Search Results

Search found 111 results on 5 pages for 'sniff'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/5 | 1 2 3 4 5  | Next Page >

  • Sniff UNIX domain socket

    - by gonvaled
    I know that some process is writing to a certain unix domain socket (/var/run/asterisk/asterisk.ctl), but I do not known the pid of the sender. How can I find out who is writing to the socket? I have tried with: sudo lsof /var/run/asterisk/asterisk.ctl but it just list the owner of the socket. I would like to know who is writing / reading to this socket, and I would also like to sniff the data. Is this possible?

    Read the article

  • How to I sniff this from iTunes?

    - by Alex
    If you have used Firebug, you know that you can see the "AJAX" requests back and forth. And you can see the headers sent. I would like the same thing. Except, I would like to sniff iTunes. I want to know the REST API that iTunes uses to talk to the cloud. As well as the user-agent and headers sent.

    Read the article

  • Use wireshark to sniff QQ traffic

    - by fizzy
    I am using a MacBook and would like to sniff QQ traffic using WireShark or other software. The intercepted traffic will be UTF-8 or unicode, not ascii. Is this possible, and is there a tutorial that explains this? QQ uses UDP and some more interesting control structures, which is why I as seeking a specialized solution.

    Read the article

  • unable to sniff traffic despite network interface being in monitor or promiscuous mode

    - by user65126
    I'm trying to sniff out my network's wireless traffic but am having issues. I'm able to put the card in monitor mode, but am unable to see any traffic except broadcasts, multicasts and probe/beacon frames. I have two network interfaces on this laptop. One is connected normally to 'linksys' and the other is in monitor mode. The interface in monitor mode is on the right channel. I'm not associated with the access point because, as I understand, I don't need to if using monitor mode (vs promiscuous). When I try to ping the router ip, I'm not seeing that traffic show up in wireshark. Here's my ifconfig settings: daniel@seasonBlack:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:1f:29:9e:b2:89 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:16 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:112 errors:0 dropped:0 overruns:0 frame:0 TX packets:112 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8518 (8.5 KB) TX bytes:8518 (8.5 KB) wlan0 Link encap:Ethernet HWaddr 00:21:00:34:f7:f4 inet addr:192.168.1.116 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::221:ff:fe34:f7f4/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:9758 errors:0 dropped:0 overruns:0 frame:0 TX packets:4869 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3291516 (3.2 MB) TX bytes:677386 (677.3 KB) wlan1 Link encap:UNSPEC HWaddr 00-02-72-7B-92-53-33-34-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS PROMISC ALLMULTI MTU:1500 Metric:1 RX packets:112754 errors:0 dropped:0 overruns:0 frame:0 TX packets:101 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18569124 (18.5 MB) TX bytes:12874 (12.8 KB) wmaster0 Link encap:UNSPEC HWaddr 00-21-00-34-F7-F4-00-00-00-00-00-00-00-00-00-00 UP RUNNING MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wmaster1 Link encap:UNSPEC HWaddr 00-02-72-7B-92-53-00-00-00-00-00-00-00-00-00-00 UP RUNNING MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Here's my iwconfig settings: daniel@seasonBlack:~$ iwconfig lo no wireless extensions. eth0 no wireless extensions. wmaster0 no wireless extensions. wlan0 IEEE 802.11bg ESSID:"linksys" Mode:Managed Frequency:2.437 GHz Access Point: 00:18:F8:D6:17:34 Bit Rate=54 Mb/s Tx-Power=27 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=68/70 Signal level=-42 dBm Noise level=-69 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 wmaster1 no wireless extensions. wlan1 IEEE 802.11bg Mode:Monitor Frequency:2.437 GHz Tx-Power=27 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 Here's how I know I'm on the right channel: daniel@seasonBlack:~$ iwlist channel lo no frequency information. eth0 no frequency information. wmaster0 no frequency information. wlan0 11 channels in total; available frequencies : Channel 01 : 2.412 GHz Channel 02 : 2.417 GHz Channel 03 : 2.422 GHz Channel 04 : 2.427 GHz Channel 05 : 2.432 GHz Channel 06 : 2.437 GHz Channel 07 : 2.442 GHz Channel 08 : 2.447 GHz Channel 09 : 2.452 GHz Channel 10 : 2.457 GHz Channel 11 : 2.462 GHz Current Frequency=2.437 GHz (Channel 6) wmaster1 no frequency information. wlan1 11 channels in total; available frequencies : Channel 01 : 2.412 GHz Channel 02 : 2.417 GHz Channel 03 : 2.422 GHz Channel 04 : 2.427 GHz Channel 05 : 2.432 GHz Channel 06 : 2.437 GHz Channel 07 : 2.442 GHz Channel 08 : 2.447 GHz Channel 09 : 2.452 GHz Channel 10 : 2.457 GHz Channel 11 : 2.462 GHz Current Frequency=2.437 GHz (Channel 6)

