I need to check WiFi is pass through web page login or not, but I don't know how to do.
So I need someone can help me or explain how to wifi via web page login. thanks.
On Android: You can implement your own RedirectHandler and then use it in an HttpClient to hit a website that should never be redirected. If you get redirected then this access point is likely a walled garden (no access to the internet, without further steps). After that you are unlikely to be able to simply log in for the user programmatically, since the user could be anywhere and may need to pay to use the internet: hotel, airplane, coffee shop. Instead the best course of action is to inform the user with a dialog that they will need to perform additional steps to reach the internet using the Wi-Fi access point they are currently connected to and then allow them to easily open the web browser to a website that will trigger the redirect such as www.google.com. I know this solution works because I've implemented it myself before.
On iPhone this probably isn't necessary since the iPhone already detects walled garden Wi-Fi access points as soon as the user connects to them and shows the browser. If the user fails to connect to the internet the iPhone disconnects the user from the Wi-Fi access point.
Related
I am building a guest wireless access for a pub. The idea is that users will be granted with internet access if they like they pub's website.
Now I was checking the requirements on facebook to check this and I found this:
Gate access to your app, or some content within your app based on
whether or not someone has liked a page.
NOTE: facebook wifi is not a solution for me hence I am using ubiquiti unifi AP
Does it means that I can't read if my clients like my page in order to allow them to use my wifi? is there a way around it?
If that's the solely purpose of the user_likes permission for your app you will very likely not pass the Login Review process.
For a middleware system with internet (which works inside a set-top box) I want to develop a primitive Facebook interface where users can type their user-names and password, showing their latest notification, messages and other casual stuff on the TV screen by using the recent Facebook Graph API.
This middleware program uses Java ME to run programs (such as this simple facebook app) and it can connect to internet however it doesn't have a real web browser. Without browser it can connect to any url to retrieve the JSON response however I am not sure how to achieve authentication without a real browser.
Under this circumstances, is it possible Facebook authentication? If you think so, what approach would you suggest ?
Thanks
Facebook provides trusted partners with a private Authorization API to get an OAuth 2 token from a username / password.
A more complicated approach would be doing something similar to how Netflix enrolls a device:
device calls server to obtain a Code
device shows code on screen and directs user to go to URL on server and enter Code
server redirects user to Facebook and obtains OAuth token, user told to go back to device
device calls server with Code and obtains OAuth token
device can now make calls directly on behalf of user
According to this documentation on "Desktop Application Authentication" I don't believe your desired result is possible:
Facebook's OAuth implementation does not include explicit desktop application support. However, if your desktop application can embed a Web browser, you can add Facebook support to your application easily using the same OAuth User-Agent Flow used by JavaScript clients.
However, it is clearly possible for certain vendors to do this, since Microsoft's Xbox 360 Facebook application does exactly what you are proposing. I'd be interested to see if anyone has dug up any API for doing this that Facebook doesn't want in their most obvious documentation.
This isn't an answer but I'm trying to do the same thing. Check out this guy's blog which uses another server to proxy the requests:
cory wiles blog
If you figure it out please post a detailed answer here so I can do it to.. :)
I think it is possible though it is pretty complicated and subject to sudden changes of Facebook interface. It might break the agreement between you and Facebook.
What you do is to emulate the Facebook.
One path you have to set up a Facebook application. Once you got the authorisation from user, you can to something with Graph API.
You need to the Facebook log-in process and authorisation process. There are some capturing tools on http/https request and response. Analyse them, both header and body.
Once you know the authorisation mechanism, you can replace it with you own. Everything afterward is on Graph API.
Another path is to emulate Facebook login and message and notification process. Capturing and analysis is needed.
In the past I have used a tool called screen-scraper (full disclosure: I used to work there) to automate logging in to facebook. Basically, it imitates a browser session; it allows you to set session variables (i.e. username, password) which would then be submitted to facebook, just as if the user had submitted them in a browser.
You may not be able to use screen-scraper in your set-top box environment (although it is java-based, so it's possible it would work). Even if it doesn't, you could implement a similar strategy in java, making the HTTP calls a browser would make to load the login page and submit the user's credentials. To keep the user's info safe make sure whatever HTTP client library you use supports HTTPS.
Proxy tools and extensions like Charles, Fiddler2, Firebug, Chrome's dev tools, etc. are helpful in seeing exactly what the browser is sending to the server in requests.
Your friend connects to Facebook and checks "remember me".
Facebook creates a cookie on the browser.
Your friends goes to the bathroom.
You steal your friend's cookies from his browser and its data.
You go home and make these cookies with that data.
Assuming Facebook does not associate cookies + IP, you can gain access to the Facebook page. Edit: True, Facebook does not check for IP.
Now, let's take a look at Facebook Connect. This is the key.
User "connects" by pushing the button.
Facebook sets a cookie on the browser , which your application backend will read from to determine if the user is authenticated. Then, you associate this FB-cookie-id with the user in YOUR system.
If your system does not check for IP, then theoretically faking the cookie will allow you access into the application that used Facebook Connect. Which then you can gain access to the application,
Is it valid to say that you should check for IP when doing Facebook connect to add a level of security? But even if you do, some people have commented about IP Spoofing.
#everybody who says "Physical Access":
Yes, I agree that the concept of physical access makes this question trivial. However, this is a hole that the APPLICATION must be aware of. Sure, the Facebook profile/worthless application wouldn't matter much...but What if the application was a banking system? All I am saying is that if Citibank or Bank of America used "Facebook Connect" (which would be stupid, but let's assume), then this method would prove to be an easy way to access their account.
