Archive for September, 2021

#Ajax #Proxy add HTTP proxy support to Ajax requests with

This is a new tool that developers can add to their toolbelt. transparently permits the use of HTTP proxies from JavaScript Ajax requests. It also bypasses CORS restrictions, to help with accessing services not designed for direct consumption from client-side JavaScript.

What is it

If you need to use a HTTP Proxy with Ajax, this polyfill library will allow you to specify a HTTP proxy to be used with Ajax requests. This could be useful to ensure that your Ajax requests come from a fixed IP address.


Step 1;

Add the library AjaxProxy.js from the following URL

<script src=””><script>

Step 2;

Before any Ajax requests are made, call 


Step 3:

Define your Proxy server as follows;

ajaxProxy.proxy.url = “http://<your proxy>”;

ajaxProxy.proxy.credentials.username = “<proxy username>”;

ajaxProxy.proxy.credentials.password = “<proxy password>”;

Step 4:

If you are using JQuery, then modify your $.Ajax to add 

headers: ajaxProxy.proxyHeaders()

Such as like follows;


    type: “GET”,

    url: “https://ICANHAZIP.COM&#8221;,

    headers: ajaxProxy.proxyHeaders(),

    dataType: “text”

}).done (function (data) {



If you are using plain XHR requests, then add xhr.addProxyHeaders(); 

Such as shown below;

var xhr = new XMLHttpRequest();

xhr.onreadystatechange = function() {

    if (this.readyState === 4 && this.status === 200) {



};“GET”, “https://ICANHAZIP.COM&#8221;, true);



Step 5:

If you run your code, then the request should be proxied through your proxy server.

Under the hood. 

What is happening? In effect, this goes through two levels of proxies, first your request is sent to an AWS Lambda function, which checks for the following http request headers;

X-target : The destination URL

X-proxy : The proxy HTTP Address

X-proxy-username: The proxy username

X-proxy-password: The proxy password

Please note that if your proxy is limited by IP address, then this technique will not work, since the egress IP for the AWS Lambda function is dynamic. You will need a proxy that is either open (not advised), or restricted by username and password.

The AWS Lambda function will then make a connection to your proxy server, and supply it with the original destination URL, and will pass through other common headers such as the Content-Type and Authorization headers. 

Additional security

Using the technique above, your proxy username and password will be visible to anyone who can view the source of your website. If you have an intranet, and trust your users, then this may be fine, however, we do recommend taking the following security step;

You can encrypt your proxy username and password by calling:


Which will return a string such as follows


You can pass this string in place of the username and/or password and the script will do the decryption under the hood. 

There is no public method to reverse this encryption, so it is not possible for an attacker to reverse engineer your password without stealing our private keys, which we keep secret. 

Additions / Requests

This library has been offered for free, it was developed for internal use, but we are offering it to the public out of goodwill and public service. Please do not abuse this service, we will throttle requests from excessive usage.

If you would like an addition to this software, or need help with your specific application, then we may be able to help. However, nothing in this life is for free, so we do invite you to sponsor this project, if you would like an addition or change made to it.

We can supply source code if required, under NDA, please contact us for more information. 

Categories: Uncategorized

Intercept #AJAX “open” statements in #JavaScript

If you want to change the default behaviour of AJAX across your website, perhaps you want to make sure that every AJAX called is logged before executing, or that it is somehow audited for security before being called, you can use interceptor scripts in Javascript that override the default functionality of the XMLHttpRequest object that is behind every AJAX call, even if a library like JQuery is used ontop of it.

So, for instance, if you wanted to catch the body of all POST requests sent via AJAX, you could do this;

(function(send) {
    XMLHttpRequest.prototype.send = function(body) {
        var info="send data\r\n"+body;
        alert(info);, body);

Or, if you wanted to change the destination of all AJAX requests such that all communications are sent via a logging service first, then you could do this;

(function(open) { = function(verb,url,async,user,password) {     , verb,"",async,user,password);
	this.setRequestHeader("X-Original-URL", url);

Where is obviously fictitious.

Hope this is useful to somebody!

Categories: Uncategorized

Car Registration #API now available via #NuGET

NuGet is the de-facto package manager for .NET, and as perhaps a major oversight, the Car Registration API was never available via a NuGet Package.

We’ve put this live today, here: and here is are the steps to use it;

Install the following three NuGet Packages

Install-Package LicensePlateAPI 
Install-Package System.ServiceModel.Primitives
Install-Package System.ServiceModel.Http

Then, assuming you’ve already opened an account, here is some sample code;

var client = LicensePlateAPI.API.GetClient();
var car = client.CheckAsync("{LICENSE PLATE}", "{USERNAME}").Result;

Where evidently {LICENSE PLATE} and {USERNAME} are placeholders. “CheckAsync” checks for UK license plates, but you can change this to any country by using CheckUSAAsync or Check<Country>Async.


Categories: Uncategorized
%d bloggers like this: