I've been having trouble for the last few weeks trying to figure out how to separate traffic by browser tabs. I am using Fiddler with chrome, and here is my problem: Lets say we have two tabs open, tab A, and tab B. I want method A to be run if there is HTTP traffic from tab A, and method B to run if there is HTTP traffic from tab B. Is there a way to distinguish between the traffic between tabs?
As a secondary question, is there a way to distinguish traffic between browsers as well? For example, separating Chrome traffic from Firefox traffic?
I have looked into other solutions, which propose to use the filter functionality, but this does not provide me with the functionality I need, as that only permits traffic from one tab and blocks any other traffic.
Related
I'm working on a browser extension (compatible with Chrome, FF, Opera, and Edge) and I'm trying to figure out how to associate requests to domains outside of the current page. For example, when you go to google.com a lot of requests to domains other than google.com occur such as to gstatic.com.
An extension like NoScript shows all of the requested domains that a page made and lets you allow or deny. I'm trying to get a similar functionality.
Is this something that can be done in the content script or is there some way to keep state information in the background script that I can then display in the popup? Obviously it's possible but I'm just not seeing which callback I can use.
I've set up a Raspberry Pi as a Wi-Fi access point. Everything works, including the captive portal. The web browser on each client is redirected to the login page, which functions correctly. I'm looking to modify the configuration of iptables and/or dnsmasq to make the client open a web browser on the captive portal automatically. Starbucks, McDonald's, etc. can all do it; I'm trying to figure out how to do it.
Here, here and here are partial explanations of how to achieve it, but I'm looking to understand it - not merely follow someone else's instructions - so that I can do it myself. I would like to write a HOWTO on the subject, partly because one doesn't exist yet (or if it does then I can't find it).
There are third-party apps such as Wifidog and Coovachilli, which seem to do the job, but I've failed to grasp how they do it. I believe it can be achieved by modifying the configuration of dnsmasq and iptables, but that's as far as I've gotten. it should do something like this:-
1) Regulate the data packets in such a way as to let the client's web browser realize that there's a captive portal; this will cause the client's web browser to open a window and direct it to the captive portal
2) Handle the captive portal; permit login; modify the settings of iptables to facilitate login; etc.
3) Redirect all traffic transparently after the login
Items 2 and 3 aren't a problem. I'm stuck on item 1. All advice is appreciated, including redirection to existing documentation. Thank you.
I do not know how WifiDog and CoovaChilli do their thing, but ChilliSpot (which CoovaChilli was originally based on) did something along these lines:
Open a raw socket bound to the internal interface
Capture all traffic bound to that interface
If it was authorized (eg. logged in), handle NAT and forward on out
If not authorized, block traffic
UNLESS
If it was not authorized AND HTTP, use some custom code to reply to the HTTP GET request with a 301 Redirect to point to the portal page itself, which would then allow for login.
That's the very simplified version of it, but I expect that most other captive portals will use very similar methods (especially the 301 Redirect). The absolute best way to find out would be to read a lot of code :)
Best of luck!
I apologize for my lack of knowledge on how the intricacies of the web work ahead of time.
I run a fairly large deal site (lets call it dealsite.com) and we send a lot of traffic to Amazon.com. Is there anyway for me to hide from Amazon that the users are are coming from dealsite.com? I do not want Amazon to know that we (dealsite.com) are the ones sending the traffic.
Maybe strip certain cookies?
Send outbound traffic through a proxy?
I am not doing anything illegal and these are real users not bots.
By using the noreferrer tag on your links, you can prevent Amazon from learning their traffic is coming from your site, and you don't need to set up a proxy, vpn, or cookie redirects.
HTTP generally sends the referring page along with its request for the new page as part of the HTTP referer section of the request header, and that's how sites track where their visitors come from. So for example, a user would click through to Amazon.com from Dealsite.com, and the request would include an HTTP referer telling Amazon.com that the user was linked from Dealsite.com.
To prevent web sites like Amazon from learning that their traffic came from your site, prevent your links from sending the HTTP referer. In HTML5, just add rel="noreferrer" to your links, and then referral information will not be sent to the site that was linked. The noreferrer link type is only suppported in new browsers, so I suggest using the knu's noreferrer polyfill to make sure it works on older browsers too.
So far this will prevent referrer information from being sent from 99.9% of your users - the only users that will send referral information will be users that are both using old browsers and have JavaScript disabled. To make it 100%, you could require users have JavaScript enabled to be able to click on those particular links.
