AIR Socket app keeps requesting policy file - actionscript-3

I am building the AIR socket server example, as explained on this page.
The AIR app is running fine, it creates a socket on 127.0.0.1 on port 8080.
I am connecting to the server with a SWF running on localhost. This SWF is built using the client example on the same site. The SWF attempts to connect to 127.0.0.1 on port 8080 - so far so good, except that the AIR app now receives a POLICY-FILE-REQUEST:
Received:<policy-file-request/>
Since I've read everywhere that AIR does not require a policy file, why does the AIR app receive this request? And how do you reply with the proper file, from an AIR app?
Actionscript code in the SWF client:
public function XMLSocketExample() {
socket = new XMLSocket();
configureListeners(socket);
if (hostName && port) {
socket.connect(hostName, port);
}
}
public function send(data:Object):void {
socket.send(data);
}
private function configureListeners(dispatcher:IEventDispatcher):void {
dispatcher.addEventListener(Event.CLOSE, closeHandler);
dispatcher.addEventListener(Event.CONNECT, connectHandler);
dispatcher.addEventListener(DataEvent.DATA, dataHandler);
dispatcher.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
dispatcher.addEventListener(ProgressEvent.PROGRESS, progressHandler);
dispatcher.addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler);
}

Related

Port Scanning with WebSockets

Recently a post was featured in Hacker News about websites abusing WebSockets to find open ports on the client's machine.
The post does not go into any details, so I decided give it a try.
I opened a web server on port 8080 and tried running this script in Chrome's console:
function test(port) {
try {
var start = performance.now();
var socket = new WebSocket('ws://localhost:' + port);
socket.onerror = function (event) {
console.log('error', performance.now() - start, event);
}
socket.addEventListener('close', function(event) {
console.log('close', performance.now() - start, event);
})
socket.addEventListener('open', function (event) {
console.log('open', performance.now() - start, event);
socket.send('Hello Server!');
});
socket.addEventListener('message', function (event) {
console.log('message ', performance.now() - start, event);
});
} catch(ex) {
console.log(ex)
}
}
Indeed Chrome logs different a error message (ERR_CONNECTION_REFUSED) when I try to connect to a port that is not open:
test(8081)
VM1886:3 WebSocket connection to 'ws://127.0.0.1:8081/' failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED
And when I try to connect to a port that is open but is not listening to WebSockets (Unexpected response code: 200):
test(8080)
WebSocket connection to 'ws://127.0.0.1:8080/' failed: Error during WebSocket handshake: Unexpected response code: 200
But I can't find any way to access and read these errors in JavaScript.
Control flow does not reach the catch clause catch(ex) { console.log(ex) } and the event objects that Chrome passes to socket.onerror do not seem to be any different whether the port is open or not.
Timing attacks also don't seem to be helping at least in Chrome. Delta time between onerror and new Socket() creation seems to increase after calling test(...) a few times.
So is there actually a way for a web page to determine if a port is open on my computer?
The presentation slides linked to below show it was well known in 2016 and lack of a timing difference in your tests show mitigations may have been applied upstream.
https://datatracker.ietf.org/meeting/96/materials/slides-96-saag-1/
It might only work on windows:
https://blog.avast.com/why-is-ebay-port-scanning-my-computer-avast

WEBSERVER JSON API LOCALHOST

I want setup a simple webserver using JSON API(I Followed this tutorial).I have in this directory (C:\xampp\htdocs\server) 2 files:
server.js
node_modules(folder)
server.js
var express = require('express');
var app = express();
app.listen(3000, function() {
console.log('Chatfuel Bot-Server listening on port 3000...');
});
app.get('/*', function(req, res) {
var jsonResponse = [];
jsonResponse.push({ "text": "Hi. " + (Math.random() * 5 + 1).toFixed(0) + " is a lucky number..." });
res.send(jsonResponse);
});
So what is happening in the background?
After launched via terminal: node server.js
If the server gets a request it invokes code lines 8 to 12.
But it doesn't works! why?
Screens and more info here.
The problem is that you're serving node from your local computer, and the chatbot testing service is trying to connect to that running instance of node, and it cannot connect to your localhost.
In the example, they've used digital ocean to deploy the node application. Therefore, the running API is available at some real IP address.
So, if you want to do what they've done, deploy your node app somewhere and expose that particular deployment's IP to your testing framework, and then it should work.

