Recently i implemented i small captive portal in python. i redirect users to the login page from dns requests. All worked fine until i realised when dns server i manually change on client system to a public dns, it totally bypass the captive portal. My problem is, how to redirect users even with dns servers changed or how to block all outgoing dns requests which is not using the default dns.
I was thinking listening on port 53 would capture all request using twisted.
This is a very simple example of how i am doing it:
from twisted.internet.protocol import DatagramProtocol
from twisted.internet import reactor`
class UDP(DatagramProtocol):
def datagramReceived(self, datagram, addr):
print datagram, addr
port = 53
max_byte = 512
reactor.listenUDP(port, UDP(), '', max_byte)
reactor.run()
Am i doing it wrong?
I also tried to block remote port 53 from the firewall on the main machine providing Internet connectivity but it also doesnt work.
If users are bypassing your captive portal by changing DNS, the issue is that they can route DNS requests around the portal, and therefore there's nothing you can do in the portal. You need to create routing rules which redirect all port 53 traffic on your network to your DNS server, regardless of where they're trying to send it.
The bad news is, you can't do this with Twisted. You need to do this in your router's operating system, using something like iptables.
Related
I have a raspberry pi, a flask server, a flask client, and two different networks.
when I connect a wifi adapter to the raspberry pi I can see that I have a new interface called "wlan1" is there a way to run a the server for example on "wlan0" and the client on "wlan1".
what I'm trying to do is run the server on a different network than the client (while both of them are on the pi).
Server:
For the server part, you need to "bind" the listening socket to the IP address of wlan0.
Find the IP address of wlan0 using ifconfig wlan0 or ip addr show dev wlan0 (e.g. 192.168.0.2)
Bind the Flask server to that IP address using app.run(host='192.168.0.2', port=80)
If you bind to 0.0.0.0, it will be reachable from all network devices.
Client:
A little bit more involved, take a look at how "routing tables" work for the theory.
Find out the IP address of the server that your client will connect to (e.g. 93.184.216.34)
Find out the IP address of the default gateway on the interface wlan1, for example with ip route (look for "default via dev wlan1"), e.g. "default via 192.168.1.1 dev wlan1"
Add a route to that IP address via the gateway and interface, using route add 93.184.216.34 gw 192.168.1.1 dev wlan1
Note that the routing table will affect all programs on the raspberry pi, not just your client application.
I am trying to connect to a redisai server through the redisai-py Client. The server is password protected and the Client is passed host, port, and password as arguments. However, the client times out on a tensorset/get even though it returns a connection object.
import redisai
r = redisai.Client(host='<host>', port=<port>, password='<password>')
in redis-cli, you would
redis-cli
auth <password>
...
which works just fine. There doesn't seem to be a way to perform this action through a redisai-py Client despite it extending the StrictRedis class. Since the Client won't connect without authentication, I cannot access the data.
The solution to accessing the redisai database involved creating inbound port rules focused directly around the VNet the Azure VM nodes were located on.
When connecting with redisai Client, the private IP address is used and the argument for port is left out.
import redisai
r = redisai.Client(host=<Private IP>)
r.ping()
# PONG
The primary node inbound port rules:
Worker inbound port rule:
However, this does not solve the issue around the client hanging and providing authentication when the redisai database is exposed but requires a password.
Following is a Python based RESTful library client (recommended by HP https://developer.hpe.com/platform/ilo-restful-api/home) that uses Redfish REST API (https://github.com/HewlettPackard/python-ilorest-library) to connect to the remote HPE iLO5 server of ProLiant DL360 Gen10 based hardware
#! /usr/bin/python
import redfish
iLO_host = "https://xx.xx.xx.xx"
username = "admin"
password = "xxxxxx"
# Create a REST object
REST_OBJ = redfish.redfish_client(base_url=iLO_host,username=username, password=password, default_prefix='/redfish/v1')
# Login into the server and create a session
REST_OBJ.login(auth="session")
# HTTP GET request
response = REST_OBJ.get("/redfish/v1/systems/1", None)
print response
REST_OBJ.logout()
I am getting RetriesExhaustedError when creating REST object. However, I can successfully do SSH to the server from the VM (RHEL7.4) where I am running this script. The authentication details are given correctly. I verified that the Web Server is enabled (both port 443 and 80) in the iLO Security - Access settings. Also, in my VM box the Firewalld service has been stopped and IPTables is flushed. But still connection could not be established. What other possibilities I can try yet?
I found the root cause. The issue is with SSL Certificate verification being done by the Python code.
This can be turned off by setting the environment variable PYTHONHTTPSVERIFY=0 before running the code solved the problem.
This is a very old topic, but perhaps for other people that have a similar issue when accessing the iLO in any way, and not just over Python:
You most likely need to update the firmware in your server, so that the TLS is updated. You will most likely need to use an old browser to do this, as modern versions of Mozilla/Chrome will not work with old TLS. I have had luck with Konqueror.
I am trying to make a server in python using sockets that I can connect to on any web browser. I am using the host as "localhost" and the port as 8888.
When I attempt to connect to it, the stuff I want to be shown shows up for a split-second, and then it goes away with the browser saying "The connection was reset".
I've made it do something very simple to test if it still does it, and it does.
Is there a way to stop this?
import time
import socket
HOST = "localhost"
PORT = 8888
def function(sck):
sck.send(bytes("test"),"UTF-8"))
sck.close()
ssck=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
ssck.bind((HOST,PORT))
ssck.listen(1)
while True:
sck,addr=ssck.accept()
function(sck)
Probably the same problem as Perl: Connection reset with simple HTTP server, Ultra simple HTTP socket server, written in PHP, behaving unexpectedly, HTTP Server Not Sending Complete File To WGET, Firefox. Connection reset by peer?. That is you don't read the HTTP header from the browser but simply send your response and close the connection.
tl;dr
your function should be
def function(sck):
sck.send(bytes("HTTP/1.1 200 OK\n\n<header><title>test page</title></header><body><h1>test page!</h1></body>"),"UTF-8"))
sck.close()
With a server as simple as that, you're only creating a TCP socket.
HTTP protocols suggest that the client should ask for a page, something like:
HTTP/1.1 GET /somepath/somepage.html
Host: somehost.com
OtherHeader: look at the http spec
The response should then be:
HTTP/1.1 200 OK
some: headers
<header></header><body></body>
I'm using windows server 2008, and one of the things I need to do in order to pair to a domain name is send a file with the computers current IP address (it's not static) to a server via sftp every few minutes. The problem is that I'm not sure how to do this.
I would send it via XMPP. You can set up a listener service for the server.
Send an xmpp message using a python library
Here are some ideas on XMPP servers to run on your IIS server (listening to recieve the incoming messages from clients http://metajack.im/2008/08/26/choosing-an-xmpp-server/
Pretzel looks nice
this python code can be run client side to get the public IP address.
host, aliaslist, lan_ip = socket.gethostbyname_ex(socket.gethostname())
print host
print aliaslist
print lan_ip[0]
Than you would send via XMPP message containing the IP to the server you have set up on your IIS server. Depending on what you want to do with the IP address once it gets to the server, you will handle the message serverside