    Read the article

  • How to sniff for wireless MAC addresses in area - My laptop got stolen

    - by Mr AJL
    A few days ago my apartment got broken in, and they took all the electronics, including my $1500 laptop. We are pretty sure it's an inside job (as in someone from the same building), so I believe that the stuff is in someones apartment. Is there any tool that tells you what wireless adapters are active within range? I have my laptops MAC address, so I could use that to find out who stole it. I think it's worth a shot. Any help is appreciated thanks!

    Read the article

  • Sniff packets using tcpdump

    - by denisk
    I have a completely noob question. I want to see all packets that come to my computer from particular site (google.com). So I start tcpdump sudo tcpdump -i eth0 host google.com and enter google.com in a browser and hit enter - nothing gets captured. I can't figure out why it happen. What do I do wrong? Edit It appeared that I was listening to the wrong interface. I had changed eth0 to any and it worked. It was ppp1 that needed listening. Thanks for your answers!

    Read the article

  • Reconstructing data from PCAP sniff

    - by Ishi
    Hi everyone !! I am trying to sniff HTTP data through libpcap and get all the http contents (header+payload) after processing the TCP payload. As per my discussion at http://stackoverflow.com/questions/2905430/writing-an-http-sniffer-or-any-other-application-level-sniffer , I am facing problems due to fragmentation - I need to reconstruct the whole stream (or defragment it) to get a complete HTTP packet, and this is where I need some help. Thanks in anticipation !!

    Read the article

  • help using pcap library to sniff packets

    - by scatman
    i am using pcap sample codes to create my own sniffer. i downloaded their sample sniffer and its working on windows but not on linux. i am using gcc compiler on both machines, and i have only pcap.h included. the error is : dereferencing pointer to incomplete type. the netmask is causing the error. the netmask is the mask of the first address of the interface. u_int netmask=netmask((structsockaddr_in*)d->addresses->netmask))->sin_addr.S_un.S_addr; any solutions?

    Read the article

  • Setcookie > sniff > output on same page

    - by lokust
    Hi, I wonder if someone can help shed some light on this: I drop a cookie if a user arrives to the site with a specific key/value in query string. i.e.: http://www.somesite.com?key=hmm01 The cookie code exists at top of the template before <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML ) : <?php header("Content-Type: text/html; charset=utf-8"); ob_start(); if (isset($_GET['key'])) { setcookie("cookname", $_GET['key'], time()+2592000); /* Expires in a month */ } ob_end_flush(); ?> On the same page though within the : I have the following php code that sniffs the cookie and outputs some text: ` switch ($cookievalue) { case hmm01: echo "abc"; break; case hmm02: echo "def"; break; case hmm03: echo "ghi"; break; default: echo "hello"; } ?` -- Problem is when the user first arrives the sniffer script doesn't detect the cookie and outputs the default text: hello Only when user refreshes page or navigates to a different page does the sniffer detect the cookie. Any ideas on how to drop the cookie and output the correct text without a page refresh? Many thanks.

    Read the article

  • How to track/sniff mp3 files posted on Zippyshare.com? [closed]

    - by Stoan
    I'm not sure if this is a right place to ask this question, We starting a indie recording label, I want to minimize piracy of our music. I want to track/sniff our songs that are posted to Zippyshare.com How can I right a tool to automate this process? we would supply our song names and it would search and notify us if our songs are posted on Zippyshare.com. I'm a junior Java developer. I'm looking for direction on how to right an app that would achieve this, any help is appreciated. Thanks

    Read the article

  • How can I setup a Proxy I can sniff traffic from using an ESX vswitch in promiscuous mode?

