Can one use Fiddler to monitor a Mainframe PCOMM session? Or a Mainframe session with any 3270 Emulator software? If so, how? I have looked at the Fiddler documentation, and searched, and it is not mentioned.
The ultimate goal is to connect to the mainframe using Java code. I have already provided a PCOMM automation solution that logs on, goes to CICS, performs the transaction, screen scrapes the screens, and puts the screen data to a file. Now the client wants me to do the same thing without PCOMM. The user wants to use a Java solution. I have Java program that connects to the mainframe. But the initial menu screen is not returned in order to "log on" to the mainframe. I am seeing a series of 3270 codes, such as 255 (IAC) 253 (DO) 40 (?), I reply with 255, 253 (Will do) 40 (?) EOR. The mainframe comes back with 255, 250 (Subnegotiate) 40 (?), and so on. I tried such codes in different ways, but so far no luck. See http://www.faqs.org/rfcs/rfc1576.html for more info on the codes to negotiate a session 3270. It is a very old document and may have been updated since. Also http://www.faqs.org/rfcs/rfc854.html
My thought was to monitor the PCOMM session, to discover the correct conversation to negotiate a connection to a 3270 session. After all, PCOMM is working to make that session happen.
thanks,
Baruch Atta
I see what you are doing. You have a couple of options:
Use either HATS or the Host on Demand (HOD) API to access the screens. This API is designed to transform the screens into Java objects that you can work with. Actually, you can use HATS to create web services (either SOAP or REST based), to which you can leverage any client to access. This is the quickest, and fastest method. Here is an overview of HATS web services. If you try just hitting the telnet stream with Java, you will spend months if not years recreating what the HATS/HOD API already offers.
Modify your CICS applications and setup CICS web services. These are OSGi bundles that you deploy to JVM regions in CICS. This is the most elegant method, but requires a steeper learning curve, and time to implement. However, once you've done the first CICS program, the rest start to fall in place like dominoes. Check out this Redbook.
Working with other staff on site here, we have concluded that Fiddler can not view PCOMM communications. We have concluded that Fiddler can only monitor BROWSER based communications. Our staff claim to be "experts" in Fiddler, with lots of experience. If anyone on STACK Overflow can actually use Fiddler to monitor PCOMM communications with a mainframe, I would love to be proven wrong.
Related
I'm curious as to how an application is being launched from a web control panel. I am using Splashtop Business, a remote desktop management system. The system allows one to select a workstation to connect to, select "Connect", and the native app will be launched, and initiate the connection.
I want to know how this app is being launched, with the information being transmitted from the browser to the application.
I checked the official documentation, and couldn't find anything on a custom URI being used for the application I'm using.
I watched the network traffic, and found the only thing of plausible importance (in my eyes) was a cookie being set. (I can clean and post some cookies if that would be helpful.)
I watched the local storage of the browser, nothing changed between different launches.
Other things of import:
The site said pop-ups needed to be enabled for the application to launch
There is a small delay while the site says it is "Locating the Splashtop Business app"
This works in multiple browsers (Firefox, Chrome)
Any plausible solutions and especially ways to verify this would be appreciated. I don't want to accept that "its a blackbox solution" and just try and find another way to do the same thing. I'd rather know what is going on with my computer, as this is fairly significant in respect to security.
I am working on an educational e-commercial website .. In which the user need to authenticate and then the videos on particular topics will be available.. so how can I prevent my video to be screen-recorded...
Different OS's and applications support different mechanisms to try to tackle this - for example:
Microsoft Edge on Windows 10 uses integrated 'Protected Media Path' for encrypted content which will stop simple screenshots working
Website and web app developers may use a number of CCS 'tricks' to achieve a similar affect, although these can usually be workaround with standard web developer and debug tools.
Mobile video typically uses protected memory for encrypted content which will usually give a black screen on capture.
As mentioned in comments and other answers these are all 'barriers' but they don't make it impossible to copy the content - the best example being pointing a camera at the screen a copying that way.
The idea is generally to make it hard enough compared to the value of the content so that people are not prepared to invest the time to work around your barriers.
It is not possible, for a variety of reasons:
There is no Web API for that.
Even if there was, it would be possible to reverse engineer the browser/OS to allow for screen recording.
Even if, for some reason, you couldn't access and modify the software running on the computer, you could connect the computer to a capture card instead of your monitor.
And if you also couldn't do that, you could just point a camera at the screen and start recording.
I have a very general question on how to implement VoIP for our current mobile & Web App. (we have an Android+iOS App and a Web Application based on AngularJS/NodeJS).
What we want to achieve
In the first step we want to achieve inter Application Voice and Video Calls. Later on we might expand into outbound calls into the normal telephone network. But this post is mainly for getting info on how to implement only our first step.
general thoughts
We had some experiences with Asterisk before which turned out to be far from easy. So for this project we wanted to get some feedback before actually implementing anything.
thoughts on technology
At first I thought it might be a good idea to use WebRTC, but since it's only supported on Chrome, FF and Opera for the moment and pretty much is unsupported for native mobile Apps we think that WebRTC is probably out of the picture for now. (or do you think otherwise?)
After searching the web a bit more we found this: http://www.webrtc.org/native-code
Has anyone experience with this libs? It seems to us, that this could be the best solution for a modern voip solution (and also would allow us to skip the asterisk server)
The second idea would be to setup an Asterisk Server for ourselves. Every time a user logs into the App we would connect him as a SIP Client to the asterisk. If one user calls the other one we think we should be able to make the call for example with the node package Asterisk Manager API (https://github.com/pipobscure/NodeJS-AsteriskManager).
The third idea would be to use a SIP Provider, but at the moment I'm not sure if that's really the best idea.
Since we're no VoIP experts, are there any other possibilities for VoIP integration into our apps?
Any thoughts on that subject would be very appreciated! Thank you!
The main factor is the network configuration that you app will be working with. Given you're using mobile clients and web apps it's almost certain that you're using the internet and also likely that you'll have 3G and 4G mobile networks in the mix (3G/4G cause a lot more problems for VoIP than WiFi).
Given the above assumption holds the biggest challenge your app will have is establishing media (audio and/or video) connections between mobile clients which are behind different NATs and in a lot of cases multiple NATs. There is almost no chance you'd be able to get by without a server here. The server will be needed to act as a relay point for the media streams for the mobile clients. You will use the RTP protocol for the media and working out how to get it reliably from client A to client B is your biggest obstacle. The signalling side - whether it be SIP, web sockets or something else - will be secondary (note both SIP and WebRTC use RTP to carry the media).
If I were in your shoes the steps I'd take would be:
Install and try out some softphones (blink, bria, zoiper et al) on your own mobile devices, find a SIP provider that supports video calls and get some experience with calls. It may not be the experience you anticipated...
Once you are comfortable with the softphone experience you would then need to make two decisions:
Whether to deploy your own server or use an existing provider,
Whether to write your own client, find an existing one or something in between.
I can answer the deploy your own server question. You don't want to do that unless the VoIP part of your app is going to be something you charge for and make a good margin off. Running a VoIP server and all the security and network considerations that go along with it is a full time job. It may start out being easy but once a few customers start connecting and the fraudsters come along it will take on a life of its own. In the decade I've been messing around with SIP I'd estimate 75% of providers have gone out of business and it was their full time job.
Besides all that I'd be surprised if there wasn't a SIP provider that suited your needs. These days there are highly sophisticated services available that led you control every aspect of your call flow with your own code (anveo, tropo, twilio) right down to free services (sip2sip, sipbroker) that may be all you need to get started.
For the client software there are various SIP SDK's you'll be able to leverage (pjsip).
When I am sending sms via j2me application, before message sent it appears question for can I use internet to sent message. Is it possible to exit this question to not appear?
This is happening because you Accessing HTTP & SMS API. For using such API you need to signed your Java ME Application. For Signed a the Java ME Application, you need to purchase Signing Certificate from VeriSign or Thawte Site by paying the Fees.
Plesae visit this link
For VeriSign's certificate, they costs 20K per certificate.
I think you can skip the prompt but your application must be signed. However, even if your application is signed, on some devices, the prompt will still appear once. This usually (or always) occurs on the session's first use of the Wireless Messaging API. This happens because the access to this API is set to something like "Ask first time."
