Our company has recently added an automatic filter to all incoming Emails (O365) that rewrites URLs to some redirection service that is both unreliable and buggy. Additionally I hate it if a link is replaced by some garbage service I have not opted in to. Imagine it like a man-in-the-middle attack on your inbox.
So I wrote a Python script that can replace the rewritten links with the original ones. Currently I'm saving the email contents to a file, use the script and then copy & paste the output back. Evidently, this is not a good solution.
What I am trying to achieve is a way to do this automatically from inside Outlook, but I am open to other suggestions. I would like a solution to use Python since I'm comfortable with it, but if there is a different way that can handle this problem I'm open for that also.
Related
I'm making a simple project where I will have a downloadable scraper on an HTML website. The scraper is made in Python and is converted to a .exe file for downloading purposes. Inside the python code, however, I included a Google app password to an email account, because the scraper sends an email and I need the server to login with an available Google account. Whilst .exe files are hard to get source code for, I've seen that there are ways to do so, and I'm wondering, how could I make it so that anyone who has downloaded the scraper.exe file cannot see the email login details that I will be using to send them an email when the scraper needs to? If possible, maybe even block them from accessing any of the .exe source code or bytecode altogether? I'm using the Python libraries bs4 and requests.
Additionally, this is off-topic, however, as it is my first time developing a downloadable file, even whilst converting the Python file to a .exe file, my antivirus picked it up as a suspicious file. This is like a 50 line web scraper and obviously doesn't have any malicious code within it. How can I make the code be less suspicious to antivirus programs?
Sadly even today,there is no perfect solution to this problem.
The ideal usecase is to provide this secret_password from web application,but in your case seems unlikelly since you are building a rather small desktop app.
The best and easiest way is to create a function providing this secret_password in a separate file,and compile this file with Cython,thing that will obcufate your script(and your secret_password) at a very good extend.Will this protect you from lets say Anonymous or a state security agency?No.Here comes the reasonable thinking about how secret and important really your password is and from who you mainly can be harmed.
Finally before compiling you can 'salt' your script or further obscufate it with bcrypt or other libaries.
As for your second question antiviruses and specifically windows don't like programms running without installers and unsigned.
You can use inno setup to create a real life program installer.
If you want to deal with UAC or other issues related to unsigned programms you can sign your programm(will cost money).
Firstly, why is it even sending them an email? Since they'll be running the .exe, it can pop up a window and offer to save the file. If an email must be sent, it can be from the user's gmail rather than yours.
Secondly, using your gmail account in this way may be against the terms of service. You could get your account suspended, and it may technically be a felony in the US. Consult a lawyer if this is a concern.
To your question, there's basically no way to obfuscate the password that will be more than a mild annoyance to anyone with the least interest. At the end of the day, (a) the script runs under the control of the user, potentially in a VM or a container, potentially with network communications captured; and (b) at some point it has to decrypt and send the password. Decoding and following either the script, or the network communications that it makes will be relatively straightforward for anyone who wants to put in quite modest effort.
I need to save emails I receive so that the user can view them later on. They need to be saved in such a way that the images will remain even if their links a re broken (e.g. for the images that are link and not attachments, upload them to S3 and change the links to point to them).
Can anyone recommend a library that will help me achieve that?
I was thinking of two approaches:
1) Save the email to PDF - but I have no idea how to make it correctly include the images.
2) Save the original email and render it on the client, but then it doe snot show the attached images.
Any one of those will do with preference to the first option. If its the first option then I can write it on my RoR server or as an external Python service. If its the sercond I have to write it to work on RoR.
I am aware that this question is similar to: Best way to save email, including images and HTML data, using Java Mail API?
but I need to do it on Rails not Java.
Thank you!
Why not just have an auto-forwarder to a separate account? That way they would effectively be bcc'd on everything you get. I know Gmail can easily do that with filters.
Another option is forwarding the emails to a 'read it later' service and let their api do the heavy lifting. Not sure if they keep the attachment, but it is worth a look.