Therefore, Facebook Connect should NOT be used with anything "important". Right?
Another option is, after your friend goes to the bathroom, you can steal his wallet and use the cash inside to bribe his girlfriend into giving you his Facebook password, thus rendering all of his applications using Facebook Connect vulnerable.
Then you have the issue of going around WiFi networks, which would make the "remember me" option useless
No. To steal your friend's cookies you need physical access to the machine, and if you have that everything stored there is vulnerable to you. There's nothing Facebook can, or should, do to prevent this.
There are plenty ways that you can follow in order to hack a facebook account.
For example you can begin by learning a few basic hacking methods(there are thousands of them) and try to combine them together.
Some of them are:
Keylogger.
Denial of Service (DoS\DDoS)
Waterhole attacks.
Fake WAP.
Eavesdropping (Passive Attacks)
Phishing.
Virus, Trojan
ClickJacking Attacks.
etc
Ofc, there are a lot of tools there on the internet that might help you, some are free(most of them are fake) and some are paid(few of them are fake. There was a website for example in Netherlands that was for free and it managed to hack 3 accounts out of 10 for me depending on their security protection. You can give it a try here.
Good luck!
I'm trying to glue information from a web page to an iPhone app that said web page suggests to download. I control both the web page and the downloadable app.
Scenario is like this:
User visits my web page, on which I recognize the user (he may have logged in, and I store his info in a cookie). I then present a link to him to an app in the App Store that he should download for "enhanced experience" of this web service of mine.
Now, when the user launches the downloaded app on his iPhone, I like to re-identify the user who previously visited said web page.
All would be easy if an iPhone app could read Safari's cookies. But it can't.
A somewhat lame solution could be that the web server stores the visitor's IP address and uses that to recognize him once he launches the iPhone app. But that's not reliable.
Another one would be to give the user a token (code) that he needs to remember and then re-enter in the app. Still quite awkward, I think.
Any better suggestions?
Simply put, you can't do this.
One thing you could consider is a custom URL scheme to launch the app. You could send the user an email that uses this custom link. However there's a couple of problems with this:
the user may not have the account that they used to register for your site set up on their iPhone. This might seem unlikely, but say the user signed up for your site 5 years ago with their Hotmail account and they have since switched to Gmail.
it's unlikely that the email would fit into their workflow. They would probably download the app and just launch it by touching the icon instead of clicking a link in a received email.
You could also put the custom URL as a link on your web page, but again, this won't fit into the workflow because they have to go to the App Store app to do the download.
Consider this - if you've got some sort of website that has an authentication step, it's probably a fair bet to say that the user is the type of person who already has an application such as Facebook installed on their iPhone. They are already used to the paradigm of having to enter their credentials into an application despite the fact that they may have already done it in Safari.
If you could read the unique iPhone device ID from javascript on your web page, you could look for that again when the application connected...
But I cannot find any means of reading this from Javascript in Mobile Safari, I thought I'd post in case there is a way now to give you another option to consider.
OK, we found a somewhat working solution: The html code can create a cookie. Later, when the app runs, it can't directly read that cookie, of course (due to the sandboxing of iPhone apps). However, it can connect to the server, then open a http URL pointing to the server and including a unique token that it has gotten from the server beforehand. This leads to launching Safari, accessing the server. The server can now read the aforementioned cookie and finally establish the connection with the help of the token.
Just stumbled over this question and I'm curious if you thought about using a UIWebView.
Where the question is - does UIWebView share cookies with safari?
If it does the rest should be easy.
UIWebView's DON'T share cookies with Safari. So unfortunately that is not an option.
This is really just a "what-if" type question, so forgive me if it is either ridiculous or ridiculously easy...
I have a client whose site offers a "chat with a consultant" option that you see on many sales and support sites. We were wondering if there was a way that iPhone users (or any user, in theory, but mostly iPhone) could click this option and after giving the basic form info (name, question,etc) the actual chat itself could open up in the chat client.
Is this as simple as the "click here to send me an AIM message" syntax?
The XMPP (jabber) server is Openfire and the webchat uses the Fastpath plugin. Would this feature need to be enabled deeper than the page's HTML/PHP? Does the server/plugin need to modified as well?
Would this threaten the security of the XMPP server (which is behind a firewall and can only be accessed externally via the above plugin)?
Does this even sound like something that iPhone users would appreciate, or would it simply be confusing/obtrusive?
Sorry for the objective last question, but I'd hate to spend time on this only irritate users.
Referrals to resources and documentation welcome. I'm not looking for someone to walk me through the whole thing, I just want to get an idea of it can be done and where to start reading.
I'm a little confused by what you want to do - the user fills out a form on a web site and then they are put into a "chat room" on their iPhone?
This is possible. However all of them require that the user has already installed your app, so it may be a hurdle to what you are trying to do.
However if it's using a pre-existing chat service (such as AIM), you may already be OK if the user already has a chat client installed on their iPhone. You could launch the app using custom urls or push notifications - however, this is assuming that the app developer has enabled such hooks, and if so if they are published.
If you want to go with your own client, if the user is filling out the form on the iPhone, then on submission you could redirect them to a custom url for your application. From mobile Safari, this will directly launch your app. Note that the user must already have the app installed for this to work, or else they'll see an error, and it won't be a particularly user-friendly one.
Another way, if the user is filling out the form on their computer, is via push notification. Again, they must first have the app installed. They would receive a notification that, on acceptance, launches your app.
The final way, if the user is filling out the form on their computer, is that they would have to download your app first and run it, so that it could communicate with a desktop client of yours via network services.