View internal networkrequests in windows 8 javascript - javascript

I'm helping a developer who has build a website and wants to port it to a windows 8 application. The application has to be build with html and javascript. I got it running, but for some reason requireJS with i18n won't work correctly. Most of the time it does it's job, but some variables won't load the correct information. In a webbrowser I would look at the network request to see what is happening.
Is there a way to see the network requests a windows 8 application does?
*I've tried using fiddler, but it only shows outgoing information. Not the information request information from inside the application.

Related

Capture network access from a javascript web application

I have a web application running in my browser. It is third party obfuscated javascript. It connects to the server with SSL and it fetches data and then displays it in the browser. I want to get programmatic access to the data, but I cannot figure out how it gets it from the server.
I tried to open Chrome Canary Dev Tools, but it does not show any network access (other than loading some html, js code and images). I ran wireshark and it shows lots of network access (all encrypted, so it is useless). What gives? This javascript app seems to be able to fetch data in a sneaky way, so that Chrome Dev Tools doesn't show it.
Any advice how I can reverse engineer this?
EDIT: I think that the data is fetched by redirecting to a download link, or perhaps with window.navigator.msSaveBlob. Anyway, I found it using postman.
I was able to capture the API call using POSTMAN (native Win 6.0.9). I enabled a Proxy on port 5555, and then click the button to trigger the action in the web app.
Because the web is using SSL, I get an error "Your connection is not private". However, I can click Advanced / Continue and call the API anyway, which gets captured by POSTMAN.
Advice: In postman, capture to a new folder (called Proxy data). Try it first using a non-SSL site, such as this one.

Can I make a socket connection through Javascript

What I want to do
Make a simple socket connection to a server on the browser. I want to not send any header information with the socket connection.
The Problem
It looks like I am unable to make a socket connection with javascript that does not send header data (Is there a way to do a tcp connection to an IP with javascript?).
I thought maybe I could make a connection with a chrome extension, however it looks like the socket API is only available for chrome apps (Google Chrome Socket API in extensions).
I am thinking that I might need to make a native application that will make socket connections through requests made by the browser using Native Messaging.
Is there anyway I can achieve this or am I out of luck?
Raw socket connections through the browser are wrapped up in security concerns. Users can be easily manipulated to allow things to run that shouldn't.
TCP and UDP Socket API
W3C Editor's Draft 20 January 2016
is located here.
http://raw-sockets.sysapps.org/
Mozilla's API information here: https://developer.mozilla.org/en-US/docs/Archive/B2G_OS/API/TCPSocket "This API is available on Firefox OS for privileged or certified applications only."
If you work with raw TCP connections. I would suggest
(1) downloading PHP onto the local computer. PHP has a developer web host build in so you can run whatever application you want on PHP using the browser as your GUI.
(2) download node.js.
You are not out of luck you just need to achieve it with the understanding that you are working outside the box for normal browser based scripting created from security concerns, and that means the user/client needs to install something manually.
If you must use chrome browser on the client side, you will need to make an -extension- correction webapp. You can as a developer make one that you can use on your own computers.
https://developer.chrome.com/extensions/getstarted
https://developer.chrome.com/apps/first_app
Load the extension#
Extensions that you download from the Chrome Web
Store are packaged up as .crx files, which is great for distribution,
but not so great for development. Recognizing this, Chrome gives you a
quick way of loading up your working directory for testing. Let's do
that now.
Visit chrome://extensions in your browser (or open up the Chrome menu
by clicking the icon to the far right of the Omnibox: The menu's icon
is three horizontal bars. and select Extensions under the Tools menu
to get to the same place).
Ensure that the Developer mode checkbox in the top right-hand corner
is checked.
Click Load unpacked extension… to pop up a file-selection dialog.
Navigate to the directory in which your extension files live, and
select it.
Alternatively, you can drag and drop the directory where your
extension files live onto chrome://extensions in your browser to load
it.
If the extension is valid, it'll be loaded up and active right away!
If it's invalid, an error message will be displayed at the top of the
page. Correct the error, and try again.
This insures that non developers don't load an extension which does not comply with the normal security concerns.
Communicating between with the script on the web page to the extension.
Can be done with message passing ... https://developer.chrome.com/extensions/messaging
The extension can add content directly to the web page which is available to the script on the web page. If for example the extension replaced the web cam image with a static image when the webcam script reads what it believes is the webcam it gets the static image instead, which explains why I look like an alien from space on the webcam. Although I did not create an extension to do that, I merely modified an existing extension to replace the function that gets the webcam image with a function to get a static image.
You can use SignalR, it is javascript library (JQuery Plugin) and it enables you to open web sockets from the browser to a server. Please check the following links:
https://blog.3d-logic.com/2015/03/29/signalr-on-the-wire-an-informal-description-of-the-signalr-protocol/
http://blog.teamtreehouse.com/an-introduction-to-websockets
https://github.com/SignalR/SignalR

