Issue getting user/password with GetAuthenticationInfo in firebreath - google-chrome-extension

I'm trying to get user/password from Firebreath plugin with the use of NpapiBrowserHost.GetAuthenticationInfo method.
I need to do this for npapi based browsers (chrome / firefox / opera). So this is my code:
boost::shared_ptr<FB::Npapi::NpapiBrowserHost> npapihost =
FB::ptr_cast<FB::Npapi::NpapiBrowserHost>(m_host);
if(npapihost)
{
char * username = NULL; uint32_t ulen = 0;
char * password = NULL; uint32_t plen = 0;
NPError err = npapihost->GetAuthenticationInfo("http",
"xxx.yyy.com",
80,
"Basic",
"Knownnameofrealm",
&username, &ulen,
&password, &plen );
}
In Opera it works. In Chrome & Firefox it returns err = NPERR_GENERIC_ERROR,
and ulen = 0, plen = 0 (username, password - bad ptr).
This code is executed from MypluginamePlugin::onPluginReady().
If you succeeded in getting credentials, please post code example.
PS Chrome according to chromium sources does not yet implement NPN_GetAuthenticationInfo https://code.google.com/p/chromium/issues/detail?id=23928

In Firefox I should use -1 instead of 80 for http (443 for https).
Simply speaking FF's password managing service stored all it's info inside a hashmap:
Map entry = ( (key to auth. object) , (objects with single user auth. info) )
Each key is a string created as follows: (some pro stuff) + (scheme) + "://" + (host) + ":" + (port).
FF substituted INTERNET_DEFAULT_HTTP_PORT = 80 (INTERNET_DEFAULT_HTTPS_PORT = 443) with -1 while creating new map entry.
In Opera initially all worked fine.
In Chrome browser-side endpoint function is not implemented since stub creation at 2009.
In IE npapihost is not available. Although I didn't even have to mess with login/password extraction because default CInternetSession (wininet package) constructor does it automatically.

Related

How to simulate the browser to login in https website using c++ based on Linux?

everybody,my goal is logging in a https website and downloading webpage using C++ background service program based on Linux.
Detail needs is follow:
(1)connect to "https://www.space-track.org/auth/login"
(2)enter username and password in order to login in successful
(3)post some formdata to this website
(4)downloading the webpage.
Now,my method is using MFC::CInternetSession(code is follow. It is in the MS-Windows),but it's not successful. there must exist some problems in the codes. I hope you can help me solve the problem. maybe you can come up with better solutions using C++ to simulate the browser based on Linux. thank you very much!
Url = "https://www.space-track.org/auth/login/";
nPort = INTERNET_DEFAULT_HTTP_PORT;
CString strHeaders = _T("Content-Type: application/x-www-form-urlencoded");
if (AfxParseURL(Url,dwSeviceType,strServerName,strTarget,nPort) == 0)
return false;
CInternetSession sess;
sess.SetOption(INTERNET_OPTION_CONNECT_TIMEOUT,1000*20);
sess.EnableStatusCallback(TRUE);
CHttpConnection* pHttpConnect = sess.GetHttpConnection(strServerName,nPort);
CHttpFile* pHttpFile = pHttpConnect->OpenRequest(CHttpConnection::HTTP_VERB_POST,
strTarget,NULL,1,NULL,NULL,INTERNET_FLAG_SECURE);
CString strUserName = "*****";
CString strPassword = "*****";
CString strUserinfo;
strUserinfo.Format(_T("identity=%s&password=%s"),strUserName,strPassword);
try
{
BOOL bResult =pHttpFile->SendRequest(strHeaders,(LPVOID)(LPCTSTR)strUserinfo,strUserinfo.GetLength()* sizeof(TCHAR));
//BOOL bResult =pHttpFile->SendRequest(strHeaders);
}
catch (CInternetException* pException)
{
pException->m_dwError;
pException->Delete();
}
pHttpFile->SetReadBufferSize(2048);
CString str;
CString strGetData;
while(pHttpFile->ReadString(strGetData))
{
str +="\r\n";
str +=strGetData;
}
CString fileName("index.html");
CFile file(fileName,CFile::modeCreate | CFile::modeWrite);
file.Write(str,str.GetLength());
file.Close();
pHttpFile->Close();
delete pHttpFile;
pHttpConnect->Close();
delete pHttpConnect;
sess.Close();
return TRUE;
There are a couple of Linux libraries that implement an HTTP client API, that can be used to implement HTTP/HTTPS requests in C or C++.
The grand-daddy of them all is W3C's own libwww:
http://www.w3.org/Library/
A more recent HTTP/HTTPS client library is libcurl:
http://curl.haxx.se/libcurl/
Either one of them can be used to implement an HTTP/HTTPS client in C or C++. However, in all cases, before using them you do need to have some understanding of HTTP/HTTPS protocols work; specifically HTTPS when it comes to certificate validation and verification.
Both of these libraries are fairly common, and most Linux distributions already have them packaged. You probably have one or both of them installed already.

