I'm working on a project which uses HTML5 WebSockets to connect with an iOS App. I need to display a list of near by (within the same local WiFi network) iPhones/iPads inside the webpage.
Is it possible to use any discovery mechanism like Bonjour to achieve this?
Is there any way to detect the local IP address from the website (using Javascript or from server side script) so that I can scan the local IP range?
If you're only looking to match devices on the same network, you could just check the public IP, since everyone connected to the same router will likely share one. That said, while a native iOS app should be able to detect a local IP address, I don't know of any way to do so using Javascript.
The one exception is if you have a server running inside the local network (or a custom binary running on their machine). It doesn't sound from your description like this is an option for you, but in case it is, a server within the user's LAN will see their local IP rather than their public IP. It could then relay that to a public server if needed.
I'd love to be proven wrong though, because I could think of some really cool things to do if it were possible.
Related
I searched for a few options on my issue but couldn't find any useful information unfortunately.
Here is my issue:
Suppose I have 1x computer that runs a rest service on a specific port lets say 5555, running in a private network.
Now I have a frontend/browser application (javascript) that could be opened with a mobile phone or computer. When a device is connected to the same network (suppose wireless) and opens the frontend application it should discover in any way the rest service of the other computer, but I can't find a solution to that challenge.
So I can't find the sevices' ipv4 in the network since the webRTC workaround got smashed. I would have to traverse all possible private ip ranges to find that running service, which seems like an overkill.
Anyone got any idea how to solve this challenge?
Most web apps actually use the port-scan approach, which you are trying to avoid. I could think of some other approaches:
Have the service also publish an mDNS service under a specific name, e.g. foo.local. Your web app can simply have a static configuration using that hostname. This will, hovewer, require you to be able to control the service and your network/host need to be capable of using mDNS.
Require the admin of the service to register the local IP adress in a public DNS server. This will require manual config of the URL in the web app, but you can at least avoid dealing with discovering the address.
What you are talking about is sort of network scan, which is a security issue if you can do it, though it is usually possible in home networks. I would add a DNS server for that local network and use a local domain name to access the service. I don't know any other standard way to propagate where the service is.
We are developing a web page that use https protocol (two way).
We need to access to the private certificates of the user, because we need sign documents by the user's certificate, so we developed a Java application that communicate with the web by a websoket.
This application will call with a protocol call since the web (same that when you open a pdf on Acrobat Reader from a browser).
So we have to be sure that our web is calling to the native application(only our web). We want develop a system to be sure of that. Our idea:
Send a public key, a signed token by the server's private certificate and a symmetric key (to encrypt websocket communications) to the native application.
Next, we will Check in the native application that the token it is OK with a web service to the server.
After, we will have to open the websocket between the native app and the web, and send the signed document by the native app by this way.
Then sent document to the server.
Is this implementation safe? We will be safe of a man in the middle?
Any suggestion about this solution will be wellcome, because I don't see any weakness but I am not an expert on security.
I know other solutions for this problem, like applets, JavaFX or native messages on Chrome, but I only want to know if these solution is safe.
Thanks to all in advance and sorry if my english isn't the best :P,
I see the following issues
Send a public key and a signed token by the server's private certificate to the native application.
You are calling a local app by protocol. For example mylocalapp://sign?securitytoken=.... You do not control which application is installed on local PC to respond to mylocalapp://. The browser shows an ugly warning because you are leaving the secure environment. An attacker could have replaced the default app, simulate the flow and get all signed documents.
2.Next, we will Check in the native application that the token it is OK with a web service to the server.
To verify identity of server and avoid a ManInTheMiddel attach you need also to set a trustore for your application with the server certificate
Your server needs also to verify identity of client. Are you planning to use TLS two ways also?
After, we will have to open the websocket between the native app and the web, and send the signed document by the native app by this way.
You do not need a websocket. Simply use a URL connection to download and upload the documents.
This solution was used by Spanish ministry of economy when chrome decided to cut the NPAPI support and signature applets began to fail. Now, they have rebuilt the system in this way
Install a local Java application on the user's PC. The application listens on a port as, for example 5678
In your page, javascript connects to the application in the form http://127.0.0.1:5678/sign and sends the data to sign.
The application is local and has no trouble using the operating system keystore, which includes drivers PKCS#11. Perform digital signature and sends the result to the server
The javascript of the page periodically query the result and retrieves it when ready
The security problem is basically the same, but install a server in localhost is harder than replace the local default app.
The solution is called #firma, I guess you probably know it. It is opensource, you can use it
TL;DR
In Javascript, how do you to find the IP of all servers running a specified program on a specified port in the LAN?
Background
I'm writing a server in node.js that is supposed to connect users browsers as controllers to a common device on which a game is running. The browsers are running a web app based on html and Javascript. The connection is based on socket.io.
I'd like for the web app to be able to find all available instances of this server in the LAN in order to create a server list for the user to choose from.
Is there a way to make the server discoverable by the web app on the local network in Javascript, and in that case: how?
Ideas
Have the server broadcast its IP to all devices on the LAN and have the web app listen for these messages (No idea how to do this without node on the client)
Connect to every IP on the network and see if the connection is successful. (Does not seem feasible)
Scan every IP on the network and connect only to those where the port is open. (Once again, no idea how to do this without node on the client and does not seeem feasible either.)
EDIT
The server is supposed to be portable and work independently, without any central system backing it up or providing matchmaking for clients. It is a LAN only server and should work even without internet access.
There is no way for you do this. Sorry. Since there is no exposure to UDP on client-side JavaScript, broadcasting is out of question. Any attempt on massive scanning will quickly raise flags on network monitoring software. You have to use a known address.
Base of my question: I am trying to create a simple code that can list basic information of a device that is connected to a network. For example, I have a wireless router, and there is a device(Mobile Phone) connected via wireless connection, and a device(Laptop/Desktop) that is connected via LAN. Now I want to find out what kind of device it is, also: the IP address, MAC address, processor, RAM, HDD/Internal Storage, Flash Drive(if connected) and let's say hardware manufacturer (If possible) etc..
Now I already have searched for these, and I found that this can be done by .NET, but I am thinking that this would be better if I can access this via web so even I'm at the office/work I can check the devices that are connected to our network. So I decided to do this using PHP, but don't know how to begin because I only have little knowledge of PHP, anyone can give me a sample of what I am tryng to achieve? Or any better reference on getting information of connected device on network via PHP?
PHP is a server side scripting language.
It will not allow you to enumerate connected devices due to security reasons.
Take a look at PHP with NMAP:
https://nmap.org/
Some examples to look at:
How to use Nmap in PHP exec
PHP trim nmap MAC address
I do not have the privileged nor the permission to ask for a server in my workplace thus I was thinking of developing a local web application on my computer and utilizing a common space folder to let everyone access my web based tool.
How can I use a client to entirely develop a web application, query database, and do all the things that you'd generally do using a server?
I don't think you can accomplish what you're talking about through a browser app alone. Modern browsers have local database storage, but without a server you simply can't have central data that everyone can access.
Why not set up a local server on your own machine? Node.js servers are very easy to set up and perfect for simple use cases. Your coworkers could access the app via your IP address anytime it is running and your computer is on the network.
For more specific information please ask a more targeted question; this question is too open-ended to have a clear answer.