i tried using curl but it uses server ip which i dont want i have seen a website that is doing a similar job by using applet, users need to open a popup which contains the applet after they leave it open allow it to run it uses a port and then uses the localhost ip like so 127.0.0.1:64653 to send request and basicly curl by the user ip. i decompiled the applet the website was using and they were using java.net.ServerSocket and some other java code but i do not know anything about java. I would to know how this can be done.
I think you are really confused.
a user does not have a URL.
there is a IP address that
represents the browser end of the
connection to the web server he/she
is connected to (actually, there
could be more than one) but this
does not allow something else to
establish a connection to the
browser. So it is not a URL.
the IP address + port number
that the browser has are transient.
In 2 minutes time, the very same
IP/port could denote a different
user, possibly even on a different
machine.
127.0.0.1 is a "special" IP
address that says "this machine".
It cannot be used for communication
with another machine.
notwithstanding all of the
above, web browsers do not accept
incoming HTTP connections from web
servers or anything else. The HTTP
protocol (which is what the web
works on) distinguishes between the
roles of "client" and "server", and
specifies that a client connects to
a server and not the other way
round. A web browser is always an
HTTP client, by convention and also
for security reasons.
So when you say ...
i need to send a request to a website when a user submits their url
... it simply does not make any sense. Please explain what you are tying to achieve ... not how you are trying to achieve it ... and we might be able to help.
Related
I need some advice in the following matter:
I have two machines that are connected via ethernet.
One machine (lets call it ServerSide) is also connected to the Internet via LAN. The second machine (ClientSide) is offline, in the beginning.
So ServerSide is creating a webserver with Jetty on port XY. ClientSide opens a webbrowser and requests some page (e.g. stackoverflow.com). The request will be forwarded to port XY and the webserver. ServerSide would have to send the request to the internet and then back over ServerSide to ClientSide, so the webbrowser should display the requested webpage.
Is it even possible to do that this way?
Thanks in advance
Yes. What you need on server side is an HTTP Proxy and there are plenty of existing solutions in the market.
Check out the Wikipedia article about proxies. Bear in mind that the client might require some configuration (Proxy settings) so that it forwards the requests to the proxy rather than attempting to reach the final host.
I am trying to simulate a response from a web server login confirmation to a windows application. I have the captured packets that detail the conversation between the server and the application for successful login already as it is my application, this is for debugging and MIME simulation to test application and network security. communications create what I hope can be a custom foolproof way to prevent a MIME but I dont have a way to test it, so here I am to ask for guidance.
How would I go about simulating the response from the server to the application?
I have some idea in the direction I would possibly need to go to achieve my desired outcome:
Utilizing my network:
I have a Linux machine set up as a dynamic router, dhcp, routing, and my Linksys router just acts as an access point and ethernet switch.
1: Set up web server on Linux machine.
2: redirect traffic from application port to Linux server.
3: run server-side script to respond to application request using packets captured to establish replay successful login to server.
So, I am kinda new to using Linux tools. I have setup a Linux router, captured basic information utilizing Wireshark, and am able to program in VB, javascript, some java. I have not done much network-oriented programming other than some simple communication for authentication I have successfully established.
Any information to point me in the right direction I am grateful for!
Most logins use encryption (https / TLS) so capturing the packets won't help.
If not, the packets will form a http request, and you should be able to see the format of the request, whether the login credentials are part of the URL for GET or part of the http body for POST. It is not hard to create your own http request.
How are parameters sent in an HTTP POST request?
Each http request will be followed by an http response from the server, and the format of the headers or body will contain the login result (http requests and responses are similar in format, but the headers are not the same).
More sophisticated logins may involve a series of requests/responses.
You will need to write a simpler server to receive the requests and send the responses. Java is probably your best choice, given the languages you know, plus there will be plenty of examples online. With JS it may be possible but for the most part JS is used in browsers, so not a great choice. VB is a Windows language not supported on Linux.
I have set up a websocket between an android application of mine and a tomcat server that is hosted online. My app is supposed to be able to give an IP address and port number of an outside website and use the websocket to contniuasly forward data to the server which will then pass it on and retrieve from whatever this outside website the user specified is.
So my question is, is there a way to pass in the ip address and port number in my request to create a websocket that will tell my server to forward it on to the given IP address?
I hope this all makes sense, I'm still trying to wrap my mind around it myself so let me know if there is something I can explain better.
I have a webpage behind a load balancer, and I want to display the user (for troubleshooting purposes) the IP of the actual node that the user is connected to (will be the same for a while due to sticky session)
I'm sure it's a very trivial question, but I want to be sure, what Java API should be used for that? will all APIs return me the request host? or will it be server dependent?
InetAddress.getLocalHost().getHostName() will give you the name of the server you are on.
InetAddress.getLocalHost().getHostAddress() will give the IP Address of the server you are on.
This might be one of those "huh, why?" questions, but I figured it would be worth the try.
How would one, from a server-side application, use the clients IP address as the applications IP address to another website? The basic idea is that any work the server side application does, is seen as the client itself doing the work, and not the servers static IP.
I am not sure if changing HTTP headers would work, but I could be wrong. Is there any documentation out there on this?
Thanks,
Kyle
Utterly, utterly impossible. You won't even be able to open a TCP connection because the other website's server will try to handshake with the client, and fail.
An IP address isn't just any old ID, it's the actually address that servers will send any response to. Spoofing it basically only makes sense if you can fit your request into a single IP packet (which rules out TCP and thus HTTP) and are not interested in the response. Even then it can fail because your ISP's routers may have anti-spoofing rules that drop packets with "outside" IP addresses originating from "inside" networks.
Why on earth would a legitimate application want to spoof its IP address?
Changing HTTP headers might cut it, but most likely it won't. Depends on how naive the other server is.
It sounds like you're trying to do something the wrong way, can you give a bit more information as to what exactly the use-case is?
If there's no processing to be done in between, you can do port forwarding on your server's IP firewall, so the client connects to your server but ends up talking to the other server.
If there's more involvement of your server, then the correct thing to do would be to pass the client's IP to the other server as part of the URL (if it's a web app) or elsewhere in the data (if not) so the receiving server can know and correctly log the process without any need for fakery. Of course this would also call for a change in the other app.
Again assuming we're talking about HTTP, another idea that came to my mind would be to redirect your client to the other server. As long as all necessary data is in the URI, you could advise the client's browser to connect to the other server with a URI of your own creation that could carry whatever extra value your server's processing adds to the request.
Decades ago, the designer of internet asked, "how can we prevent Kyle Rozendo from doing such a devious thing?"
If the client is cooperating, you can install some software on client machine, and do the work from there. For example, a signed java applet on your page. [kidding]If the client is not cooperating, install some trojan virus[/kidding]