I am playing with Fiddler core , trying to set up with a proxy and check Https traffic. For Chrome and Internet Explorer fiddler have great support:
if (!CertMaker.rootCertExists())
{
if (!CertMaker.createRootCert())
return false;
if (!CertMaker.trustRootCert())
return false;
}
Anyone knows what to do with Mozilla ? How to install certificate there ?
There's nothing in Fiddler/FiddlerCore itself that will do this. You can easily start the process from a Firefox extension (see overlay.js in Fiddler's install folder):
var certdb = Components.classes["#mozilla.org/security/x509certdb;1"].getService(Components.interfaces.nsIX509CertDB);
var file = Components.classes["#mozilla.org/file/directory_service;1"].getService(Components.interfaces.nsIProperties).
get("Desk", Components.interfaces.nsIFile);
file.append("FiddlerRoot.cer");
try {
alert("On the following screen, tick the first checkbox: 'Trust this CA to identify websites.'");
certdb.importCertsFromFile(null, file, Components.interfaces.nsIX509Cert.CA_CERT);
} catch (e) { alert("Trust function returned:\n\n" + e); }
From outside Firefox or to bypass all prompts, you'd need to poke their API; see e.g. How to add a trusted Certificate Autority to Firefox with JSS shows one approach.
Related
I have a server of Ubuntu 20.04, and I've successfully run a apache server and I can visit the site with ip address (or domain) from the Internet. But with dart it could be visited from the server with 127.0.0.1/localhost but I could not visit the site from the Internet. How could i fix the problem...?
With dart
Chrome Preview (Empty Response)
zsh Preview (works well)
dart run
With Apache
Chrome Preview
systemctl start apache2
What i have ever tried
close the apache server and change dart server port to 80, not working
add ports config in firewall
Code
No dependency, all-code-in-a-file:
dart create tmp
cd tmp
vi bin/tmp.dart
dart run
import 'dart:io';
void main(List<String> arguments) {
print('Hello world!');
HttpServer.bind(InternetAddress.loopbackIPv4, 80).then((server) {
server.listen((request) {
request.response.statusCode = 200;
request.response.write("---");
request.response.close();
});
});
}
Thanks to #julemand101, it's all my faults…… Simply change InternetAddress.loopbackIPv4 to InternetAddress.anyIPv4 works fine!
I'm working on a Unity project that is reliyng on fetching data from a web API I set up on a public webserver. The server is currently set to self-signed ssl and requires the client to send certification to be able to read the data, if the client fails to send the cert the website returns with "403 forbidden".
I've tested this in the browser and postman and everything works fine.
I've also tested the exact same function in a pure visual studio project and it worked like a charm.
However, when I try this function in Unity I am met with the WebException "The request timed out
".
The way I'm currently doing it is via a WebClient, with an overrided method of WebRequest:
private void Connect()
{
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback += ignoreCertCallback;
ServicePointManager.Expect100Continue = true;
using (var wc = new CertificateWebClient())
{
try
{
var responseBytes = wc.DownloadString(url);
Debug.Log(responseBytes);
Debug.Log(wc.ResponseHeaders);
}
catch (WebException e)
{
Debug.Log(e.ToString());
}
}
}
Override of WebRequest:
protected override WebRequest GetWebRequest(Uri address)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address);
X509Certificate2 certificate = new X509Certificate2(#"C:\temp\ClientCert.pfx", "password");
request.ServerCertificateValidationCallback = delegate (System.Object obj, X509Certificate X509certificate, X509Chain chain, System.Net.Security.SslPolicyErrors errors)
{
return true;
};
Debug.Log(request.RequestUri);
(request as HttpWebRequest).ClientCertificates.Add(certificate);
request.Timeout = 2000;
return request;
}
Important to note is that I've tried the exact same functions inside of Unity with the "client.badssl.com" and their cert, and that also worked like a charm, returning the correct error codes when no cert is sent and everything and If I turn off client certification on my website, everything also works like charm...
From What I understand, It might be Mono that might be the problem as the certification is self-signed and not from a verified CA... But i've not been able to find a workaround... so any help would be great
What are your BG settings? I mean: is it on AWS? Express/NodeJS? WebGL? I am facing the same issue but when testing locally it works like a charm
I would suggest: to check if it is an infrastructure problem you might want to create a certificate for your domain (eg 'goodboy.mytest.io") that is certified from some free SSL providers (I can say LetsEncrypt just for testing) and launch a local server that's using that certificate, then go in your "hosts" file (depending on OS that you are currently running) and mock your localhost as "goodboy.mytest.io", so you can check if connecting to that domain everything goes fine without additional layers (usually placed between connection "bouncing" on web)
I'm following up this too
I have a rest API running on localhost:8001/my_app/api/, and I have apache setup to reverse proxy it from localhost/my_app/api. That's working fine.
In order to have permissions to do anything with the api, it requires my session cookie, my csrftoken cookie and a X-CSRFToken HTTP header. I've configured adapters/application.js as follows:
adapters/application.js
import Ember from 'ember';
import DRFAdapter from './drf';
export default DRFAdapter.extend({
headers: Ember.computed(function() {
return {
'X-CSRFToken': Ember.get(document.cookie.match(/csrftoken\=([^;]*)/), '1'),
};
}).volatile(),
ajax: function(url, method, hash) {
hash = hash || {}; // hash may be undefined
hash.crossDomain = true;
hash.xhrFields = {withCredentials: true};
return this._super(url, method, hash);
}
});
If I do a ember build -prod and copy the contents of the dist dir to /var/www/myApp/, apache serves my app, and it works just fine.
It's when I try to use ember-cli's builtin development server where I run into problems. I'm getting 403 errors from my api. It turns out that while the X-CSRFToken header is being sent neither of my cookies are. If I look in my chrome developer tools, it shows that I have both cookies - they simply aren't in the request headers. They're both from localhost, so I'm a bit confused.
Also, I currently I have CORS on my rest backend setup. Here are the headers I'm currently receiving:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:4200
I thought that since allow-credentials == true and allow-origin != * that cookies were supposed to be allowed. sigh.
Here's my API_HOST and contentSecurityPolicy:
config/environment.js
if (environment === 'development') {
ENV.APP.LOG_TRANSITIONS = true;
ENV.APP.API_HOST = "http://localhost"
ENV.contentSecurityPolicy = {
'default-src': "'none'",
'script-src': "'self' 'unsafe-eval' localhost",
'font-src': "'self'",
'connect-src': "'self' localhost",
'img-src': "'self'",
'style-src': "'self'",
'media-src': "'self'"
};
}
As you can see above, the api requests are being sent through my reverse proxy. I've played around with ember serve --proxy trying both http://localhost:80/ and http://localhost:8001/ but neither have helped. I've also tried setting my development ENV.API_HOST = 'http://localhost:8001/'; with and without the various proxy values.
This edit, build, deploy, refresh my browser, test, & repeat process is REALLY slow and getting old REALLY fast.
Could someone please explain to me how to get the ember-cli development server to properly access my rest api?
I am trying to enable email support for my Meteor application, and since I have my own server I want to also use my own mail server. So I installed postfix in my Debian wheezy server and successfully sent and email to my GMail address, so that means the mail server works properly and sends emails.
When I deploy my Meteor app and try to send an email though, say to do a password reset, my app crashes with the following error:
Exception while invoking method 'forgotPassword' RecipientError: Can't send mail - all recipients were rejected
at Object.Future.wait (/home/loupax/phial/bundle/programs/server/node_modules/fibers/future.js:326:15)
at smtpSend (packages/email/email.js:94)
at Object.Email.send (packages/email/email.js:155)
...
...
My MAIL_URL environment variable is in the format MAIL_URL=smtp://my_domain.tld.
Looks like all I had to do, is change the MAIL_URL environmental variable from smtp://my_domain.tld to smtp://localhost. After that everything worked just fine
Is your server on Amazon? Sometimes SMTP servers are known to block anything sent from certain hosting providers entire IP ranges to block spam.
You might want to consider using a different SMTP server, Amazon's SES, or Mandrill (which has a meteorite package to help) (personally I use both SES and Mandrill).
Note its not only Amazons IP blocks which are in this, its also any hosting provider a spammer can quickly set up. Your SMTP sever probably employs a list from somewhere with all these ips on it
for forgot password email, follow below steps
1) create smtp.js file in server folder and past below code in it
Meteor.startup(function () {
process.env.MAIL_URL =
'smtps://abcd#gmail.com:password#smtp.gmail.com:465';
});
2) paste below code in forgot password.js file
Template.forgot.events({
'click #forgot'(event,template) {
event.preventDefault();
let email = $("#email").val();
// paste below code in server.main.js -> in Meteor.startup function.