Google TTS in Crossrider

i developed Google chrome extension that contains Google TTS
i rewrite it with Crossrider to make it work in different platforms (it works great untill it comes to TTS part)
here is the code :
function PlayGoogleTTS(EngWord){
voices = speechSynthesis.getVoices();
msg = new SpeechSynthesisUtterance();
msg.volume = 1; // 0 to 1
msg.rate = 10; // 0.1 to 10
msg.pitch = 2; //0 to 2
msg.text = EngWord;
msg.lang = 'en-US';
msg.voice = voices[1];
msg.voice = voices[1]; // Note: some voices don't support altering params
speechSynthesis.speak(msg);
}
// Fetch the list of voices and populate the voice options.
function loadVoices() {
// Fetch the available voices.
var voices = speechSynthesis.getVoices();
}
// Chrome loads voices asynchronously.
window.speechSynthesis.onvoiceschanged = function(e) {
loadVoices();
};
so how can i convert it to make it work on Crossrider?
It's not clear from your question which speechSynthesis library/api you are using. However, assuming it is based on Chrome's TTS API, the required "tts" permission is not available.
[Disclosure: I am a Crossrider employee]
it's considered workaround more than an answer
just used another TTS that able to generate ogg maves in firefox

C# LDAP SetPassword throws The RPC server is unavailable

I am trying to create a new user -> set password and enable account .
earlier i was using 1 single object , but after looking at a few posts i decided to use 'using' for 3 different operations
string strDisplayName = txtFirstName.Text + " " + txtLastName.Text;
string strUser = txtLoginName.Text;
string pw = "pass#123";
using (var objADAM = new DirectoryEntry("LDAP://" + adlink + "/CN=Users,DC=SS,DC=COM", "ss\\luser", "pass#123", AuthenticationTypes.Secure))
{
const long ADS_OPTION_PASSWORD_PORTNUMBER = 6;
const long ADS_OPTION_PASSWORD_METHOD = 7;
const int ADS_PASSWORD_ENCODE_CLEAR = 1;
string strPort = "389";
int intPort = Int32.Parse(strPort);
using (var objUser = objADAM.Children.Add("CN=" + strUser, "user"))
{
objUser.Properties["sAMAccountName"].Add(strUser);
objUser.CommitChanges();
}
}
using (var user = new DirectoryEntry("LDAP://" + adlink + "/CN=" + strUser + ",CN=Users,DC=SS,DC=COM", "ss\\rluser", "pass#123"))
{
user.Invoke("SetPassword", new object[] { "password" });
user.CommitChanges();
}
using (var user = new DirectoryEntry("LDAP://" + adlink + "/CN=" + strUser + ",CN=Users,DC=SS,DC=COM", "ss\\rluser", "pass#123"))
{
//Enable account and change password on first logon flag
user.Properties["userAccountControl"].Value = 0x200;
user.Properties["pwdLastSet"].Value = 0;
user.CommitChanges();
}
I must mention, that i am outside the domian, and trying to connect to a remote AD on another domain . The credential's passed however are the ADMIN
The user creation goes on smoothly (after some hiccups with port opening & LDAP connections) , but the issue occurs when the invoke ->setpassword is called .
The error is :"the RPC server is unavailable " , just to make sure i am not doing something wrong in my code, i downloaded a LDAP admin tool and tried to reset the password of an existing user ->same error
steps
-checked the RPC service running
-opened RPC ports -135 ,blah blah..basically every port there is to open :|
any help is appreciated .
Thanks
Rajat
For example:
DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP://dnsname.domain.com:389/OU=Companies;
Microsoft recommends accessing using DNS.
if the machine you are accessing is connected to a different domain, you must specify it as "ip dnsname" in the hosts file in the "C:\Windows\System32\drivers\etc " directory.
using adlink is string domain, because AD method Invoke using domain name: "abc.com"

