I'm in the process of building a test plan for validating the security of our Flex/J2EE application. I believe we have some issues with trusting the Flex application too much, but I need to be able to quantify those issues.
The ideal way would be a way to show me making data service calls outside of the application. Are there tools or instructions for how one might go about doing this? I really don't want to find these things out after we release to our beta customers. :)
Charles is an excellent HTTP debugging proxy which can parse AMF data and display it as a tree. You can also set "breakpoints" to intercept a HTTP call and modify the AMF data in either the request or response.
http://www.charlesproxy.com/
Fiddler on Windows is great for monitoring http connections.
First, give the port on which Flex communicates to the J2EE server, then using Ethereal or Wireshark you can watch if it use an encrypted channel :-)
Related
I have to connect an old but critical software to RabbitMQ. The software doesn't support AMQP, but it can do HTTP Requests.
Does RabbitMQ support plain HTTP? Or should I use a "proxy" or "app" that actively transforms the HTTP Requests to AMQP 1.0 and pushes it to the RabbitMQ server?
https://www.rabbitmq.com/management.html
The management plugin supports a simple HTTP API to send and receive messages. This is primarily intended for diagnostic purposes but can be used for low volume messaging without reliable delivery.
As mentioned, it's designed for very low loads, but it may be usable. If you need higher loads, then by all means cast around for a library that does the job and create a proxy. Most languages will have something. I've personally created a lightweight API using Lumen and https://github.com/bschmitt/laravel-amqp to tie a few disparate services together in the past, and it seems to work very well.
It is possible not but really recommended depending on load. You have three options really, two of which are web socket based and one that seems like what you're looking for. I'd suggest starting with the rabbitmq docs.
I'm trying to learn about WebSocket as I see many possibilities with it and would like to explore it, but I am having a hard time understanding the basic requirements for it.
There exist a ton of blogs out there praising WebSocket like was it God and they explain how to develop WebSocket applications brilliantly.
However I don't understand when they all shortly mention that you need a WebSocket compatible server and then none of them tells you how to set it up and what you need to do to make it work properly when you call it through your client side scripts etc. - Even WebSocket.org fails to explain it.
Can anyone point me in the right direction?
Say I have an ASP.NET website and would like to use WebSocket to push notifications, maybe even have a chatroom. What would I need to do to make my Javascript-based chatroom application working?
If you are using ASP.NET, you will need IIS8 to work with WebSockets integrated in the app (so you would need Windows 8 or Windows 2012). Or, you can have a WebSocket server in another port/server.
If your "push" requirements are not very exigent, you can try SignalR: http://www.asp.net/signalr. Check out their tutorials to get started. But again, you won't be able of using WebSockets unless you are using IIS8.
Other WebSocket frameworks are XSocket.NET and SuperWebSocket. Or if you want you can take a look at my WebSocketListener that I am developing, that is just a lightweight WebSocket connector and nothing more, although it is under heavy development at the moment.
From client side, the WebSocket API is the same for all browsers.
Your question is very broad and not any particular problem specific.
WS (WebSockets) is protocol that is implemented in most modern browsers and platforms, and is well consistent.
But same way as you need something to be as HTTP web server (ASP.Net + IIS, Apache + PHP, node.js, python, etc) you need similar or compatible technology for WebSockets. As it is different protocol, your technology have to support. From "recognising" traffic as WS, directing to right process via socket/proxying, handshaking, deserializing traffic into actual data, and providing you an interface to work with all of it.
So you need basically google: "%YOUR TECH/LANGUAGE% WebSockets". That will give you information on how to use WS on your platform.
You need to understand specifics that it is different protocol, so it might not be that "friendly" with some complicated infrastructure cases.
ASP.Net 4.5 do support WebSockets by default, just find documentation on how to use it in ASP.Net.
And this question would not be raised if you would try to do some experimentation and prototyping with WebSockets in first place.
I need to put and get messages to/from our remote MSMQ, but because we will do the put s from our mainframe, we need a way that can be implemented in COBOL(or PL/1 maybe). My questions are;
1) Is it possible to enable HTTP GET/POST requests to put/get messages without WCF implementations? That is, we need to be simply able to make requests as in
http://our_server:port/msmq/queue1?operation=put&message=test_message&...
2) Is there any other way to access and put messages into MSMQ from mainframe?
Any suggestions will be appreciated
Thanks in advance
EDIT
I think I couldn' t tell what I want exactly. I have data on mainframe and I want to put these data into a MSMQ which is running on a Windows machine. IBM WebsphereMQ has WebSphere MQ bridge for HTTP so that it accepts HTTP requests and puts the requests' payload into queue. Does MSMQ have such a feature?