/* Accounts.urls.resetPassword = function(token) {
return Meteor.absoluteUrl('reset-password/' + token);
};*/
Accounts.forgotPassword({email:email},function (error,result) {
if(error)
{
alert(error);
}
else
{
console.log(result);
alert("mail sent ..!! Check your mail box");
FlowRouter.go('/login');
}
});
}
});
3 ) in main.js file in server folder paste below code
import '../server/smtp';
Meteor.startup(() => {
// code to run on server at startup
Accounts.urls.resetPassword = function(token) {
return Meteor.absoluteUrl('reset-password/' + token);
};
});
check your mail
i have a data service hosted in azure from which i am sending notification to iphone but while establishing connection with apns i am getting following error
"A call to SSPI failed. The message received was unexpected or badly formatted." i also refered following links for the same error but still getting the error
apple push notification with APNS sharp and
C# iPhone push server?
try
{
using (TcpClient client = new TcpClient())
{
try
{
client.Connect("gateway.sandbox.push.apple.com", 2195);
Logging("TSSLProDi :Connected to Apple");
}
catch (Exception ex)
{
Logging("TSSLProDi :" + ex.Message + "-IE-" + ex.InnerException);
}
using (NetworkStream networkStream = client.GetStream())
{
Logging("TSSLProDi :Client connected.");
X509Certificate clientCertificate = new X509Certificate(System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory + #"startup\certname.pfx"), "mycertpassword");
X509CertificateCollection clientCertificateCollection = new X509CertificateCollection(new X509Certificate[1] { clientCertificate });
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(validateServerCertificate),
null
);
try
{
sslStream.AuthenticateAsClient("gateway.sandbox.push.apple.com", clientCertificateCollection, System.Security.Authentication.SslProtocols.Default, false);
Logging("TSSLProDi :slStreamAuthenticated");
}
catch (AuthenticationException ex)
{
Logging("TSSLProDi :" + "Exception: " + ex.Message.ToString());
if (ex.InnerException != null)
{
Logging("Inner exception: " + ex.InnerException.Message.ToString());
}
Logging("TSSLProDi :" + "Authentication failed - closing the connection.");
client.Close();
return;
}
}
}
}
catch (Exception ex)
{
Logging("TSSLProCert :" + ex.Message + "-IE-" + ex.InnerException);
}
i have installed the needed certificates on VM also.
one warning i am getting on iphone developer_identity certificate which i got from apple is that "Windows does not have enough information to verify this certificate" is there is some thing wrong with my iphone certificate. please help me i am stuck
got the solution i have just changed X509Certificate to X509Certificate2 and X509CertificateCollection to X509Certificate2Collection
I suggest you follow the steps in this tutorial to create a p12 file from you developer certificate.
http://help.adobe.com/en_US/as3/iphone/WS144092a96ffef7cc-371badff126abc17b1f-7fff.html
It's also important that you register this file in windows. This is as simple as double-clicking the file after you've generated it. Don't forget to update the call to the X509Certificate constructor afterwards.
The tutorial works equally well on Windows, but you might have to download an OpenSSL client which can be found here:
http://gnuwin32.sourceforge.net/packages/openssl.htm.
I do not know if this will be helpful after 3 years, but I leave the answer for iOS8.
Apple has changed the server security and right on the line you mention, you have to change from SSL to TLS:
Original code:
_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Ssl3, false);
New code:
_apnsStream.AuthenticateAsClient(host,certificates,System.Security.Authentication.SslProtocols.Tls, false);
I hope this information is helpful to someone.
Someone commented this in the GIT forum
Little late, but who knows if it helps somebody... I made a big mistake with the certificate, and installed the .CER I downloaded from Apple Developer Site... I know... my fault, but it could happen if you're as dumb as I am :-P
When you download the .CER, you have to import it into your keychain and then EXPORT the certificate INCLUDING the private key... that will generate a .P12 certificate, and THAT is the one you have to install in the Windows machine. Once I installed the .P12 in the LocalMachine/Personal store, the authentication worked just fine for me.
I got same problem, I use .p12 certificate file instead of .pfx and use moon-apns to send notification, the problem been solved.
Donwnload Moon-APNS code here: https://github.com/arashnorouzi/Moon-APNS
Try this :
SslStream sslStream = new SslStream(client.GetStream(), false);