I'm planning to compile my application to an executable file using Py2Exe. However, I have sensitive URL links in my application that I would like to remain hidden as in encrypted. Regardless if my application is decompiled, the links will still remain encrypted. How would I get say urllib2 to open the encrypted link?
Any help would be appreciated, and or example code that could point me in the right direction.
Thanks!
I don't think urllib2 has an option like it, though what you can do is save the link somewhere else (say a simple database, encrypt them (like a password) and when urllib2 calls the link, you check the hash.
Something like an user authentication.
URL encryption will not save you in this situation. As your software runs in the client machine and somehow decrypts this URL and sends an HTTP request to it, any kid using Wireshark will be able to see your URL.
If the design of your system requires sensitive URLs, the safer way probably involves changes in the design of your HTTP server itself! You have to structure your system in a way that the URLs are not sensitive because you cannot control them. As soon as they are used by your code, they can be captured.
I have a program that I wrote in python that collects data. I want to be able to store the data on the internet somewhere and allow for another user to access it from another computer somewhere else, anywhere in the world that has an internet connection. My original idea was to use an e-mail client, such as g-mail, to store the data by sending pickled strings to the address. This would allow for anyone to access the address and simply read the newest e-mail to get the data. It worked perfectly, but the program requires a new e-mail to be sent every 5-30 seconds. So the method fell through because of the limit g-mail has on e-mails, among other reasons, such as I was unable to completely delete old e-mails.
Now I want to try a different idea, but I do not know very much about network programming with python. I want to setup a webpage with essentially nothing on it. The "master" program, the program actually collecting the data, will send a pickled string to the webpage. Then any of the "remote" programs will be able to read the string. I will also need the master program to delete old strings as it updates the webpage. It would be preferred to be able to store multiple string, so there is no chance of the master updating while the remote is reading.
I do not know if this is a feasible task in python, but any and all ideas are welcome. Also, if you have an ideas on how to do this a different way, I am all ears, well eyes in this case.
I would suggest taking a look at setting up a simple site in google app engine. It's free and you can use python to do the site. Than it would just be a matter of creating a simple restful service that you could send a POST to with your pickled data and store it in a database. Than just create a simple web front end onto the database.
Another option in addition to what Casey already provided:
Set up a remote MySQL database somewhere that has user access levels allowing remote connections. Your Python program could then simply access the database and INSERT the data you're trying to store centrally (e.g. through MySQLDb package or pyodbc package). Your users could then either read the data through a client that supports MySQL or you could write a simple front-end in Python or PHP that displays the data from the database.
Adding this as an answer so that OP will be more likely to see it...
Make sure you consider security! If you just blindly accept pickled data, it can open you up to arbitrary code execution.
I suggest you to use a good middle-ware like: Zero-C ICE, Pyro4, Twisted.
Pyro4 using pickle to serialize data.
I know that with the SimpleHTTPServer I can make my directories accessible by web-browsers via Internet. So, I run just one line of the code and, as a result, another person working on another computer can use his/her browser to see content of my directories.
But I wander if I can make more complicated things. For example, somebody uses his/her browser to load my Python program with a set of parameter (example.py?x=2&y=2) and, as a result, he/she sees the HTML page generated by the Python program (not the Python program).
I also wander if I can process html form submitted to the SimpleHTTPServer.
While it is possible, you have to do pretty much everything yourself (parsing request parameters, handle routing, etc).
If you are not looking to get experience in creating web-frameworks, but just want to create a small site you should probably use a minimalistic framework instead.
Try Bottle, a simple single-file web framework: http://bottlepy.org
Maybe the VerseMatch project and related recipes over at ActiveState is something you would be interested in examining? It implements a small application using the standard library for dynamic running.
have you considered using CGIHTTPServer instead of SimpleHTTPServer? Then you can toss your scripts in cgi-bin and they'll execute. You have to include content-type header and whatnot but if you're looking for quick and dirty it's real convenient