sending email using http protocol? - http

i've read on argosoft.com that it would be possible sending email using the http protocol - where can i find info about it?
i'm looking for a way to send a personalized newsletter off my server withouth putting heavy traffic on my webserver. would this be possible?
thx

You can build such System. Run a Server side Script in PHP/perl/.net or anything that takes inputs like from, to, subject, body from GET/POST arguments and send the mail. and them use curl or do something similer to convey the information to that page and that page will eventually send the mails for You.
However If The SMTP server have an Web Interface then that one can also be used Similar way.

You cant. smtp or imap. At best you can have an http server which accepts mail and then talks smtp/imap with some mail server. Why do you think http would be less overhead?
In fact you don't have to increase the load on your webserver to send mail from your webserver domain. If the newsletter isn't too frequent you could simply have someone send it from any mail client.
If you want to automate. There's a php function too.http://php.net/manual/en/function.mail.php
(also for java and perl)

Related

How to send http request from server to user's device

I have a question regarding http requests and responses.
I know that I can send a request to a server from my device (I can build and send a GET request to http://google.com for example). But what if I am Google and I want to send a request from the server to the user's device? How do I do that?
I understand that when the server receives a request, it can answer it, but in this case I want the server to send the request to the user's device. Just like WhatsApp does when you receive a new message.
Thanks for the help!
There are several options for sending information from the server to a client:
Push notifications - depends on the platform you are using
Constructing a Websocket connection that allows bi-directional communication
I'm sure there are more options but those are the two that come up to my mind right away.
It really depends on your application use case. For example, a chat application would like to have a socket open between it and the server so it can update frequently on new messages, etc. On the other had some simple Calendar applications might want to use push notifications to send reminders on certain dates and times.

HTTP message via browser

Is it possible to send a HTTP message to client via browser by typing
http://CLIENT_IP:PORT/MESSAGE
http://192.168.1.1:7777/HELLO
If so could you give me some link to such project or example code ?
Yes, it is, provided you have a http server listening on port 7777 of host 192.168.1.1 that will get your message and do something with it.
Yes, you will get the message as the route or path in the server. The specific variable will vary depending on the language and framework you’re using.

is there any tools that help me to find all the messages from my computer out,not just the HTTP message via the browser?

postman is perfect!with it i can know most of the HTTP messages.but now i wonder if there is any tools like that one to help me know all the messages between my computer and outer world,not just the HTTP messages
I would recommend you to use fiddler, it's a web debugging proxy that I'm using most of the time on HTTP protocole but not only as you can capture FTP protocole for example.
You can also re-edit your request and have lots of interaction as web debugging :
http://www.telerik.com/fiddler

Can you check/monitor the client certificates sent in requests using Wireshark?

I'm able to make HTTP requests on my local host using client certificates.
I have some logic in my code that can make two requests use the same certificate for their requests, or not, depending on certain conditions.
My localhost is currently pointing to the default 'Welcome to IIS' page.
Is there any way to use Wireshark to detect if the client certificates that are being sent from my machine in separate requests are the same or not?
PS: If someone can suggest a better way of achieving what I'm trying to do here, that'd work as well. I don't necessarily need to use Wireshark. My main objective is to figure if two different requests are sending the same cert or not, as I've mentioned here:
How do I monitor client certs that are being sent via the requests?
Thanks!
I found a way to do this. This guide helped, in summary, yes, you can use Wireshark to examine what client certificates are being sent from the client (or received on the server).
You need to start capturing traffic on Wireshark, only for the period of time when the request(s) is made and processed, and then add the appropriate filters to filter based on the protocol. In my case, I filtered it based on the IP address of the sender and receiver because I knew both.
You'll need the server's certificate to decrypt the messages because they'll be transmitted in encrypted format. You can easily do that by going to Edit -> Preferences. Select Protocols from the menu on the left -> SSL -> Click edit. Add the server's cert and IP, and save the settings.

HTTPS key negotiation and tunneling over HTTP using Javascript

HTTPS is widely used for security online. It offers security and integrity, but not authentication. To ensure the client is not talking to a man-in-the-middle, we have digital certificates and the PKI. It all works very well, except in the situation where the following criteria apply:
The server and client do not share a common, trusted root CA, therefore they cannot validate each other's certificates
Circumstances (eg. firewall, permissions, etc) do not permit the use of regular HTTPS protocol
The question is: can we still send secure, authenticated messages between the client and server, perhaps using Javascript?
Something along the lines of:
Client sends regular HTTP request to server
Server responds with page containing Javascript code
Client's Javascript asynchronously sends data to the server used to negotiate
Server runs some sort of script (eg. PHP) to establish the tunnel
Client and server communicate over the encrypted tunnel
I can see it being possible to send messages with security and integrity in this manner, but is it possible to authenticate without making use of the PKI, perhaps by exploiting the fact that the server can dynamically rewrite the Javascript sent to the client?
There is an issue in your step 2 - Server responds with page containing Javascript code :
how do you know someone sitting on wire is not modifying this Javascript since it is being transferred in plaintext? Basically, when X wants to authenticate Y, X should know something about Y- it could be public information such as public key/certificate or shared secret that it could verify

Resources