Thanks again :)
You can use the EZAPI interface programs to manage the traffic natively in your COBOL programs or use one of the many variants of MSMQ to WebsphereMQ or JMS.
The EZAPI stuff will let you do the direct http puts, but you will need to manage it all.
Why not just hook the MSMQ into whatever queueing software you have on the mainframe and make it work the way it was intended?
If your mainframe applications are running in CICS, then HTTP client requests are just API calls. Where I work, we've been doing this in COBOL applications since 2006.
I am searching for a good method to transfer data over internet, and I work in C++/windows environment. The data is binary, a compressed blob of an extracted image. Input and requirements are as follows:
6kB/packet # 10 packets/sec (60kBytes per second)
Reliable data transfer
I am new to network programming and so far I could figure out that one of the following methods will be suitable.
Sockets
MSMQ (MS Message Queuing)
The Client runs on a browser (Shows realtime images on browser). While server runs native C++ code. Please let me know if there are any other methods for achieving the same? Which one should I go for and why?
If the server determines the pace at which images are sent, which is what it looks like, a server push style solution would make sense. What most browsers (and even non-browsers) are settling for these days are WebSockets.
The main advantage WebSockets have over most proprietary protocols, apart from becoming a widely adopted standard, is that they run on top of HTTP and can thus permeate (most) proxies and firewalls etc.
On the server side, you could potentially integrate node.js, which allows you to easily implement WebSockets, and comes with a lot of other libraries. It's written in C++, and extensible via C++ and JavaScript, which node.js hosts a VM for. node.js's main feature is being asynchronous at every level, making that style of programming the default.
But of course there are other ways to implement WebSockets on the server side, maybe node.js is more than you need. I have implemented a C++ extension for node.js on Windows and use socket.io to do WebSockets and non-WebSocket transports for older browsers, and that has worked out fine for me.
But that was textual data. In your binary data case, socket.io wouldn't do it, so you could check out other libraries that do binary over WebSockets.
Is there any specific reason why you cannot run a server on your windows machine? 60kb/seconds, looks like some kind of an embedded device?
Based on our description, you ned to show image information, in realtime on a browser. You can possibly use HTTP. but its stateless, meaning once the information is transferred, you lose the connection. You client needs to poll the C++/Windows machine. If you are prety confident the information generated is periodic, you can use this approach. This requires a server, so only if a yes to my first question
A chat protocol. Something like a Jabber client running on your client, and a Jabber server on your C++/Windows machine. Chat protocols allow almost realtime
While it may seem to make sense, I wouldn't use MSMQ in this scenario. You may not run into a problem now, but MSMQ messages are limited in size and you may eventually hit a wall because of this.
I would use TCP for this application, TCP is built with reliability in mind and you can simply feed data through a socket. You may have to figure out a very simple protocol yourself but it should be the best choice.
Unless you are using an embedded device that understands MSMQ out of the box, your best bet to use MSMQ would be to use a proxy and you are then still forced to play with TCP and possibly HTTP.
I do home automation that includes security cameras on my personal time and I use the .net micro framework and even if it did have MSMQ capabilities I still wouldn't use it.
I recommend that you look into MJPEG (Motion JPEG) which sounds exactly like what you would like to do.
http://www.codeproject.com/Articles/371955/Motion-JPEG-Streaming-Server
What is a good strategy for sniffing/tracing function calls between a Flex application and a ColdFusion-based backend running on ColdFusion server? I understand they use AMF protocol.
I'm used to using Fiddler to sniff transactions between HTTP clients and servers, and it works great as long as you're using plain text or XML HTTP requests and responses (including those over SSL) but it isn't much help for binary protocols like AMF over HTTP.
In my case, I do have access to the source code for the client and server, but I'm looking for an easy way to passively sniff traffic in any Flex + ColdFusion situation, without having to tweak anything on the server.
Wireshark: sniffing the glue that holds the internet together
http://www.wireshark.org/
http://www.charlesproxy.com/
Although not free, will decode AMF binary data and allows to trace SSL connections too.
ServiceCapture is another option. It decodes the binary AMF for you, if I remember correctly.
http://kevinlangdon.com/serviceCapture/
Firebug with the Flashbug plugin will show all decoded AMF messages both to and from a Flash app. Works well over HTTPS too.
https://addons.mozilla.org/en-us/firefox/addon/amf-explorer/.
The simple and poor man's trick. Create one cfc to log calls to the different cfc's and pages as you need. Dump it all to a table. Filter and sort at will. I have done this in the past and it has worked great. It's like putting in little fish hooks anywhere you want to know. This would likely give you the most application relevant data. If you need an example let me know.
ditto for wireshark (the artist formerly known as Ethereal). you can sniff at every protocol layer, and stitch together traffic streams.