    - by sandroid
    I have a pretty specific requirement, detailed below. Here's what I'm not looking for help for, to keep things tidy and on topic: How to configure a standard proxy Any ESX setup required to facilitate traffic sniffing How to sniff traffic Any changes in design (my scope limits me) I need to setup a test environment for a network-sniffing based HTTP app monitoring tool, and I need to troubleshoot a client issue but he only has a prod network, so making changes to the config on client's system "just to try" is costly. The goal here is to create a similar system in my lab, and hit the client's webapp and redirect my traffic - using a proxy - into the lab environment. The reason I want to use a proxy is so that only this specific traffic is redirected for all to see, and not all my web traffic (like my visits to serverfault :P). Everything will run inside an ESX 4.1 machine. In there, there is a traffic collection vswitch in promiscuous mode that is not on the local network for security reasons. The VM containing our listening agent is connected to this vswitch. On the same ESX host, I will setup a basic linux server and install a proxy (either apache + mod_proxy or squid, doesn't matter). I'm looking for ideas on how to deploy this for my needs so I can then figure out how to set it up accordingly. Some ideas I've had were to setup two proxies, and have them talk to eachother through this vswitch in promiscuous mode, but it seems like alot of work. Another idea is a dual-homed proxy, but I've never seen/done that before so I'm not sure how doable it is for what I'd like. I am OK with setting up a second vswitch in promiscuous mode to facilitate this if need be, but I cannot put the vswitch on the lan (which is used so my browser would communicate with the proxy) in promiscuous mode. Any ideas are welcome.

    Read the article

  • Can we sniff packets between 2 machines in a network from a third machine using wireshark or etherea

    - by coolcake
    I have a small network in which there are 2 electronic devices and one desktop connected using a switch. Through the desktop with Ethereal/wireshark installed on it, can I sniff the packets that are being communicated between the 2 electronic devices? I cannot install ethereal or wireshark on either of the electronic devices, but need to monitor the traffic between the 2 devices from my desktop, which is connected via the same switch.

    Read the article

  • wireshark not seeing all packets on WiFi

    - by Caffeine Coma
    I'm using Wireshark on OSX, trying to sniff my home network over WiFi. While I can see packets that are sent to/from the host I'm sniffing on, I'm not seeing anything else that goes over the WiFi. It's like I'm not in promiscuous mode or something (the promiscuous mode box is in fact checked). The router is an Apple Airport Extreme, protected by WPA2. I'm attached to the network I'm trying to sniff, so I'm confused about why I can't see other traffic. Edit: I solved this by the following: Plug Macbook directly into the Airport Extreme router Enable "internet sharing" on Macbook, with no password. Bind wireless device (the one I wanted to sniff) to the WiFi hotspot generated by Internet sharing in step 2. Run Wireshark on the Macbook, bound to device en1. Don't forget to disable sharing after you're done. :-)

    Read the article

  • Fiddler not sniffing SOAP traffic from ASP.NET website

    - by JohnIdol
    So far I've been successfully using fiddler to sniff web service traffic from both test fixtures, console apps and web projects. Today I noticed I am not able anymore to sniff that kind of traffic if I am running my web application (it's a ASP.NET website, hosted locally on IIS). I see all the local traffic but the web service traffic is just gone (the service is being hit as I do see the response debugging into the code). I am still able to successfully sniff soap requests and responses from test fixtures or console apps in the same solution (exact same environment). If it was a windows (I am on Win7) security update or the likes it would never work I guess (unless it affects only traffic routed through IIS). What should I be looking for that could cause the emergence this behavior? Any pointers appreciated!

    Read the article

  • Blackberry Apps - Importing a code-signed jar into an application project

    - by Eric Sniff
    Hi everyone, I'm working on a library project that Blackberry Java developers can import into their projects. It uses protected RIM APIs which require that it be code-signed, which I have done. But, I can't get my Jar imported and working with a simple helloWorld app. I'm using the eclipse plug-in Blackberry-JDE. Here is what I have tried: First: Building myLibProject with BlackBerry_JDE_PluginFull_1.0.0.67 into a JAR, signing it and importing it into a BlackBerry_JDE_PluginFull_1.0.0.67 application project -- I get a class not found error, while compiling the application project. Next: I imported myLibProject into an BlackBerry_JDE_PluginFull_1.1.1.* library project, built it into a jar, signed it and imported it into a BlackBerry_JDE_PluginFull_1.1.1.* application project. It built this time, but while loading up the simulator to test it I get the following error ( Access violation reading from 0xFFFFFFC ) before the simulator can loadup and it crashs the simulator. Other stuff I've tried: I also tried importing the jar into it's own project and having the HelloWorld app project reference that project. If I include the src in my application project it works fine... But Im looking for a way to deploy this as compiled code. Any Ideas? Or help?

