User Controls

Code talk. Web Langs and proxy auto-config.

  1. Sophie Pedophile Tech Support
    Sup guys. I know that title is a little broad and vague, but i wanted to discuss a couple of things with my cyber senpais. That's you guise (n_n")

    So lately, i've been broadening the scope of langs i know for a number of reasons which i will probably get into a little later on in the thread.

    While i am decent at Python and Python is great for a lot of things i usually just default to doing anything cyborg related in either Python or Bash. However recently i have found this limiting, especially in order to gain a better appreciation and understanding of web applications. This is important to me because i want to understand web applications better in order to be better at web app sec and because i want to be able to create my own web assets, be it front and backend for some C&C server or just a website to publish some of my works on for instance.
    In fact sometimes i enjoy coding more than security, it's the most fun when i can combine the two of course. Knowing a lot of langs gives me a broader outlet for the technical creativity that every now and again fills the mind and imagination.

    Anyway, i have a basic working understanding of JS but i am far from proficient. I think properly learning JS will be a step in the right direction as far as really understanding web apps goes. Any other essentials i should be considering getting better at?

    Now being the generalist that i am, i was particularly drawn to Node. I realize this is just a particular flavor or dialect if you will of JS. But with things like Electron and React as well i realized i could make a lot more than just websites. I'm not particularly good at writing GUI's in Python in example, even with things such a PyQT. Which seems a lot more forgiving with Node and Electron and such. The fact you can write things with pretty much built in cross-platform compatibility is very nice as well. Also, Node just seems to make sense to me, combine that with the fact i know JSON from working with Python makes Node seem to me like a great lang to master.

    I wanted to ask you guys what you thought of that and whether i was correct in thinking Node would provide me the ability to make cross-platform apps, web-apps, GUIs and set up things like local proxy servers and more, relatively easy?


    Which segways nicely into the next related topic i wanted to discuss. Any of you guys ever use PAC scripts to automate proxy management and config? As far as i understand it, it's a type of script written in JS passed to the browser or network interface in some cases that allows you to dynamically control which web resources are accessed through particular proxies. For instance, you could write something that makes sure your browser connects directly to the web resources you trust, switches to SOCKS proxy/proxychains managed by a server you host locally, to route through Tor or what have you.

    I got a simple PAC script here, sorry btw if you already know all this stuff but i just recently looking into it and thinking about it when i started to get more involved with JS, but anyway...


    function FindProxyForURL(url, host) {
    if ( /*condition to pass the request through a local proxy server */ ) {
    return 'PROXY 127.0.0.1:8080';
    }
    if ( /*condition to pass the request through a network proxy server */ ) {
    return 'PROXY 192.168.1.10:8181';
    }
    if (/* condition to block the request */) {
    return ‘PROXY 127.0.0.1:55555' //direct the request to a free local port
    }
    // do not use a proxy server
    return 'DIRECT';
    }


    I thought it would be pretty cool if i wrote a program that scraped and tested proxies, collected them, and basically passed them to a server of sorts where a PAC script would be able to access them and force certain connections through these proxies for certain websites and have an option to route through tor as well based on a set of rules that would define which websites/resources would be accessed through tor and not, on a site by site basis. If that makes sense.

    Anyone got any experience creating something similar? Tips? Constructive criticism?

    Ideas, thoughts, and suggestions with regards to any of the topics i touched on in this thread would be greatly appreciated <3
  2. SBTlauien African Astronaut
    I have an Android app that scrapes proxies. It can also use them, kind of.

    I've never need to controlled which proxy does what. Usually I'm using them to avoid a site admin from recognizing me.

    As far as languages, I've only stuck to learning what I need/want and usually try to avoid using new ones.

    Right now it's Java, Python, and C. Scripting languages not included.
  3. Sophie Pedophile Tech Support
    Originally posted by SBTlauien I have an Android app that scrapes proxies. It can also use them, kind of.

    I've never need to controlled which proxy does what. Usually I'm using them to avoid a site admin from recognizing me.

    As far as languages, I've only stuck to learning what I need/want and usually try to avoid using new ones.

    Right now it's Java, Python, and C. Scripting languages not included.

    Sure having an app scrape proxies for you is neat but what i am thinking of would allow for a greater deal of control over the process like i said it would enable the user to setup a particular proxy "package" as it were for individual sites or groups of sites. One could imagine a rule that said that web content hosted in the US would require a chain of at least 2 proxies with the final hop always coming from a Russian IP in order to connect. Similarly you could set a rule that says that connections to forums such as these must always be routed through the Tor network so and and so forth.

    Of course it would add a layer of complexity, but with that complexity comes added control over what sort of safe guards you set up for a variety of potential adversaries. It's an interesting idea/concept in my view.

    Anyway, what do you think of NodeJS & Co? Any experience working with it? Is it as great as u(EDIT: -> I ) think it is? Would you recommend?
  4. snab_snib African Astronaut
    programming is an utterly emasculate profession, it's a job for women. no self respecting man would ever be a 'programmer'.

    also homosexuals should be put to death.
  5. SBTlauien African Astronaut
    Originally posted by snab_snib programming is an utterly emasculate profession, it's a job for women. no self respecting man would ever be a 'programmer'.

    also homosexuals should be put to death.

    That's why I do. To get the chicks.

    Originally posted by Sophie Sure having an app scrape proxies for you is neat but what i am thinking of would allow for a greater deal of control over the process like i said it would enable the user to setup a particular proxy "package" as it were for individual sites or groups of sites. One could imagine a rule that said that web content hosted in the US would require a chain of at least 2 proxies with the final hop always coming from a Russian IP in order to connect. Similarly you could set a rule that says that connections to forums such as these must always be routed through the Tor network so and and so forth.

    Of course it would add a layer of complexity, but with that complexity comes added control over what sort of safe guards you set up for a variety of potential adversaries. It's an interesting idea/concept in my view.

    Anyway, what do you think of NodeJS & Co? Any experience working with it? Is it as great as u(EDIT: -> I ) think it is? Would you recommend?

    It seems like it'd be a cool project but I doubt I'd need to use something like that. Being able to have different tabs in a browser with each it's own set of proxies, would be something I could use.

    I haven't messed with NodeJS.
  6. Sophie Pedophile Tech Support
    Originally posted by snab_snib programming is an utterly emasculate profession, it's a job for women. no self respecting man would ever be a 'programmer'.

    also homosexuals should be put to death.

    Low IQ post.
  7. Grylls African Astronaut [abrade this vocal tread-softly]
    lesbian
  8. Sophie Pedophile Tech Support
    Originally posted by SBTlauien It seems like it'd be a cool project but I doubt I'd need to use something like that. Being able to have different tabs in a browser with each it's own set of proxies, would be something I could use.

    Admittedly it's a bit overkill. But i guess that would also depend on your threat model.

    Originally posted by SBTlauien I haven't messed with NodeJS.

    Oh that's too bad man, you should try it. NodeJS is the shit.
  9. SBTlauien African Astronaut
    Originally posted by Sophie Admittedly it's a bit overkill. But i guess that would also depend on your threat model.



    Oh that's too bad man, you should try it. NodeJS is the shit.

    I like making little Android apps and Python indicators and little scripts but really am not sure what I could personally use NodeJS for.

    I guess I purposely limit myself on learning new languages due to limited time. It has to be something that I really need.
Jump to Top