User Controls

Code talk. Web Langs and proxy auto-config.

  1. Sophie Pedophile Tech Support
    Sup guys. I know that title is a little broad and vague, but i wanted to discuss a couple of things with my cyber senpais. That's you guise (n_n")

    So lately, i've been broadening the scope of langs i know for a number of reasons which i will probably get into a little later on in the thread.

    While i am decent at Python and Python is great for a lot of things i usually just default to doing anything cyborg related in either Python or Bash. However recently i have found this limiting, especially in order to gain a better appreciation and understanding of web applications. This is important to me because i want to understand web applications better in order to be better at web app sec and because i want to be able to create my own web assets, be it front and backend for some C&C server or just a website to publish some of my works on for instance.
    In fact sometimes i enjoy coding more than security, it's the most fun when i can combine the two of course. Knowing a lot of langs gives me a broader outlet for the technical creativity that every now and again fills the mind and imagination.

    Anyway, i have a basic working understanding of JS but i am far from proficient. I think properly learning JS will be a step in the right direction as far as really understanding web apps goes. Any other essentials i should be considering getting better at?

    Now being the generalist that i am, i was particularly drawn to Node. I realize this is just a particular flavor or dialect if you will of JS. But with things like Electron and React as well i realized i could make a lot more than just websites. I'm not particularly good at writing GUI's in Python in example, even with things such a PyQT. Which seems a lot more forgiving with Node and Electron and such. The fact you can write things with pretty much built in cross-platform compatibility is very nice as well. Also, Node just seems to make sense to me, combine that with the fact i know JSON from working with Python makes Node seem to me like a great lang to master.

    I wanted to ask you guys what you thought of that and whether i was correct in thinking Node would provide me the ability to make cross-platform apps, web-apps, GUIs and set up things like local proxy servers and more, relatively easy?


    Which segways nicely into the next related topic i wanted to discuss. Any of you guys ever use PAC scripts to automate proxy management and config? As far as i understand it, it's a type of script written in JS passed to the browser or network interface in some cases that allows you to dynamically control which web resources are accessed through particular proxies. For instance, you could write something that makes sure your browser connects directly to the web resources you trust, switches to SOCKS proxy/proxychains managed by a server you host locally, to route through Tor or what have you.

    I got a simple PAC script here, sorry btw if you already know all this stuff but i just recently looking into it and thinking about it when i started to get more involved with JS, but anyway...


    function FindProxyForURL(url, host) {
    if ( /*condition to pass the request through a local proxy server */ ) {
    return 'PROXY 127.0.0.1:8080';
    }
    if ( /*condition to pass the request through a network proxy server */ ) {
    return 'PROXY 192.168.1.10:8181';
    }
    if (/* condition to block the request */) {
    return ‘PROXY 127.0.0.1:55555' //direct the request to a free local port
    }
    // do not use a proxy server
    return 'DIRECT';
    }


    I thought it would be pretty cool if i wrote a program that scraped and tested proxies, collected them, and basically passed them to a server of sorts where a PAC script would be able to access them and force certain connections through these proxies for certain websites and have an option to route through tor as well based on a set of rules that would define which websites/resources would be accessed through tor and not, on a site by site basis. If that makes sense.

    Anyone got any experience creating something similar? Tips? Constructive criticism?

    Ideas, thoughts, and suggestions with regards to any of the topics i touched on in this thread would be greatly appreciated <3
  2. SBTlauien African Astronaut
    I have an Android app that scrapes proxies. It can also use them, kind of.

    I've never need to controlled which proxy does what. Usually I'm using them to avoid a site admin from recognizing me.

    As far as languages, I've only stuck to learning what I need/want and usually try to avoid using new ones.

    Right now it's Java, Python, and C. Scripting languages not included.
  3. Sophie Pedophile Tech Support
    Originally posted by SBTlauien I have an Android app that scrapes proxies. It can also use them, kind of.

    I've never need to controlled which proxy does what. Usually I'm using them to avoid a site admin from recognizing me.

