Too much here and I've already spent hours trying to find my answer, to no avail.
I run a small ISP. We do not use any form of PPP. However, I control the clients' routers. The client router have their default gateways normally set to use my network gateway. However, if I change the client's default gateway to point to an alias of my server, whenever they try to go anywhere on the internet, even if it's google.com, I want them to go to myserver/YouHaveNotPaidYourBill.php.
I use Debian and Lighttpd on the server.
I have tried everything I can think of, and the server simply redirects the packets to the real gateway. This isn't what I want.
Any help is greatly appreciated.
Your best chance is to poison your client's DNS, and have any DNS request point to your server.
Be warned, non-http traffic will fail silently, so clients that don't browse (ie: a line used for torrenting, for VoIP, or simply, someone who chats but doesn't browse) will only see internet failing silently and will not see the dialog.
Also, you'll fail to grab HTTPS traffic as well. Since, for example, firefox uses HTTPS for google searches by default, average joe will try to access https://www.google.com, which you can't intercept to show your own message. There no way; if there where, you'd be able to intercept any other https website (ie: banks) to show your own content.
Finally: this sort of thing is also interception of packages and/or MITM, and may be ilegal, depending on wherer you live. It's not the same to drop communications (when he doesn't pay), and to intercept it like this.
Related
The fact that I access a certain website is certainly visible to the admin in my office - i.e. at work - and to the ISPs at work, home or wherever I access that website from. But if I send an e-mail from Yahoo/Google/etc. are the sender and receiver visible to the said admin, considering the fact that the connection is thru https: ?
There's a few things to consider here:
Connecting to your service prover If you log on to https://mail.google.com or https://www.hotmail.com then you are over https and so should be secure.
However most corporates only have internet access through a proxy and like to virus scan traffic. As HTTPS traffic is encrypted they use so called man in the middle (MITM) proxies so when you connect to Gmail over https you actual connect to the proxy over https (and it provides a HTTPS certificate in Google's name) and then that proxy connects to Google.
This is allowed by web browsers if the proxy certificate is set up as a local CA on your computer (which if in such a corporate environment they will be able to install this), but is very difficult to do without access to your machine (e.g.on coffee shop wifi as you will get a HTTPS certificate error). While this sounds dodgy (and is not well liked by security professionals as can introduce more risks), it is quite common in larger companies - though often companies that do this also block access to web mail providers as well. Virus scanners installed on your machine work in the exact same way.
You can see if this is the case by looking at the HTTPS certificate change in your browser and see if it is the same as at home and chains up to a real certificate authority (CA) or to your company name.
Once a party is performing a MITM and, while most companies have neither the resources nor the inclination to read this traffic, other than to run it through an automatic virus scanner, in theory they can.
Encryption to the sender address. Once you are on your mail provider (via web mail or from an email client on your device) and send a mail, for example from your gmail account to a hotmail account you've got to consider whether that connection is encrypted. In 2026 Gmail started warning if the sender address is for a service that doesn't allow Gmail to use HTTPS to send it the message. Unfortunately that was pretty much the norm for a long time and in 2014 Google said 50% of mail it sends is unencrypted, though (partially in response to Gmail marking this as insecure I guess) that has increased to 80% at the time of writing.
Either way this is from Gmail servers so local admins (e.g. in your office) should not be able to intercept this traffic as it's not sent on the local network (unless you work for a network telco or a spy agency!), but in theory unencrypted messages could be read here.
User encrypted mail only encrypted the body. Technologies like PGP or SMIME allow you to Encrypt your email message separately before you send it via a provider but this is only for the message contents so the To Address, From Address and Subject are still visible over plain text SMIME does allow you to have different subjects but that has its own problems - see the answer here for more details). And it's a massive of a pain to use these to be honest.
Authentication technologies like do not help here When researching encrypted mail you may see mention of DMARC, DKIM and SPF but they are authentication methods (to ensure you sent the message) rather than tools to hide data so ignore any mention of those when asking about hiding data. For example the earlier Google Blog link talks about authentication as the other thing they will warn against.
Quote a broad topic, and not a great fit for a Stack Overflow question to be honest (perhaps would be OK on the sister site http://security.stackexchange.com), but hopefully that gives you some understanding anyway.
