Adding a simple bit of authentication to the VM URL Passer scripts.
Edit: Updated code can always be found on my github: https://github.com/dhowdy/VM-URL-Passer/
I got tired of network scans causing my script to open new Chrome windows, so I'm adding a bit of authentication. Keep in mind that all of the data is still passed in cleartext, so this is not making it more secure to people wanting to force you to check out a website with a horrible photo but rather causing innocuous port scanners to not cause random popups.
The updated client and server is as follows:
VM_URL_Passer_Server.pl
#!/usr/bin/perl
use IO::Socket::INET;
# auto-flush on socket
$| = 1;
# creating a listening socket
my $socket = new IO::Socket::INET (
LocalHost => '0.0.0.0',
LocalPort => '7777',
Proto => 'tcp',
Listen => 5,
Reuse => 1
);
die "cannot create socket $!\n" unless $socket;
print "Running on port 7777\n";
while(1)
{
# waiting for a new client connection
my $client_socket = $socket->accept();
# get information about a newly connected client
my $client_address = $client_socket->peerhost();
my $client_port = $client_socket->peerport();
#print "connection from $client_address:$client_port\n";
# read up to 1024 characters from the connected client
my $data = "";
$client_socket->recv($data, 4096);
my @datastring = split('~~',$data);
if ($datastring[0] eq "myweakasspassword"){
print "received data: $datastring[1]\n";
system("'/usr/bin/google-chrome' \"$datastring[1]\"");
}else{
print "Wrong password.";
}
# write response data to the connected client
$data = "ok";
$client_socket->send($data);
# notify client that response has been sent
shutdown($client_socket, 1);
}
$socket->close();
url_tcp_client.pl
#!/usr/bin/perl
use IO::Socket::INET;
# auto-flush on socket
$| = 1;
# create a connecting socket
my $socket = new IO::Socket::INET (
PeerHost => '192.168.100.100',#IP of the host machine
PeerPort => '7777',
Proto => 'tcp',
);
die "cannot connect to the server $!\n" unless $socket;
print "connected to the server\n";
# data to send to a server
my $req = "$ARGV[0]";
my $pass = "myweakasspassword";
my $data = "$pass\~\~$req";
my $size = $socket->send($data);
#print "sent data of length $size\n";
# notify server that request has been sent
shutdown($socket, 1);
# receive a response of up to 1024 characters from server
#my $response = "";
#$socket->recv($response, 1024);
#print "received response: $response\n";
$socket->close();
Again: this isn't secure, but it doesn't really need to be. Just a quick hack to make VMs a little bit more usable.
No comments:
Post a Comment