I want to use Suricata turning it into a Chrome browser plugin for internet based intrusion detection. Specifically, I want to detect/prevent malicious attack of access to cache data.
Related
I found that Netfilx can prevent users from screen capturing on their videos. If you do screen capture on their videos, you will get black screen.
How does it work? What technique is involved in?
This is usually functionality provided by the DRM systems and the devices or browsers secure media path.
You may find that certain browsers support this and other don't, depending on where the combination of device, browser or player and DRM system supports it.
It is an evolving story and those that don't currently support it typically will have plans to add support.
I am a newbie dev trying to build a web application that can read and write to an RFID Card through the browser.
I am currently using an ACR122U Card Reader and have gotten it reading directly to my server in NodeJS with the nfc-pcsc node package.
Of course, I don't want to have my users have to run their own server and install a ton of libraries to read a card.
Ideally, they can just plug a card reader into their USB port and communicate from USB>Browser>Node Server and back again.
Can anyone recommend a good way to communicate with a USB RFID reader through the browser (and send to backend server?). Thanks
As far as I know, at the moment (Mar.2021) there is only experimental support for USB in browsers (WebUSB API). Please refer to https://developer.mozilla.org/en-US/docs/Web/API/USB
As this API is experimental, you may not want to rely on it for production. In this case, a component running on end users machine will be needed (e.g. a more or less simple service that responds via https at 'localhost'. This approach opens several usability/security concerns (such as supplying a trusted certificate for localhost, properly managing CORS headers etc).
You may want to refer to this question for additional suggestion: Architectures to access Smart Card from a generic browser? Or: How to bridge the gap from browser to PC/SC stack?
I need a SIP server, hopefully simpler, more efficient and more secure than Asterisk or other full-featured PBX, to just terminate SIP calls and play audio, based on the incoming number. This would be in a linux environment.
I'm concerned about long-term support, and much-reduced attack surface. I'm a programmer but a no0b in the SIP world. I want to avoid the tons of security hassles of a full-featured PBX, let alone the crazy big bills after a hacker gets into it. Thanks in advance!
Personally I would build one with pjsip. Assuming you do not need built in registration server all calls would be handled by so called local account. You can use command-line pjsua with auto-answer and auto-play options for initial tests and then add some logic for audio wave selection and perhaps audio player allocation/deallocation (audio players could be active all the time and shared by multiple calls for efficiency if they e.g. contain something like background music).
For security disable not needed parts (TCP, TLS transports, not needed codecs?) and use port other than 5060. In my application I'm also using kind of application-level firewall that blocks requests from hosts that generate suspicious traffic (registrations, malformed SIP requests).
The Chromecast device is a "receiver device [that] runs a scaled-down Chrome browser with a receiver application". Can I download and install this receiver app on a chrome browser for example on my Windows notebook?
I have implemented a complete chromecast v2 receiver, called YouMap ChromeCast Receiver, available in Google play store and Amazon store, xda-developer thread here: http://forum.xda-developers.com/android-tv/chromecast/app-youmap-chromecast-receiver-android-t3161851
The current Chromecast protocol is a completely different one from the original DIAL based protocol. Right now, only YouTube still uses the old protocol, which chromecast maintains its backward compatibility.
The discovery is mDNS, exactly same as Apple TV bonjour protocol.
The most difficult part is device authentication, the sender and the receiver perform handshakes by exchanging keys and certificates in a way extremely difficult to crack. AppleTV does the same using FairPlay encryption.
The next difficult part is the mirroring protocol, which is also very complicated, need to deal with packet splits, packet retransmissions. Overall, chromecast mirroring protocol is well designed, better than miracast, better than AirPlay mirroring (I have also implemented both of them, so I know what I am talking about).
When I get chances, will write more here.
The chromecast device works using the DIAL protocol. It is completely possible to emulate this protocol using some simple code to listen on the multicast group for discovery and then handle the HTTP requests to launch applications. It is then the launched application that communicates with the casting device, I believe using the RAMP protocol.
Luckily for us the applications that the chromecast device uses are mostly web applications meaning our device emulator just needs to launch a web browser and point it to a specific url when it receives an application request.
For example the youtube app, after device discovery and establishing where the applications are located (part of DIAL). Will send a HTTP POST request containing a pairing key to /<apps url>/YouTube. All the emulating device needs to do now is open https://www.youtube.com/tv?<pairing key> in a browser window. From here, I believe, communication for controlling the youtube app is not sent through the casting device but through the open tabs on the casting device and the emulator.
This is my understanding of how the chromecast device works and specifically the youtube app from looking at https://github.com/dz0ny/leapcast which is a python emulator that has youtube and google music working.
Google is in progress of open sourcing some part of the chrome cast.
https://code.google.com/p/chromium/codesearch#chromium/src/chromecast/
https://code.google.com/p/chromium/issues/list?q=label:Chromecast
So theoretically you can build a similar device.
I'd like to show a webcam inside a browser without any server interaction.
Everything should happen client side with minimal plugins usage.
This would replicate most default webcam software bundled with the cam itself.
You would need a plugin for each major browser (or an active x control for IE) to communicate locally with the phone. Because of security, you can not interact with local devices in a browser.
You could however write a little server that runs on localhost and serves a flash or mpeg stream. Then it would be easy to link that webcam to a web page running on the same computer. This would not require any plugins, but it does require that you write a http server to talk to the cam and serve its stream to the browser.