I have a project where I'm controlling an Arduino at my house using an Android app through WAN. I'm using MIT's App Inventor to design the app and with that I'm using a HTTP PUT/POST (I've tried both) to send the string of information "helloThere" to the Arduino. Everything has been fine while broadcasting directly to my IP address and port number. This is the Arduino output (I've obfusticated my IP and port):
PUT / HTTP/1.1
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; GT-I9305 Build/KTU84P)
Host: xx.xx.xx.xx:xxxx
Connection: Keep-Alive
Accept-Encoding: gzip
Content-Type: application/x-www-form-urlencoded
Content-Length: 10
helloThere
The problem arises when I use a DDNS (no-ip) to refer to my IP address (As it is dynamic). For some reason the PUT/POST request does not get carried out when getting relayed through this. The output from the Arduino is shown below when using the DDNS:
GET / HTTP/1.1
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; GT-I9305 Build/KTU84P)
Host: xx.xxx.xx.xx:xxxx
Connection: Keep-Alive
Accept-Encoding: gzip
Somehow it is changing to a GET request instead of a PUT/POST, but it is still contacting the device. I'll be honest, I'm not a web guy so I'm pretty confused by this, is a DDNS not supposed to relay whatever you send to it? I've had a look around and can't find anything on this, any help or explanation would be appreciated.
EDIT: After doing a lot of further research I have figured out that a DDNS server actually returns the IP address of the desired hostname when queried. Does anyone have any idea what address and port that no ip use to do this? I am aware that windows uses an "NSLOOKUP" to perform this, but I have no idea how this is achieved on an arduino. It could be over UDP or HTTP. Again, any help from someone who has experience in this area would be appreciated.
Alright, finally solved the issue for those of you that are interested. Here's the Arduino code to retrieve the ip:
char server1[] = "xxxxxxxxxxxx.ddns.net"; //server to ping to get external
ip address
if (currentMillis - previousMillis >= interval) {
previousMillis = currentMillis;
if (client1.connect(server1, 80)) { // if you get a connection output to
serial:
Serial.println("connected");
client1.println("GET / HTTP/1.0"); //Make a HTTP request:
client1.println("Host: xxxxxxxxxxxx.ddns.net");
client1.println("Connection: close");
client1.println();
delay(1200);
}
while (client1.available()) { //loop to read html from external server and
take ip from it
char c = client1.read();
HTTPArray [counter] = c; // copy all the data from the buffer into an
array
counter++;
}
Related
I am trying to connect to a WebSocket server that my Android device connects to from an app. I captured the packets on my Android device, and the initial request headers look like this:
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Host: example.com:80
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: ysWaBflPV9EmRaB1JpPMOQ==
Origin: http://example.com:80
Sec-WebSocket-Protocol: default-protocol
Sec-WebSocket-Extensions:
Sec-WebSocket-Version: 13
The response from the server looks like this:
HTTP/1.1 101 Switching Protocols
Date: Wed, 31 Jan 2018 02:37:20 GMT
Connection: upgrade
Set-Cookie: AWSALB=0yaRd5HOPlZSITp+bcXoZoIn/7YOOqE9o4/t/8b3kw2PTxooflm/85w+1JfudEE0Cwb1BUkWPV+t4kOnEm4FbLSWwMMFp8URbblZKj0a0kd0xB+glbLBHWxc/TPW; Expires=Wed, 07 Feb 2018 02:37:20 GMT; Path=/
Server: nginx/1.12.1
Upgrade: websocket
Sec-WebSocket-Accept: bj5wLF8vmyDrA7pqEgbHKbxqQSU=
Then, some communication begins, with lots of unrecognizable characters and some clear words in the messages. I don't have much experience with WebSockets, but I assume it is some form of compression.
I was able to send an identical request to this server using the ws module in Node.js, and I got an identical response to the one above. One notable difference was that when I set the protocol header to default-protocol, I received an error saying "Server sent no subprotocol". Without using this header, I still got the same response.
After the initial response, however, I did not receive any more messages, even though I did on my Android device. After about 30 seconds, the connection closes with code 1006 and no further information.
I tested the same request with curl and received the same headers back, but it also closed after about 30 seconds saying:
"Empty reply from server"
So my main question is obviously: What is going wrong, and how can I fix it?
More specifically, I am wondering if anyone with WebSocket experience knows if it is a problem with my client, or with the server itself.
It is possible that the server is authenticating me in some way on my Android device, but the headers that I captured are not revealing anything about that. Is it ever customary to authenticate a connection with a later message in the client-server communications? Is it possible that a separate HTTP request is authenticating me for this WebSocket server? All of these things seem unlikely to me since I found no other packets with anything related to auth requests. It seems much more likely that there is something wrong with the messages being sent.
I launched burp as an emulator's proxy for debugging of http requests from my application with intercepting option switched on and at the startup I found that emulator sends a GET request to google:
GET /generate_204 HTTP/1.1
User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.3; sdk Build/JWR66V)
Host: 173.194.32.129
Connection: Keep-Alive
Accept-Encoding: gzip
And gets a response like:
HTTP/1.1 204 No Content
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 05 Sep 2013 06:56:51 GMT
Server: GFE/2.0
So I would like to know if there is some purpose for making this request to google at the startup?
It's most likely for counting things:
active developers
emulator use
framework use
generating statistics how developers are spread over the world
...
It's Android trying to tell if the Wifi (or other network connection) connection has internet. I'm testing on real devices and it does the same thing. If you don't forward the message the connection status in Android Wifi Setting will say "Connected. No internet" until you forward and it gets a success back.
When I make a request to web service over wifi everything is working well but the same when made on GPRS having WAP connection (I did not in anyway force the connection to be WAP, this might be carrier dependent. Testing done in Argentina) the server is receiving duplicate values in both Content-Type & Content-Length.
Below is the same request logged on server first over WiFi and second over GPRS.
Over WiFi:
POST /ODP/Services.asmx HTTP/1.1
User-Agent: kSOAP/2.0
SOAPAction: http://temphost.org/RetrieveConfiguration
Content-Type: text/xml
Connection: close
Content-Length: 464
Host: temp.host.com
Accept-Encoding: gzip
Over GPRS:
POST /ODP/Services.asmx HTTP/1.1
Accept-Encoding: deflate, gzip, identity
Content-Length: 464, 464
Content-Type: text/xml, text/xml
Host: temp.host.com
SOAPAction: http://temphost.org/RetrieveConfiguration
User-Agent: kSOAP/2.0
X-WAP-WTLSEncryptiontype: NONE
X-WAP-Bearerinfo: W-HTTPS=FALSE, bearertype=0
Via: W-HTTP/1.1 wgw-fe6 EMIG 5.1
x-msisdn: <User Phone number>
x-up-calling-line-id: <User Phone number>
x-technology-stack: Unknown
TE: trailers
Connection: TE
I am not able to understand how and where the multiple values are being added in the request for the Content-Type & Content-Length headers.
Can somebody enlighten me what is wrong with the WAP connection or is it being added at the carrier end while modifying the request to WAP.
Sadly there's nothing to do on the client side (customer/phone/browser), but there are some possible scenarios to get an approach to a solution.
If you're web developer (VASP side), you need to take care about the URL/URI size in order to prevent that POST needs more than one packet.
If you're the web server manager (VASP/Telco side), you can define that multiple values are going to be accepted for these specific headers (when equal).in this scenario you need to be aware that you gonna put your server under risk of HTTP response splitting attack.
If you're the proxy admin (Telco side), you can tune your GW to discard the extra header instead of merging them into one header containing multiple values but, in this scenario you need to be aware that you gonna be out of RFC recomendations.
If because of its extension a POST is truncated and requires more than one packet, content-length and content-type fields are duplicated.
WGW resolves this situation by merging them into one header containing multiple values comma separated, the problem is that this header containing multiple values generates HTTP 411 error code.
Based in latest RFC drafts, this traffic must be discarded with error code 502 but some workaround intended to remove one of the header instead of merging them in order to keep this transactions in progress is possible.
I'm trying to get Yahoo messenger notifications (comet style) to work on my Android app but I got a problem:
I have all the oauth tokens + IM cookie, I make the call to notify server but it responds with
403 Bad IM cookie or URI credential
The IM cookie which is sent is correct because it is the same as the one I got from POST /session.
The call:
POST to:http://rproxy2.messenger.yahooapis.com/v1/pushchannel/user_id?sid=T3qRkifs3BiGXCW4LOSoThi3lG2HvWNagr.mGA--&rand=-1131022177&count=10&seq=1&format=json&IM=2x5A0IOr9Js_8er8BgSYUCB9fjB.d20FbKds7NdJdkzWK4u2A92k5dMrM72OetLz9.q70NQCwZpAqafQ5.XM-|QTvOT1rY3ukBC8o4Z0zeRg--&oauth_consumer_key=dj0yJmk9cFNKb2NKbTdINEtFJmQ9WVdrOVpHMW1aVXhKTjJNbWNHbzlNamcyTnpNMU1UWXkmcz1jb25zdW1lcnNlY3JldCZ4PWJh&oauth_nonce=939bc51c9a594c7cbf903643bc10f7d1&oauth_signature_method=PLAINTEXT&oauth_timestamp=1328108171163&oauth_token=A%3DosG_yqL.hxped9sV4ZMVD2A5vugclvEOSKIw85DOg17vQa8N1jQK6UcGqeLGLXKFalrxnYA_iA_ArmhbN6oJ_CEINGwiq7MWsVjO_vQT5bwhmcBMwBLByhusduuH2BFJw1Zd2w_uDj5fEUVMK9bMDzg.fYEpdm1uK.OgwyYLPCwdkzW0w6ujPpaFAea7gwmsSBYHECzjXm8wduoe1Sw3rpJH4z9PGIe8Hkt3wrbyJpW9BuiU4g6OyE1f8nhzHVkcG_70KQiIR_oV3tP8_l4SCsbbHMvSzlyZjK1V6gJp0Q94fAcfuIWQ1Vd.iD.UZPEyzdzYK.k5Q6pE4H3At8czcXFOpmOL5eUwfbeQEtXePCL1b2v9oY4BxtH_dCUVTMhzQsV.YpKZV.ZRZzK8ThveL5gfGuqYcBZLHwVilQnQWo477XwT10GbvWUzJ2EH4v5m9q.sGMViSIKWjbE2O6YfwhYXAgQMA3d8wQLL7IoY4QC0.IR4T8M_KnZVlKoi_EiED8VuK9h7h3emBZeXoM15rqGk2..HUJQEuIe1d0YbTPEGKdM.fbCcT7_Y0Szzw3abf9b1Xjzm8VkNSKL.LXAmy8c9PyNatUT_hKFmzmWMd1RRYfd8rF7i6i7Ec_cVv06QhwCQyKlEsCQh7UChUe9JykUmiA6JOm4JOpsbTQWS1Iec35zrltc4YwouUlMx.y6JbzB_VYL9jkzeuu&oauth_version=1.0&oauth_signature=2cd720831677df11508571218aed6c36c9cf2b51%26e57b0e111092b000a43b4ae9c928178fd5da4b9f
connection: keep-alive
cookie: IM=2x5A0IOr9Js_8er8BgSYUCB9fjB.d20FbKds7NdJdkzWK4u2A92k5dMrM72OetLz9.q70NQCwZpAqafQ5.XM-|QTvOT1rY3ukBC8o4Z0zeRg--
User-Agent: Dalvik/1.2.0 (Linux; U; Android 2.2; sdk Build/FRF91)
Host: rproxy2.messenger.yahooapis.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
The server responds with:
HTTP/1.1 403 bad IM cookie or URI credentials
Connection: close
I followed all the instrunctions from docs, not sure how can make it to work.
Thanks.
Your HTTP POST is empty (Content-Length: 0), the docs state:
Note: even though all inputs are optional, the server
still expects an empty POST body (JSON: "{}")
so, change your Content-Type to "application/json;charset=utf-8" and include
{}
as the body of the HTTP POST.
Long lived connections need to be GET calls; see "Notification Management (Comet-Style Push) API", here.
We have a website that makes use of OAM for single sign on (form-based authentication). When we submit credentials to WebGate / Access Server the authorization succeeds, however after the authentication is performed, the form action (as configured in the Authentication Scheme - with passthrough:no) returns a server error instead of redirecting to the originally requested URL.
If we use Mini Opera, we are able to get authenticated and forwarded properly.
This problem happens on numerous Android phones (versions ranging from 1.5-2.2), as well as the Emulator provided with the SDK.
This is proving to be a real problem as the default browser on Android phones is not able to get access to our sites(and this is the only browser that is having this problem).
I have created a WebView-based custom browser with the hope of seeing a client-side error and tried trapping every possible error....none show up....
I have tried to trace all of the http requests and found only a single difference in the requests... the http header for Connection:keep-alive is not sent by the Android WebView.
I have provided some tracing info below...
Has anyone run into this problem? Has anyone solved this?
Any insight to this issue would be greatly appreciated.
Thanks,
Tim
Request RAW Data-
POST
http: // MYSERVER/security/ATLAFunction HTTP/1.1 Host: MYSERVER:7777
Accept-Encoding: gzip
Accept-Language: en-US
Cookie:ObSSOCookie=loggedoutcontinue
Accept-Charset: utf-8, iso-8859-1,utf-16, ;q=0.7
Referer:http://10.84.32.71:7777/tpf/login.html
User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; sdk Build/FRF42) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
Origin: http: // MYSERVER
Accept:application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/*;q=0.5
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
uname=auser&pwd=appas
Raw Response Data -
HTTP/1.1 503 Service Temporarily
Unavailable Date: Tue, 05 Oct
2010 14:26:12 GMT Set-Cookie:
ObSSOCookie=II%2F4n5pFreT6B6hOAumv6pI6CZh6l04VhyXHrCzuRUT5hDEHMK%2FJCX659uyCkxgIyJ8ywB3BKrHxorsCwZwivpn91t9Mu%2FCKT7PrY23S518xoBeOam26tr%2B0pSfCbo%2FZXLmFIxjHFOPHPGxi5tHrOlUroXXA9Fe0GZz3SbJLMgAkCw0euuAVewOHKIjoDh8MwAdGtL4lo%2BmHhk5kB316iFJ4Aljr7cQYpAp1r%2BVGD9FbLkYl4ekY5hrlNfwYS%2BVjnR0uSIFjc0toiKkGN33z7%2FiElh2Ue2iWQrpCRcgFpxE%3D;
httponly; path=/; Cache-Control:
no-cache Pragma: no-cache
Content-Length: 312 Connection:
close Content-Type: text/html;
charset=iso-8859-1
<!DOCTYPE HTML PUBLIC
"-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Temporarily
Unavailable</title>
</head><body>
<h1>Service Temporarily
Unavailable</h1>
<p>Sorry!The server is
currently unable to handle the
request due to a temporary
overloading or maintenance of the
server.</p>
</body></html>