so i am in a place where i have access to only 5 websites and i am trying to bypass this restrection
when i try to browse any of those website i don't have any problem, for example stackoverflow.com , but i can't access 1.1.1.1 (which is the ip of stackoverflow)
it means that what ever is blocking the other website allow only those 5 domains
is there anyway i can sumbit a web request to 2.2.2.2 but in the headers i am requesting stackoverflow.com to bypass this restrection
i have no idea how does dns or a simple http request work , i aperciate any idea to start with or at least something to read
also i can't change my dns servers
You can try it with any telnet application:
telnet google.com 80
GET / HTTP/1.1
Host: stackoverflow.com
End your request with double enter.
If you receive html then the proxy is letting the request pass.
Related
I'm currently writing a proxy server in nodejs. To proceed, I need to know how to reliably determine the originally intended domain of the client. When a client is configured to use a proxy, is there a universal way that the client sends this information (e.g. one of the two examples below), or is it application specific (e.g. Chrome proxy settings may do it differently to IE proxy settings, which may be different to a configuration for a proxy for an entire Windows machine, etc.)?
An HTTP request to the proxy server could look something like this, which would suffice:
GET /something HTTP/1.1
Host: example.com
...
In this case, the proxy could get the hostname from the 'Host' header, get the path in the first line of the HTTP request, and then have sufficient information.
It could also look something like this, which would suffice:
GET http://example.com/something HTTP/1.1
...
with a FQDN in the URL, in which case the proxy could just retrieve the path of the HTTP request in the first line.
Any information regarding this would be greatly appreciated! Thanks in advance for the help!
I have a firebase project with 2 web applications:
name: url
PC pc-my-app.web.app
Mobile m-my-app.web.app
firebase gives me the IP X.X.X.X for both applications.
I have a domain, example.com with the following records:
A example.com X.X.X.X
A m.example.com X.X.X.X
I thought that having these records pointing to the same IP would mean I see the same webpage, but that is clearly not the case.
Since ports are (apparently) never specified, how can the server on X.X.X.X tell which application I am trying to connect to?
My guess is that the server on X.X.X.X also recieves the original URL as a parameter somehow...
Firebase Hosting (and most other hosting providers) check the Host header in the incoming request to determine what content to serve. And this Host header value allows a single server to map different requests to the correct web site content (often referred to as a "virtual host").
Also see:
The MDN documentation for Host header
What is HTTP "Host" header?
I have a general networking question but it's related with security aspect.
Here is my case: I have a host which is infected by a malware. The malware creates an http packet to communicate with it's command and control server. While constructing the packet, the IP layer contains the correct IP address of the command and control server. The tcp layer contains the correct port number 80.
Before sending the packet out, the malware modifies the http header to replace the host header with “google.com" instead of it's server address. It then attaches the stolen data with the packet and sends it out.
My understanding is that the packet will get delivered to the correct server because the routing will happen based on the IP.
But can I host a webserver on this IP that would receive all packets with header host google.com and parse it correctly?
Based on my reading on the internet, it is possible but if it is that easy then why have malware authors not adopted this technique to spoof the http headers and bypass traditional domain whitelisting engines.
When you make a request to let's say Apache2 server, what actually Apache does is match your "Host" header with any VirtualHost within server's configuration. Only if it cannot be found / is invalid, Apache will route the request to default virtualhost if it's defined. Basically nothing stops you from changing these headers.
You can simply test it by editing your hosts file and pointing google.com to any other IP - you will be able to handle the google.com domain on your server, but only you will be to use it this way - no one else.
Anything you send inside HTTP headers shouldn't be trusted - it just a guide for your server on how to actually handle the traffic.
The fake host header is just there to trick some deep-inspection firewalls ("it's for Google? you may pass..."). The server on that IP either doesn't care about the host header (default vhost) or is explicitly configured to accept it.
Passing the loot on by using fake headers or just as plain data behind the headers is another trick to fool data loss prevention.
These methods can mislead shallow application-layer inspection but won't pass a decent firewall.
I'm trying to do some DNS redirect: if user access h##p://subdomain.mydomain.com, he/she will be redirected to h##p://www.mydomain.com/some/url.
I think it can be done with a URL record in the DNS server. But like mentioned [here] it can be done with HTTP server configuration as well. And ... that confused me.
AFAIK, a request starts with a DNS resolve, which give us the IP address of the server. From there one, HTTP traffic are IP based. So how does nginx/apache know the server name?
There is no DNS URL record. If you refer to DNSimple product, it's actually a combination of CNAME (or A) record and simple HTTP server.
HTTP clients (browsers) send server's name in a header as a part of HTTP request.
So, a DNS server recognizes https://www.google.com as 173.194.34.5
What does, say, https://www.google.com/images/srpr/logo11w.png look like to a server? Or are URL strings machine readable?
Good question!
When you access a url, first a DNS lookup will be done on the host part (www.google.com), after that the browser will look at the protocol and connect using that (https in this case).
After connecting, the browser will tell the server:
"Hi! I'm trying to connect to www.google.com and I would like the resource /images/srpr/logo11w.png). This looks like this on the protocol:
GET /images/srpr/logo11w.png HTTP/1.1
Host: www.google.com
The Host part is a HTTP header. There are usually more headers.
So the short answer is:
The server will get access to both the hostname, and the full path the browser tried to access.
https://www.google.com/images/srpr/logo11w.png
consists of several parts
protocol (https)
address of the server (www.google.com, that gets translated to IP)
path to the resource (/images/srpr/logo11w.png, in this example it seems like it would be an image in a directory srpr, which is in a directory images in the root of the website)
The server processes path to the resource the user requested (via GET method) based on various rules and returns a response.