    As far as languages, I've only stuck to learning what I need/want and usually try to avoid using new ones.

    Right now it's Java, Python, and C. Scripting languages not included.

    Sure having an app scrape proxies for you is neat but what i am thinking of would allow for a greater deal of control over the process like i said it would enable the user to setup a particular proxy "package" as it were for individual sites or groups of sites. One could imagine a rule that said that web content hosted in the US would require a chain of at least 2 proxies with the final hop always coming from a Russian IP in order to connect. Similarly you could set a rule that says that connections to forums such as these must always be routed through the Tor network so and and so forth.

    Of course it would add a layer of complexity, but with that complexity comes added control over what sort of safe guards you set up for a variety of potential adversaries. It's an interesting idea/concept in my view.

    Anyway, what do you think of NodeJS & Co? Any experience working with it? Is it as great as u(EDIT: -> I ) think it is? Would you recommend?
  4. snab_snib African Astronaut
    programming is an utterly emasculate profession, it's a job for women. no self respecting man would ever be a 'programmer'.

    also homosexuals should be put to death.
  5. SBTlauien African Astronaut
    Originally posted by snab_snib programming is an utterly emasculate profession, it's a job for women. no self respecting man would ever be a 'programmer'.

    also homosexuals should be put to death.

    That's why I do. To get the chicks.

    Originally posted by Sophie Sure having an app scrape proxies for you is neat but what i am thinking of would allow for a greater deal of control over the process like i said it would enable the user to setup a particular proxy "package" as it were for individual sites or groups of sites. One could imagine a rule that said that web content hosted in the US would require a chain of at least 2 proxies with the final hop always coming from a Russian IP in order to connect. Similarly you could set a rule that says that connections to forums such as these must always be routed through the Tor network so and and so forth.

    Of course it would add a layer of complexity, but with that complexity comes added control over what sort of safe guards you set up for a variety of potential adversaries. It's an interesting idea/concept in my view.

    Anyway, what do you think of NodeJS & Co? Any experience working with it? Is it as great as u(EDIT: -> I ) think it is? Would you recommend?

    It seems like it'd be a cool project but I doubt I'd need to use something like that. Being able to have different tabs in a browser with each it's own set of proxies, would be something I could use.

    I haven't messed with NodeJS.
  6. Sophie Pedophile Tech Support
    Originally posted by snab_snib programming is an utterly emasculate profession, it's a job for women. no self respecting man would ever be a 'programmer'.

    also homosexuals should be put to death.

    Low IQ post.
  7. Grylls motherfucker [abrade this vocal tread-softly]
    lesbian
  8. Sophie Pedophile Tech Support
    Originally posted by SBTlauien It seems like it'd be a cool project but I doubt I'd need to use something like that. Being able to have different tabs in a browser with each it's own set of proxies, would be something I could use.

    Admittedly it's a bit overkill. But i guess that would also depend on your threat model.

    Originally posted by SBTlauien I haven't messed with NodeJS.

    Oh that's too bad man, you should try it. NodeJS is the shit.
  9. SBTlauien African Astronaut
    Originally posted by Sophie Admittedly it's a bit overkill. But i guess that would also depend on your threat model.



    Oh that's too bad man, you should try it. NodeJS is the shit.

    I like making little Android apps and Python indicators and little scripts but really am not sure what I could personally use NodeJS for.

    I guess I purposely limit myself on learning new languages due to limited time. It has to be something that I really need.
  10. gadzooks Naturally Camouflaged [keratinize my mild-tasting blossoming]
    I honestly don't see the appeal with Node if you already know python. I could understand if you come from an extensive JS background or something, but if you already know more python than JS, why not use a python web framework?

    I use Flask for like a hundred hobby projects.

    You can write a simple web server in like 5 lines of code with Flask, and then use any python module/package/library in your application.
  11. Sophie Pedophile Tech Support
    Originally posted by gadzooks I honestly don't see the appeal with Node if you already know python. I could understand if you come from an extensive JS background or something, but if you already know more python than JS, why not use a python web framework?