Windows Store App xhr to localhost fails

I have a Win Store App app which uses REST to communicate with a pinpad device attached by USB. It has it's own proprietary http server/software but it seems fairly simple.
In my dev machine and on my test machine all works as expected. However, on my tester's machine it does not. The issue is that the xhr GET is failing. It just times out and returns status 0.
A simple get using a browser is successful, as is a script run in a browser (ie, ff, ch).
I have swapped out xhr for httpClient, jquery.ajax and a direct XMLhttpRequest call - all have the same result. I have tried setting location header for CORS. Tried different formats for the address (localhost, 127.0.0.1, 192... etc). The app will happily get external content (eg google.com).
Has anyone come across something like this before? I suspect it's something to do with how a Windows Store App interacts with the lan but I don't know where else to look.
By default Windows Store apps are blocked from loopback connections to localhost. By default, Visual Studio sets up an exception when debugging and you can set one up yourself for testing or for side-loaded apps with the checknetisolation tool. If your app will be deployed from the store it cannot rely on a loopback exemption.
See Using network loopback in side-loaded Windows Store apps on MSDN:
To add a Windows Store app to the list of apps that are exempt from
the loopback firewall, run checknetisolation loopbackexempt -a
-n=<package family name> from an elevated command prompt. The package family name for a Windows Store app is available from Visual Studio
via the Package.appxmanifest editor on the packaging tab.

Mobile App Authentication/Sencha Touch

I'm trying to write an app using Sencha Touch that ultimately targets iOS and Android. It's supposed to log into the corporate web server and then retrieve and parse some JSON data. It should be very simple. However I'm very new to both Sencha and Javascript, so I'm having a hard time doing this sort of client-side authentication. I can't even seem to make it authenticate from a web browser on my dev machine.
I used this link to help create my login page:
http://miamicoder.com/2012/adding-a-login-screen-to-a-sencha-touch-application/
But when I attempt to log in I seem to get the following error message and a null object:
XMLHttpRequest cannot load https://www.server.com/index.html?=_dc1234567890123
Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.
Does anyone have any advice or good resources on getting this app to log in? Any help would be greatly appreciated!
Steve, the "is not allowed" error is returned because your login request violates the browser's same-origin policy (essentially it states that all XhrHttpRequests must go to the same domain the page was initially loaded from).
Some browsers offer ways of disabling this error temporarily (which might be fine for short-term development purposes), but for the long-term you'll either need to host your application in the same domain as your backend server, or look into using CORS or JSONP for your requests.
Your AJAX request violates the Same-Origin-Policy. That's why you are getting the error message. If you are using chrome for debugging u can disable the cross-domain Javascript security by doing the following :
For Windows:
1) Create a shortcut to Chrome on your desktop. Right-click on the shortcut and choose Properties, then switch to “Shortcut” tab.
2) In the “Target” field, append the following: –args –disable-web-security
For Mac, Open a terminal window and run this from command-line:
open ~/Applications/Google\ Chrome.app/ –args –disable-web-security
For Ubuntu, Open a terminal window and run this form command line:
open /usr/bin/ and execute ./google-chrome --disable-web-security
There is extension for chrome that does the work:
‪Allow-Control-Allow-Origin.
If you want to active it when the browser started, you have to press on the icon.

How to check the version of our software from a browser?

We have a legacy software package made for native Windows. I'm writing a system to automate installing updates. One of the options is for the client to visit a web page, and from that web page, check for updates to their installation. There are two ways of identifying the software version: either reading a particular EXE file and looking at its file version, or reading the registry for our software (actually the third way is reading from their SQL Server database but that's obviously out of the question). Either of these methods would work, but I have no idea how to do it from javascript in a browser.
I'm sure there is some security, but I have seen other systems do this, so I'm sure it's possible. In general, the web page can check the client's computer for existence of certain software, and if it exists, check for the version. How can I do this from Javascript?
In MaVRoSCy's comment above: "only in IE this is possible with some ActiveX help, except if you run a dedicated local server just to serve this functionality". This actually fits perfectly, because each client computer already has a Windows Service running in the background at all times.
A simple HTTP server can be added into this client service listening on a universal non-common port number such as 16580. This HTTP server can handle requests like /currentversion which returns the current application version.
The javascript on the web page (hosted elsewhere but viewed on that client's browser) calls http://127.0.0.1:16580/currentversion to obtain the latest version.
One of the options is for the client to visit a web page, and from that web page, check for updates to their installation
Bad idea and wrong methodology
Checker|Updater have to be embedded into app
Checker have to (on start|on demand|whatever)
identify build of local app (any usable way)
Get && parse external permanent URL with data of Latest Existing Build (at least version and URL of Build)
Inform, if needed, about new version and|or download|update core, if requested by user|configuration

Categories