    Read the article

  • Redirection loop problem at facebook iframe application

    - by Sniff
    I do IFrame application for facebook. Problem is: any link inside it causes redirect loop Link is: http://mydomain/mypage?fb_sig=[what I got from $_GET['fb_sig']] (to test I link to the same page as my loaded canvas is loaded from) when I click on it, my server returns: <script type="text/javascript"> top.location.href = "http://www.facebook.com/login.php?api_key=5dc632fcef992470341178f492f79b93&v=1.0&next=http%3A%2F%2Fthiismydomain%2Ffacebook%2F%3Ffb_sig%3D96a5c47f133eadcfbba4abf82e5311e0%26page%3D1"; </script> then it goes to corresponding page, and facebook returns Location: http://thisismydomain/facebook/?fb_sig=96a5c47f133eadcfbba4abf82e5311e0&page=1&auth_token=ce4cf4968f91cace5b3e915f5b658984 then, my server replies with <script type="text/javascript"> top.location.href = "http://www.facebook.com/login.php?api_key=5dc632fcef992470341178f492f79b93&v=1.0&next=http%3A%2F%2Fthisismydomain%2Ffacebook%2F%3Ffb_sig%3D96a5c47f133eadcfbba4abf82e5311e0%26page%3D1%26auth_token%3Dce4cf4968f91cace5b3e915f5b658984"; </script> and back, facebook replies: Location: http://thisismydomain/facebook/?fb_sig=96a5c47f133eadcfbba4abf82e5311e0&page=1&auth_token=ce4cf4968f91cace5b3e915f5b658984&auth_token=77df653b7949ca39c1a226c82cce8add and it goes on and one without end. Should I say that this redirect responce from my server is generated automately (most probaby my facebook php lib) I have no more ideas why this happends. Any ideas?

    Read the article

  • In Blackberry's Application class what is the difference between hasEventThread() and isHandlingEven

    - by Eric Sniff
    In Blackberry's Application class what is the difference between hasEventThread() and isHandlingEvents(). I'm just curious, because I have only found hasEventThread useful. From BB's docs for Applicaiton: public boolean hasEventThread() Determines if this application has entered the event dispatcher. Returns: True if this application has entered the event dispatcher (i.e. has invoked Application.enterEventDispatcher()); otherwise, false. isHandlingEvents public final boolean isHandlingEvents() Determines if this application has entered the event dispatch loop. Returns: True if the application has entered the event dispatch loop; otherwise, false. My only guess is that isHandlingEvents most happen sometime after hasEventThread. But is that really that useful?

    Read the article

  • IE and Content-disposition inline vs. extension-token

    - by pinkgothic
    Preamble So IE does Mime-Type sniffing. That part's old news. Suggestions of how to combat it tend to be along the lines of 'supply a content-type IE trusts' (i.e. anything that isn't text/plain or application/octet-stream) or 'add extraneous data at the start of the file that is definitely of the type you're serving'. Now, I'm working on an application that has to allow message attachments (like in e-mails), and we want to close up XSS vectors. IE's mime sniffing is one of those vectors - a text/plain file with html content will trigger as html. Recoding isn't an option at this point, changing the attachments the user has provided can only happen if there is absolutely no doubt about the maliciousness of the file - and someone might want to send HTML as text. Now, Microsoft's MSDN article implies the situation might be easier to fix than advertised: If Internet Explorer knows the Content-Type specified and there is no Content-Disposition data, Internet Explorer performs a "MIME sniff," [...] Great! Except I don't have IE nor current means to reliably install it (I realise this is a fairly sad state for a webdeveloper to be in, I hope to fix this soon) and this is grey theory that I can't quite seem to get confirmed one way or the other. Local sources say that line is hogwash - IE will mime sniff anything that is Content-Disposition: inline / <default> and not specific enough for its tastes in -Type. But what about x-* ('extension-token' in the RFC)? Trying to google for how browsers handle Content-Disposition: <extension-token> hasn't yielded anything (though I may just be doing it wrong, my understanding of Google is seriously slipping lately). I found one question that looked promising, but turned out to be a misunderstanding on side of the thread author, meaning that the train of thought was never actually addressed there. Question(s) Does IE really Mime sniff if you expressly pass Content-Disposition: inline? If so: Does anyone here know how browsers handle Content-Disposition: <extension-token>? If they do this in a way that is for my purposes benign, by presuming it to be synonymous with the default (effectively 'inline', though I hear it's not defined anywhere?), is it specific enough for IE not to Mime sniff? Or am I actually shooting myself in the foot by thinking of pursuing this avenue?