    I use Flask for like a hundred hobby projects.

    You can write a simple web server in like 5 lines of code with Flask, and then use any python module/package/library in your application.

    Well, i can write a webserver in one line of python code but that's not the issue here. I don't come from a JS background, matter of fact, i pretty much suck at all the web langs. That's for lack of practice i know. Flask is easy, and Django is manageable as well. But Node is like Electron, and Electron is dope because it's super easy to setup GUI's with it that are cross platform compatible. I think the trick is that they ship a chromedriver with the base package you write a web based GUI in a flavor of JS that is more understandable than vanilla JS, at least to me. I could just learn the web frameworks for Python but i want to be a full stack faggot. And Node and Electron seem infinitely more interesting to me than the Python based web frameworks to be honest.
  12. filtration Houston
    Originally posted by Sophie NodeJS is shit.

    FTFY.
  13. filtration Houston
    So what's the question? Do you want ideas on what languages to use? I'll give my scoop:

    [bold]PHP[/bold]

    This will be a very fast language to write with. You can build websites in hours/days, and if used in conjunction with things like swoole, you can get decent performances with it. I originally started with this language many moons ago, so I will always be a fan of how it's written (OOP). there's also frameworks out there like lumen for building rest apis.



    [bold]Go[/bold]

    specifically built for networking and apis. Very fast language, but auto-asserting the type pisses me off. :=
    I am actually doing a git scanner in Go ATM. Keep this as an option, because you'll want a server side and client side. Your frontend connect to your api, this will make it easier to create desktop applications, and/or phone applications with the same backend.


    [bold]Rust[/bold]

    Named the 'secure c' also claims to have better performance in some areas over C, but it's a newish language and there's not a tonne of libraries out there.

    [bold]Java[/bold]

    What oracle have done with the compiler is pretty cool, but if memory is important, don't think about using this language, pretty much the same coding style as PHP/C#, out of all the languages, this one has the best libraries for things like databases and whatnot (not surprising because it's the #1 enterprise language)

    [bold]Crystal[/bold]

    We talked about this a while back, someone coming from python will like the style, and it's pretty fast in some areas. Again, a new language so the libraries won't be the best

    [bold]Python[/bold]

    You already know python, granted, it's like 4 x slower than PHP, 20x slower than Go, but if you use Microsofts interpreter (I think it's called ironpython) it'll have very good speed.


    [bold]Javascript (node/typescript)[/bold]

    Fuck javascript.

    Edit: why is bold not working you fucking nigger cunt
    The following users say it would be alright if the author of this post didn't die in a fire!
  14. gadzooks Naturally Camouflaged [keratinize my mild-tasting blossoming]
    Originally posted by Sophie Well, i can write a webserver in one line of python code but that's not the issue here. I don't come from a JS background, matter of fact, i pretty much suck at all the web langs. That's for lack of practice i know. Flask is easy, and Django is manageable as well. But Node is like Electron, and Electron is dope because it's super easy to setup GUI's with it that are cross platform compatible. I think the trick is that they ship a chromedriver with the base package you write a web based GUI in a flavor of JS that is more understandable than vanilla JS, at least to me. I could just learn the web frameworks for Python but i want to be a full stack faggot. And Node and Electron seem infinitely more interesting to me than the Python based web frameworks to be honest.

    I can see the appeal with Electron and Chromium and all that. I haven't used them personally, but I guess it depends on what you want to accomplish, and also on certain subjective preferences.

    To me, Python just feels right, so that's what I use. Then for UI type stuff I just use standard HTML, CSS, and browser/client-side JS. That way I can accomplish anything that can be done with any other stack.

    But, again, which languages, frameworks, and environments you work in are going to ultimately come down to personal preference.

    Computational speed might also become a factor when scaling way up, and that's where criteria such as that mentioned by filtration would come into play. But you also want to generally avoid premature optimization.
Jump to Top