If your app is signed, you can manually set the access to the wireless network settings to (something like) "Always allow." If it is set to (something like) this, the prompt will not appear.
For apps that are not signed, the option "Always allow" is not available. However, on most devices, the next best option is available: "Ask first time."
Well, the bad thing is, you are going to set it manually. The good thing, however, is that you are not going spend so much money just to set it to "Ask first time." :D
J2ME by the platform design have the drawbacks in which users of the applications are asked to select yes or no for any attempt to use any of the secure API's. Some devices gives this alerts in such a way which will make the end user to think if he should go ahead or stop it there. By digitally signing the application, one can reduce the alerts to levels depending on the device KVM implementation and the number of secure APIs in use.
In some device having Symbian OS Feature Pack 1, the prompts continue even if the code is signed.
This behavior of J2ME makes the applications less developer friendly and less user friendly. I think this is a wrong strategy and model adopted by SUN. There is some thing called Verified by Java in which you can get your application signed using a certificate which will make the application work seamlessly and without prompts in the end user device but unfortunately the process of getting that certification is expensive and not practical. The only advantage of J2ME platform is that it allows less chances of virus or malware code to be executed on the end user device. I think the trade off between security and ease of user use is not worked well and that is the reason we don't see very good apps in J2ME.
In contrast, Android for example, lets the user see all the permissions prior to installation of the app and the user is not bothered at run time when those secure API are used. That is the reason we see millions of apps there and not in J2ME. We can always say this approach had led to many malware types of applications in the end android user device but that is how it goes, people need to have smooth apps running and are happy with them.
I'm sure many of you are familiar with the IBM i5 series emulator (looks like this poop)
My company uses this religiously and there is no Biz logic in it so anytime somone in our finance dpt makes a human error it accepts it and adds it to the database. Not to mention its ugly, hard to use, not intuitive, etc....
I would like to create a frontend for this interface so that we can control the logic before its submitted to the system (we dont control the system itself) so in effect I need to make my own emulator app.
However I cant seem to find any information on how to interface with the i series, namely login, send commands, and view or gather data from the screens it would normally send back.
Any suggestions?
The problem is not the iSeries but the software package your company is running on it.
There ARE advantages to use green screens: it's fast and it's almost unbeatable at data entry, provided you get used to it.
But to answer your question, the iSeries is a J2EE enabled machine: a HTTP server comes installed and depending of the version of the iSeries, WebSphere might be already installed, or are entitled to install it. Then you can use JT400, which is the java toolkit for the os400 containing the jdbc drivers to connect the database and the necessary classes for calling programs.
If you prefer php, there is a flavor of the Zend framework made to work on the iSeries but I never tried it.
I'd recommend that you take a look at both the Attachmate Verastream Host Integrator (VHI) and IBM's Host Access Transformation Services (HATS) products. They effectively just screen scrape the green screen terminals to allow you to pull and push data and provide macro recording and editing tools to automate the process. App integration can be achieved via web services or html/jsp/servlet programming (plus .Net for VHI and EJB's for HATS). They do come with enterprise pricing however which may be an obstacle for some. They do have free trial offerings for evaluation purposes to help determine if they are an appropriate solution to your problem.
What software packages are they using? Most programs that I use in the 5250 emulator has some business logic that error checks the data before adding it to the database. Can you get us some more information so we can direct you in a better direction.
There are vendors that sell products that screen-scrape the 5250 data stream and produces a web front-end. Or you can write your own front-end in the language of your choice and just do SQL calls to the database.
THere's got to be some source code. Start by looking at the menu and menu option your users are accessing and figure that's running behind them.
Use command STRPDM to look for source code - look in different libraries (they are like folders)
You might have source code in a "member" called something like xxxMNUSRC xxxRPGSRC (rpg program source) or xxxCLSRC (cl programs), xxxDDSSRC (display/screen source, physical/logical file source)
Objects a "compiled" objects such as files (tables), screens, priter files (reports)
Stay away from Qxxx and #xxx libraries - those are system libraries.
http://systeminetwork.com/ is a good resource for iSeries related questions.