    Read the article

  • Bluetooth mouse no longer paired after resuming from suspend since upgrading to 13.10

    - by Korakys
    Since upgrading to 13.10 from 13.04 my mouse no longer connects via bluetooth. In settings it states that the mouse is not paired. Restarting bluetooth with sudo /etc/init.d/bluetooth restart does not help. Restarting the computer does fix the problem if bluetooth is restarted also with the previously mentioned command, but this is not ideal. The mouse worked fine prior to updating to 13.10. The computer is a ThinkPad X230 with a Broadcom 'BCM20702A0' bluetooth module (I think). When it is not working hciconfig hci0 -a returns: hci0: Type: BR/EDR Bus: USB BD Address: C0:18:85:DB:F3:D1 ACL MTU: 1021:8 SCO MTU: 64:1 UP RUNNING PSCAN RX bytes:766129 acl:49888 sco:0 events:2233 errors:0 TX bytes:5953 acl:240 sco:0 commands:274 errors:0 Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87 Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 Link policy: RSWITCH SNIFF Link mode: SLAVE ACCEPT Name: 'BCM20702A' Class: 0x6e0100 Service Classes: Networking, Rendering, Capturing, Audio, Telephony Device Class: Computer, Uncategorized HCI Version: 4.0 (0x6) Revision: 0x1000 LMP Version: 4.0 (0x6) Subversion: 0x220e Manufacturer: Broadcom Corporation (15) When it is working hciconfig hci0 -a returns: hci0: Type: BR/EDR Bus: USB BD Address: C0:18:85:DB:F3:D1 ACL MTU: 1021:8 SCO MTU: 64:1 UP RUNNING PSCAN RX bytes:253334 acl:16391 sco:0 events:842 errors:0 TX bytes:2519 acl:65 sco:0 commands:84 errors:0 Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87 Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 Link policy: RSWITCH SNIFF Link mode: SLAVE ACCEPT Name: 'ubuntu-0' Class: 0x6e0100 Service Classes: Networking, Rendering, Capturing, Audio, Telephony Device Class: Computer, Uncategorized HCI Version: 4.0 (0x6) Revision: 0x1000 LMP Version: 4.0 (0x6) Subversion: 0x220e Manufacturer: Broadcom Corporation (15) I am a relative novice with linux so don't ask me compile anything please, but I can use google.

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • squid and ftp connections

    - by Kstro21
    i have a squid proxy server for both, http and ftp connections, i'm trying to use filezilla to open a ftp, but it always fail with an error saying: Status: Connection with proxy established, performing handshake... Response: Proxy reply: HTTP/1.0 403 Forbidden Error: Proxy handshake failed: ECONNRESET - Connection reset by peer Error: Connection timed out Error: Failed to retrieve directory listing i sniff the traffic, and, filezilla is trying to connect to a different port and the proxy denied it look, this is a portion of the sniff result CONNECT 201.150.36.227:61179 HTTP/1.1 Host: 201.150.36.227:61179 User-Agent: FileZilla everytime is a different port, so, no way i can allow it in the squid, also, i set the filezilla to use a active connection, same result, passive connection, same result again, so, i'm out of bullets, and i need your help, maybe a setting in the filezilla or in the squid can do the job, so, give a hand here this is the full log of the filezilla Status: Connecting to uhma.mx through proxy Status: Connecting to 172.19.216.13:3128... Status: Connection with proxy established, performing handshake... Response: Proxy reply: HTTP/1.0 200 Connection established Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.3.3a Server (a3 FTP CUATRO) [201.150.36.227] Command: USER uhmamx Response: 331 Password required for uhmamx Command: PASS ******* Response: 230 User uhmamx logged in Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is the current directory Command: TYPE I Response: 200 Type set to I Command: PASV Response: 227 Entering Passive Mode (201,150,36,227,238,251). Command: MLSD Status: Connecting to 172.19.216.13:3128... Status: Connection with proxy established, performing handshake... Response: Proxy reply: HTTP/1.0 403 Forbidden Error: Proxy handshake failed: ECONNRESET - Connection reset by peer Error: Connection timed out Error: Failed to retrieve directory listing

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5  | Next Page >