Disclaimer: This is not the thorough idea you're looking for. I ran out of space in the comments so posted it as an answer. A couple of possible solutions come to my mind.
Proxy servers: Multiple distributed proxy servers to be specific. You can round robin your users through these servers and and hit Amazon so that the inbound traffic to Amazon from dualist.com keeps revolving. Disadvantage is that this will be slow depending on where the proxy server resides. So not the most ideal solution for an Ecommerce site but it works. And the major advantage is that implementation will be very simple.
VPN tunneling: Extremely similar to proxy server. VPN tunnel to another server and send redirect to Amazon from there. You'll get a new (non dealsite.com) IP from the VPN server of this network and your original IP will be masked
Redirects from user (Still in works) For this one I was thinking of if you could store the info you need from dealsite.com in a cookie and then instruct the host to redirect to Amazon by itself. Hence the inbound traffic to Amazon will be from the users IP and not dealsite.coms. If you need to get back to the dealsite session from Amazon, you could use the previously saved cookie to do so.
Ill add to this answer if I find something better.
Edit 1 A few hours more hours researching brought me to the Tor project. This might be useful but be wary, Many security experts advise against using Tor. See here
I am facing a strange thing when i open some URL. The URL is (www.jobserve.com)
When i open this URL from my home, it opens some web page. Same url if i open from my office network, i get a entirely differnt URL, which is what i want.
Both, my home and office are in same city in India(3 Km. apart!) but somehow from my home network, i get served a entirely different page which is not what i am trying to open.(The page opening up in the office one is desired one. Office network has proxy/firewall which could be shielding the IP address for opening to outside world!).
My question is why is it happening so, because both accesses are happening from same country/city(but different ISPs though!), so there cannot be a country/IP specific host/content served differently than the global content of the same server.
So what could be happening here?
This raised another question in my mind(when i tried to find ip of the server using nslookup and domain name which returned error - "can't find www.jobserve.com/: Non-existent domain"):-
How can i find IP address of the web server using the domain name other than nslookup which is not working for this particular domain/url?
I recall there were some sites which find geographical location of server and show that pictorially, but i am not able to recall the url for that? Does anyone know?
Thanks,
-AD.
Some sites look at the incoming IP address, lookup where it's coming from and then take various actions they think relevant to you - usually, redirecting you to a more-local site.
Of course, lots of sites react if they think they've "seen you before." For example, there may be cookies that tell them something about you. Or, they may be reacting to your browser.
Sometimes, organizations look at the source IP address and if it's coming from a business they may respond differently than if it's from a non-business ("home") IP.
And, sometimes companies intercept IP traffic and edit it in various ways. This is not normally done to web pages, but if your employer isn't happy with your watching porn at work ( -smile- ), they may do something about it! ...China is well known for doing this type of interception...
I work for an UK based company and all my regional settings are UK based. Moreover the internet is itself from UK so all websites act as if I am from UK.
Google.com goes to google.co.uk
virgin, T mobile ads every where
Does this give any idea about why you are getting a different website in office?
For finding the IP address: don't use a slash. Just
nslookup www.jobserve.com
Alternatively, you can use a website like http://www.domaintools.com/ (there are many others, that's just the first one that comes to my mind).
I want to be able to set my country of origin - does this involve testing through a proxy, or is there something that can be set else where?
I would use TOR for this purpose. That way you are sure you are hitting the site from a different country.
Depends on what do you want to test against. If it is a GeoIP system, you'd need to get yourself a proxy in another location or otherwise use a different network. If it is the HTTP content negotiation headers you can change them in the browser configuration.
How you do it depends on the operating system and browser and what you are testing.
If you are testing non-HTML content that runs in the browser (eg flash), then with IE, you must change your machine's location as IE picks it up from there. With Firefox, browse to about:config, accept the "Here be dragons" warning and edit the general.useragent.locale value.
If you are testing what version of a page is returned based on local, then you need to specify the lanuge (in Firefox, tools -> options menu -> content tab -> choose button in languages section and add the correct country code)
I'm assuming you're using the IP to check the country. If you're testing internally then it may be possible to get a setup where the both the testing machine and the server to be tested are behind the same NAT. In this case just set your IP manually to an IP for whatever country you want to test, and connect to the server. So long as both of you are behind the same NAT it should see you as whatever IP you set.
Perhaps this is obvious, but you can also test from another country by using a VPN (from a company like purevpn.com) or by using a virtual machine like an EC2 from AWS. The gold standard is a remote desktop like an EC2 virtual machine because VPNs or proxies can have latency.