I am trying to filter web content that is accessed programmatically, lets say through lwp::simple or sockets.
I do not have any control over the server configuration, eg. dns settings
How will I be able to use opendns, with these restrictions.
is there per-request dns?
I am not that familiar with this topic, and I greatly appreciate your help.
LWP/Perl sockets use the operating system's resolver only. You need to set up a separate forwarder (e.g. dnsmasq) somewhere that can be configured to resolve certain hostname differently. Then either:
subclass LWP to use the external forwarder or
get permission to point the OS resolver there or
write something in C that hi-jacks the getnameinfo(3)/gethostbyaddr(3) and related system calls, then install this as preload hack.
Related
I use the Socket module to do DNS lookups with Perl. The Socket module uses whichever DNS server the system it runs on is using. Is there a way to force the Socket module use a different DNS server?
I know there are other modules such as "Net::DNS::Resolver", but I'd like to use core Perl modules for this.
Thank you
You could write your own DNS client or "shell out" to an external tool. Otherwise, there's no way to do DNS lookups with just core Perl[1], much less querying specific servers.
There are some functions that can end up doing DNS lookups some of the time as part of a larger name-resolution system (e.g. inet_aton).
I am using the following Perl module from CPAN Net::Whois::IANA which works well when there are no proxy but when a proxy is needed it fails .
from inspecting its code it using this module IO::Socket::INET to connect .
could someone provide how can I add proxy capability to this module ?
There is no such thing as a proxy for all protocols. A proxy is a protocol specific thing and there are different proxies needed for HTTP, SIP etc. As far as I know there is no such thing as a proxy defined for the whois protocol. What kind of proxy do you want to use with whois?
As the RFC http://www.rfc-editor.org/rfc/rfc5626.txt describes , how can i extends a Edge Proxy by Kamailio ? should i write a module , or just write the configure file ?
have any one already do it ,could give me some advice .
thanks .
You could use an already configured instance - SipWise.
It's free, it's Kamailo based, it has an edge-proxy acting as a load-balancer at /etc/ngcp-config/templates/etc/kamailio/lb/kamailio.cfg.tt2, it's available as appliance and requires minimal configuration steps to run it with the basic features up.
You can use it directly, or you can just run it somewhere and take a look at the configuration.
Why write a module? Edge proxy is a pretty much a SIP proxy for REGISTERs.
You could accomplish that with just the configuration routes.
Setup:
I have client C connecting to server S
Both C and S are on the same machine
In C the server address is hardcoded to 127.0.0.1. Likewise, in S the client address is hardcoded to 127.0.0.1
Problem:
I want to be able to sniff the traffic between the client and the server.
Due to the configuration, I cannot move the client nor the server to different locations (the address are hardcoded)
Installing the loopback interface and using tools like Wireshark+WinPcap doesn't lead anywhere (was actually already known but was worth a try)
RawCap, suggested in another topic, doesn't work. IP 127.0.0.1 is listed, but does not record any traffic.
Using rinetd to route the traffic elsewhere, as suggested here doesn't work (cannot bind on 127.0.0.1)
Not interested in using a HTTP local proxy, such as Fiddler, because I'd like to capture also other protocols
Two commercial tools work, specifically CommView and Local Network Monitor, which means it must be possible to do that ;)
How can I do to capture the traffic?
Any pointer on functions I should use or documentation I should read?
Thanks!
Basically you need to write a TDI filter driver to achieve that... for some pointers see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff563317%28v=VS.85%29.aspx
Another option is to write a WinSock LSP.
BEWARE
Since Windows 8 it is strongly encouraged to use WFP (Windows Filtering Platform) for this sort of thing...
Although it might be more cost-effective to just use/buy an existing solution - esp. if you are not a very experienced driver developer...
Use RawCap, which can solve your concerns, see this
Does someone know about a CPAN module on Win32 that captures network packets and edit them on the fly? As far as I know, the only Perl module on Win32 that deals with packets on the fly is Net::Pcap but it only support passive monitoring and not affet the TCP/IP stack.
Is there a such module could someone provide example /reference /documentation ?
As far as I know, libpcap allows you to read copies of incoming and outgoing packets, and some implementations allow you to inject a raw packet, but not rewrite a packet. You would basically have to drop the original packet (something libpcap cannot do) and then inject a new one in it's place.
Firewall apps that allow you to filter incoming and outgoing packets might be able to do something like this. However, since you're talking about Perl and Win32 your options are probably limited.
I think right answer is "implement proxy for this".
If it works in your scenario, try to implement proxy server. Listen on same port as your target service does and read all incoming traffic. If you need modification of packet, do it and pass all traffic to target service. Of course you have to implement both directions.
You can search for basic TCP deamon snippet in perl or maybe you can implement just module for existing proxy server for your service. Is it HTTP or what kind of traffic you need to handle?
I would suggest using Net::Pcap to capture traffic, then the Cygwin port of TCPReplay to modify and replay the traffic. Obviously a Linux setup would be more reliable since TCPreplay would work on it out of the box without requiring cygwin.