Headless browsers and Windows Azure Websites

I´m trying to use a headless browser for crawling purposes to add SEO features in a open source project i´m developing.
The project sample site is deployed via Azure Websites.
I tried several ways to get the task working using different solutions like Selenium .NET (PhantomJSDriver, HTMLUnitDriver, ...) or even standalone PhantomJs .exe file.
I´m using a headless browser because the site is based in DurandalJS, so it needs to execute scripts and wait for a condition to be true in order to return the generated HTML. For this reason, can´t use things like WebClient/WebResponse classes or HTMLAgilityPack which use to work just fine for non-javascript sites.
All the above methods works in my devbox localhost environment but the problem comes when uploading the site to Azure Websites. When using standalone phantomjs the site freezes when accessing the url endpoint and after a while return a HTTP 502 error. In case of using Selenium Webdriver i´m getting a
OpenQA.Selenium.WebDriverException: Unexpected error. System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:XXXX
I think the problem is with running .exe files in Azure and not with the code. I know it´s possible to run .exe files in Azure CloudServices via WebRole/WebWorkers but need to stay in Azure Websites for keep things simple.
It´s possible to run a headless browser in Azure Websites? Anyone have experience with this type of situation?
My code for the standalone PhantomJS solution is
//ASP MVC ActionResult
public ActionResult GetHTML(string url)
{
string appRoot = Server.MapPath("~/");
var startInfo = new ProcessStartInfo
{
Arguments = String.Format("{0} {1}", Path.Combine(appRoot, "Scripts\\seo\\renderHTML.js"), url),
FileName = Path.Combine(appRoot, "bin\\phantomjs.exe"),
UseShellExecute = false,
CreateNoWindow = true,
RedirectStandardOutput = true,
RedirectStandardError = true,
RedirectStandardInput = true,
StandardOutputEncoding = System.Text.Encoding.UTF8
};
var p = new Process();
p.StartInfo = startInfo;
p.Start();
string output = p.StandardOutput.ReadToEnd();
p.WaitForExit();
ViewData["result"] = output;
return View();
}
// PhantomJS script
var resourceWait = 300,
maxRenderWait = 10000;
var page = require('webpage').create(),
system = require('system'),
count = 0,
forcedRenderTimeout,
renderTimeout;
page.viewportSize = { width: 1280, height: 1024 };
function doRender() {
console.log(page.content);
phantom.exit();
}
page.onResourceRequested = function (req) {
count += 1;
//console.log('> ' + req.id + ' - ' + req.url);
clearTimeout(renderTimeout);
};
page.onResourceReceived = function (res) {
if (!res.stage || res.stage === 'end') {
count -= 1;
//console.log(res.id + ' ' + res.status + ' - ' + res.url);
if (count === 0) {
renderTimeout = setTimeout(doRender, resourceWait);
}
}
};
page.open(system.args[1], function (status) {
if (status !== "success") {
//console.log('Unable to load url');
phantom.exit();
} else {
forcedRenderTimeout = setTimeout(function () {
//console.log(count);
doRender();
}, maxRenderWait);
}
});
and for the Selenium option
public ActionResult GetHTML(string url)
{
using (IWebDriver driver = new PhantomJSDriver())
{
driver.Navigate().GoToUrl(url);
WebDriverWait wait = new WebDriverWait(driver, TimeSpan.FromSeconds(30));
IWebElement myDynamicElement = wait.Until<IWebElement>((d) =>
{
return d.FindElement(By.CssSelector("#compositionComplete"));
});
var content = driver.PageSource;
driver.Quit();
return Content(content);
}
}
Thanks!!
You cannot execute exe files in the shared website environment, either you have to use the web services or you have to set up a proper (azure) virtual machine.
The free shared website service is really basic, and won't cut it when you need more advanced functionality.
See this question and accepted answer for a more elaborated answer: Can we run windowservice or EXE in Azure website or in Virtual Machine?
I am not sure about shared and basic website environment but i am successfully run ffmpeg.exe from standart website environment. Despite that still phantomjs and even chromedriver itself is not working.
However i am able run Firefox driver successfully. In order to do that
I copied latest firefox directory from my local to website and below code worked well.
var binary = new FirefoxBinary("/websitefolder/blabla/firefox.exe");
var driver = new FirefoxDriver(binary, new FirefoxProfile());
driver.Navigate().GoToUrl("http://www.google.com");

Properly enabling security for filepicker.io in Meteor

Filepicker by default allows pretty much everybody to add files to your S3 bucket who was clever enough to copy your API key out of the client code and luckily also offers a security option with expiring policies.
But I have no idea how to implement this in Meteor.js. Tried back and forth, installing meteor-crypto-base package, trying to generate the hashes on the server, tried RGBboy's urlsafe-base64 algorithm on https://github.com/RGBboy/urlsafe-base64. But I just do not get any further. Maybe someone can help! Thank you in advance.
This is an example of how to do filepicker signed URLs in meteor, based on the documentation here:
var crypto = Npm.require('crypto');
var FILEPICKER_KEY = 'Z3IYZSH2UJA7VN3QYFVSVCF7PI';
var BASE_URL = 'https://www.filepicker.io/api/file';
Meteor.methods({
signedUrl: function(handle) {
var expiry = Math.floor(new Date().getTime() / 1000 + 60 * 60);
var policy = new Buffer(JSON.stringify({
handle: handle,
expiry: expiry
})).toString('base64');
var signature = crypto
.createHmac('sha256', FILEPICKER_KEY)
.update(policy)
.digest('hex');
return BASE_URL + "/" + handle +
"?signature=" + signature + "&policy=" + policy;
}
});
Note this will need to exist somewhere inside of your server directory so you don't ship the key to the client. To demonstrate that it works, on the client side you can call it like so:
Meteor.call('signedUrl', 'KW9EJhYtS6y48Whm2S6D', function(err, url){console.log(url)});
If everything worked, you should see a photo when you visit the returned URL.

Resources