Can't set the port for Net.Core application in launchSettings.JSON

I've edited launchSettings.JSON file and changed the port like so.
"Gdb.Blopp": {
"commandName": "Project",
"launchBrowser": false,
"launchUrl": "http://localhost:4000",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
It still starts on port 5000, though. Is that setting disregarded all toghether or am I missing something else?
The launchSettings.json supposed to be used by IDEs (i.e. Visual Studio), when you hit F5/Ctr+F5 and offers the options from the pull-down menu next to the start button.
Also you shouldn't directly edit that the launcherSettings.json file and instead use the Project Properties to change stuff.
One reason for this is that if you change it via project properties, Visual Studio will also edit the IIS Express files (located in the .vs/config/applicationhost.config folder of your solution).
If you want to change the port kestrel uses, use .UseUrls("http://0.0.0.0:4000") (get it either from appsettings.json or hosting.json) in Program.cs.
If you don't want to use hardcoded, you can also do something like this
Create a hosting.json:
{
"server": "Microsoft.AspNetCore.Server.Kestrel",
"server.urls": "http://localhost:4000"
}
Program.cs
public class Program
{
public static void Main(string[] args)
{
var config = new ConfigurationBuilder()
.AddJsonFile("hosting.json", optional: false)
.AddEnvironmentVariables(prefix: "ASPNETCORE_")
.Build();
var host = new WebHostBuilder()
.UseConfiguration(config)
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
host.Run();
}
}
You can also do that via commandline (AddCommandLine call is important here, from Microsoft.Extensions.Configuration.CommandLine" package).
var config = new ConfigurationBuilder()
.AddCommandLine(args)
.Build();
var host = new WebHostBuilder()
.UseConfiguration(config)
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup<Startup>()
.Build();
host.Run();
Then run it via dotnet run server.urls=http://0.0.0.0:4000.
When you run IIS/IISExpress the kestrel port will be determined by UseIISIntegration().
Since .NET Core 2.0 you don't have to maintain hosting.json or modify app startup anymore. There is built-in support for setting app port, explained here: https://stackoverflow.com/a/49000939/606007

Flash cannot setup XMLSocket

I just started a project in flash, but it can't startup XMLSocket.
My code:
import Network.CommunicationBootstrap;
var network:CommunicationBootstrap = new CommunicationBootstrap();
network.start("127.0.0.1", 30000);
Package Network classs CommunicationBootstrap:
package Network {
import flash.net.XMLSocket;
import flash.events.IOErrorEvent;
import flash.events.SecurityErrorEvent;
public class CommunicationBootstrap {
private var socket:XMLSocket = new XMLSocket();
public function CommunicationBootstrap() {
socket.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);
socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler);
}
public function start(ip:String, port:int):void {
this.socket.connect(ip, port);
trace("Testing this out!");
}
private function ioErrorHandler(event:IOErrorEvent):void {
trace("ioErrorHandler: " + event);
}
private function securityErrorHandler(event:SecurityErrorEvent):void {
trace("securityErrorHandler: " + event);
}
}
}
What my errors are:
ioErrorHandler: [IOErrorEvent type="ioError" bubbles=false cancelable=false eventPhase=2 text="Error #2031: Socket Error. URL: 127.0.0.1"]
securityErrorHandler: [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: file:///C|/Users/iufrs/Documents/AS3/1/Torn.swf cannot load data from 127.0.0.1:30000."]
(gotten by trace and the 2 events)
This is (as the message hints) due to the sandbox your swf is running in.
from the docs
Local file describes any file that is referenced by using the file:
protocol
Which is what you are doing here.
Further:
The local-with-filesystem sandbox—For security purposes, Flash Player
places all local SWF files and assets in the local-with-file-system
sandbox, by default. From this sandbox, SWF files can read local files
(by using the URLLoader class, for example), but they cannot
communicate with the network in any way. This assures the user that
local data cannot be leaked out to the network or otherwise
inappropriately shared
This is what is causing you to see the error.
If you intend your swf to be hosted by a web server, then you should make sure the swf can be loaded from your webserver running on 127.0.0.1, and you should load it over http, e.g. as http://127.0.0.1/YourSwf.swf
If you want to run your sef from the filesystem, you need to compile it to run in the 'local-with-networking' sandbox, the link explains how.
.

Sending Ready Signal through Socket in flex

I'm developing an AIR project to do machine integration in Flex. In one machine, my app works really good that I'm able to receive data from the machine as I wanted. In the second one, I think it is like we have to send 'READY' kind off signal to the machine for which we will get 'ACK' in return (Handshake) and then only the communication will begin.
How could this 'READY' signal be sent from ActionAcript using Socket.
My ActionScript Class File will look like this..
protected var socket:Socket;
public function init():void
{
socket = new Socket;
socket.addEventListener(Event.CONNECT, onConnect);
socket.addEventListener(ProgressEvent.SOCKET_DATA, onSocketData);
socket.addEventListener(Event.CLOSE, onClose);
}
/*** connect to the socket */
public function connect():void
{
if(socket.connected)
{
Status = "Socket is already listening to Port " + socket.remotePort + " in " + socket.remoteAddress;
return;
}
socket.connect("localhost", 5331);
}
/*** handles socket connect event */
private function onConnect(event:Event):void
{
if(socket.connected)
Status = "Connection established successfully from " + Capabilities.os;
else
Status = "Connection failure!";
}
/*** manipulation of received data */
private function onSocketData(event:ProgressEvent):void
{
//Data Recieved
}
/*** handles socket close event */
protected function onClose(event:Event):void
{
Status = "Socket Connection is being closed..";
}
The machine(KR-8900)'s output is RS232.. 8 pin mini din (Male).. and to the system it is db9 pin (as usual).. the serial port communication is done by an External Tool 'SerProxy'. SerProxy will send and receive the data to/from machine-System. Using the app, I will have to connect to the port in the System using Socket and perform Read & Write operations.
My problem here is I don't receive any data in my onSocketData function. Before the communication begins, I need to send READY signal.. I'm stuck here as I don't know how to do this in Flex. Any idea or suggestion are eagerly welcomed.
Socket API allows you to write strings and bytes to a binary socket.
When you socket is connected, you can do something like :
socket.writeUTFBytes("READY");
socket.flush();
You'll have to adapt this code so it will send exactly what you'll need it to send. You can use writeByte to write a null ("\0") character or any control character, too.
To read data, you need to use read methods.