Google Analytics

Monday, May 23, 2016

Update to VM_URL_Passer

Adding a simple bit of authentication to the VM URL Passer scripts.

Edit: Updated code can always be found on my github:

I got tired of network scans causing my script to open new Chrome windows, so I'm adding a bit of authentication.  Keep in mind that all of the data is still passed in cleartext, so this is not making it more secure to people wanting to force you to check out a website with a horrible photo but rather causing innocuous port scanners to not cause random popups.  

The updated client and server is as follows:

use IO::Socket::INET;

# auto-flush on socket
$| = 1;

# creating a listening socket
my $socket = new IO::Socket::INET (
    LocalHost => '',
    LocalPort => '7777',
    Proto => 'tcp',
    Listen => 5,
    Reuse => 1
die "cannot create socket $!\n" unless $socket;
print "Running on port 7777\n";

    # waiting for a new client connection
    my $client_socket = $socket->accept();

    # get information about a newly connected client
    my $client_address = $client_socket->peerhost();
    my $client_port = $client_socket->peerport();
    #print "connection from $client_address:$client_port\n";

    # read up to 1024 characters from the connected client
    my $data = ""; 
    $client_socket->recv($data, 4096);
    my @datastring = split('~~',$data);
    if ($datastring[0] eq "myweakasspassword"){
         print "received data: $datastring[1]\n";
         system("'/usr/bin/google-chrome' \"$datastring[1]\"");
         print "Wrong password.";

    # write response data to the connected client
    $data = "ok";

    # notify client that response has been sent
    shutdown($client_socket, 1); 


use IO::Socket::INET;

# auto-flush on socket
$| = 1;

# create a connecting socket
my $socket = new IO::Socket::INET (
    PeerHost => '',#IP of the host machine
    PeerPort => '7777',
    Proto => 'tcp',
die "cannot connect to the server $!\n" unless $socket;
print "connected to the server\n";

# data to send to a server
my $req = "$ARGV[0]";
my $pass = "myweakasspassword";
my $data = "$pass\~\~$req";
my $size = $socket->send($data);
#print "sent data of length $size\n";

# notify server that request has been sent
shutdown($socket, 1);

# receive a response of up to 1024 characters from server
#my $response = "";
#$socket->recv($response, 1024);
#print "received response: $response\n";


The only real change is that the client now sends a "password" to the server separated by two tilde (~~).  The server splits the string into an array on "~~" and treats the first part as a password and the second as the actual data.  

Again: this isn't secure, but it doesn't really need to be.  Just a quick hack to make VMs a little bit more usable.