Another, more detailed answer, can be found here: Using SSL/TSL to secure your communications. What I understand summing up both answers is that the e-mail content should be encrypted separately to be completely safe. I still am not sure what the answer is re: e-mail adresses of the sender and the receiver(s).
I am using a free caller android app and they restrict me with limited credits. I would like to explore more about how this app works. So I started decompiling the APK file and intercepting networking requests using Fiddler.
I intercepted requests, but none of those are creating the actual call. So after decompiling the APK I understood they are using SIP server for calls. I couldn't intercept any SIP call with fiddler or wireshark.
They are using this SIP server : https://www.kamailio.org/
Kamailio is one of the powerful SIP Servers and they have good documentation and big mail-user list. You can check their wiki:
http://www.kamailio.org/wiki/
For understanding this case first you should learn "how voip works" subject. You already can not inrecept any SIP call with fiddler or wireshark. Generally, SIP server managers hide their topology for security reasons. Thats why you can not observe SIP traffic to the end of the tunnel.
Even Kamailio has its own module that provides hide your network topology with one click :)
https://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging#decoding_of_tls_connections_with_wireshark
If they can limit your credits, then, of course, they will authenticate your every call and reject it if you don't have enough funds (or out of quota).
So, if you learn a little bit about SIP technology - perhaps, you'll be able to send a call request even without a dialer, but I doubt that the call will be authenticated.
An analogy: if you know a full path to some restricted page - you can paste it into the browser's address field and go there, but if you are not logged in, then you will still get an error like "you're not allowed to read this page".
We are planing to develop an extension for a software which will detect the email client software or interface of the recipients and report it.
In many forums this subject is told that is not possible but in this site they claim that they provide a reporting in a large scale.
http://www.adestra.com/email-client-detection-with-messagefocus/
I would be glad if someone could tell or show me a way to do it in any platform.
There are 2 situations here:
- detect the client email agent of the sender
- detect the client email agent of the receiver
The SMTP protocol does not define anything that would allow you to identify the client agent. So in theory you cannot guess it. Some clients will send some sort of identification in the header, though also this is not standard, and it can be fake. You can guess the client agent base on these identifiers though.
To find out the client agent of the receiver, you need to include content that will eventually connect to an http server. From there you can get the client agent (of the browser that opens it). So again, you have to do some guessing work. (ex. if it's yahoo.com and it is chrome .. then .. if it's ie then .. and so on.)
So to cut it short, there is not reliable way of finding out the client mail agents, it's more guessing and statistics.
The only way to do this is via the user-agent from a tracking image, you need the interaction via http. From there, you could determine, although not reliably, the email client in use.
I have a website with language ES-ES and I am launching its version in a new country ES-MEX.
I want to redirect all visitors to main website to the site for their country, choosing the best option to avoid overloads (I understand that running even one more script would increase the page download for all my local visitors, so I´d prefer to avoid that)
Would you use htaccess or php?
And what kind of code?
Thanks in advance
You need to set up the dns server that will serve the requests for your domain and provide different server addresses for DNS name requests originated from networks located in Mexico. The BIND DNS server feature that allows you to accomplish this is called view
Thus, you define a view that matches the clients in Mexico and then this view reports different address(es) for names in your domain while for the rest of the World you still report the original ones.
You need to analyse your server logs and find with whois service the locations of the networks you are getting the connections from.
The second option is to use the content negotiation module of the Apache httpd server in a way that the version negotiated for es_MX language of all pages at your original web server would return redirects to the other server.
Both methods are not 100% reliable so clients from Mexico may get connected to your original server and I think that you should use both solutions simultaneously
We're running an event where visitors will register with Facebook onsite and will be given RFID tags for photos and wall posts during the event.
We're running into an issue where Facebook's anti-phishing measures are blocking our app because we have had so many Facebook auth requests originating from the same IP (we have a single broadband connection terminating at our event) in a short amount of time.
Facebook informed us we should proxy the requests so that we can add the following 2 headers before the request is finally sent over to Facebook.
X-Forwarded-For: (originating IP address of Client)
X-Forwarded-For-Sig: (Fields below delimited by “|” with HMAC-SHA1 hash.)
They explained how we should construct the values of the headers, but we're having trouble with getting a proxy set up. We've looked into nginx and squid (we have a local Linux server located at the event, but it is behind the router so it has a local IP).
Has anyone successfully set this up with Squid or other proxy software? Any help would be much appreciated, thanks!
Chris