Network Programming in .NET

Cloudflare, one of the largest CDN / DDOS protection networks in the world launched a $100M developer fund, so I thought I should take the time to learn a bit about it.

Cloudflare apps, are effectively HTML widgets that you can embed in your webpages, I guess to try and make it easier for developers to drag and drop code that was developed by third parties.

The demo video showed how to use Cloudflare apps to embed a Youtube video into a webpage. Obviously a contrived example, since it would be just as easy to embed the youtube video, than to embed a cloudflare app pointing to a youtube video, but it gets you started.

I wanted to create a cloudflare app that implements the functionality of Avatar API (http://www.avatarapi.com) – a service that returns profile pictures from email addresses.

Effectively, the app has two component parts, an install.json file that defines the properties of the app, and app.js a javascript file that implements the app.

Here’s my install.json

{
“resources”: {
“body”: [
{
“type”: “script”,
“src”: “./app.js”
}
]
},
“options”: {
“properties”: {
“location”: {
“type”: “object”,
“format”: “element”,
“title”: “location”
},
“email”: {
“type”: “string”,
“title”: “Email Address”
}
}
}
}

And here’s my app.js

(function() {
if (INSTALL_OPTIONS.email.indexOf(“@”) == -1) {
INSTALL_OPTIONS.email = “peter.smith@gmail.com”;
}
var el = CloudflareApps.createElement(INSTALL_OPTIONS.location);
el.innerHTML = “https://www.avatarapi.com/iframe.aspx?email=%20+%20INSTALL_OPTIONS.email%20+%20&size=128“;
})()

The weakest point of security on a network can often be its users. If a disgruntled employee emails your server passwords to a competitor, there is no firewall or anti-virus that can detect this.

Systems like Firewalls and Antivirus software stop unauthorised users access your network, but authorised users being either careless or malicious with your sensitive data is not something that would be detected or prevented by standard network security.

What this software does, is allow you define a set of “Red Flags”, which can be either password fragments, or other sensitive data, and then it will listen silently to network traffic until such time as the user tries to send this sensitive data insecurely over the network.

If an insecure transmission of sensitive data is detected, then immediately an email is sent to the network administrator, who can take action by resetting the passwords on any compromised systems, and track down the perpetrator of the leak via the user’s computer name and IP address.

Although this system does not prevent the transmission of sensitive data over the network, it does detect when such transmission has occurred, and allows prompt action to limit the damage caused by such a leak.

Want to learn more ? head on on over to https://www.activeintrusiondetection.info and install the software – It’s free, please spread the word.

A recently released software package, named “Active Intrusion Detection”, or “AID” for short has been developed by an Irish software development company named Infinite Loop, which aims at addressing this significant security hole in modern data networks.
What this software does, is allow the network administrator to define a set of “Red Flags”, which can be either password fragments, or other sensitive data, and then set the software to listen silently to network traffic until such time as the user tries to send this sensitive data insecurely over the network.

If an insecure transmission of sensitive data is detected, then immediately an email is sent to the network administrator, who can take action by resetting the passwords on any compromised systems, and track down the perpetrator of the leak via the user’s computer name and IP address. Although this system does not prevent the transmission of sensitive data over the network, it does detect when such transmission has occurred, and allows prompt action to limit the damage caused by such a leak.

Understanding Red Flags
The concept behind the Active Intrusion Detection system is the idea of “Red Flags”. These are network-administrator defined pieces of text that indicate a data breach has occurred. A sample “Red Flag” could be a password fragment to your production servers. It would be a network admin’s worst nightmare to think that a junior developer in a company decided to post the production server’s administrator password onto a public forum. Even if there was no malicious intent, the security risk would be considerable.
The “Red Flag” itself should be long enough so that it would not randomly occur in a stream of network traffic that could be completely unrelated, such as within a video or audio data, but at the same time, should not itself be identifiable enough to become an attack vector in of itself. So a long fragment would be ideal.
Other possible triggers could include a password for a “dummy” user in a database. This particular user would not be normally accessible to regular users of a system, but if the password were to be detected in network traffic, then it would be an indication that a hacker or careless employee was creating an insecure dump of the users database.
Installation At present, the software is available for 64 bit Windows, but a Linux and Mac OS version is in the pipeline, it can be downloaded from https://www.activeintrusiondetection.info/ for free, and it installs as a Windows Service on the local machine. Once installed, the website will detect a local installation, and allow the administrator define configuration settings such as selecting the network
adaptor to monitor, and the “Red Flags”, or snippets of sensitive data that would indicate an imminent data breach.

After downloading the ZIP file from the download link on the website, there will be a readme file, the WinPCap driver installation executable, and the Active Intrusion Detection Monitor installation file contained within the ZIP.

The core functionality of the monitoring software is provided by WinPCap, which is a network packet capture driver, which is used by software packages such as WireShark – a popular network packet sniffing tool. This driver should be installed prior to the installation of the Windows service. You can install using the bundled WinPCap installer, or download the latest version from https://www.winpcap.org
After WinPCap is installed, then the Active Intrusion Detection software can then be installed, this is done by clicking on the MSI, or setup.exe, and following the on-screen instructions. Once this is installed, a new Windows service named "Active Intrusion Detection" will be installed on the local system, and begin running. On first run, this will await configuration via the website https://www.activeintrusiondetection.info/ Once installed, the user should visit the website https://www.activeintrusiondetection.info, from the same PC that you have installed the Windows service, where the website should detect a local installation, and ask you to configure the service. You then press the configure button to continue.
On Filling out the form, including an email address, a password, selecting the network adaptor connected to the Internet, and add a Red Flag (a piece of text that represents some sensitive data that you don’t want to be sent insecurely). Then press Save.
Within 30 seconds the Windows Service should detect the change and begin monitoring your Network, and the Windows service should transition between the “Starting” and “Running” states.

Limitations and caveats
Active Intrusion Detection does not prevent or block a hacker or careless employee from sharing company secrets with the outside world, but it can help notify network admins to that they can act swiftly to reset passwords, or otherwise nullify the effect of the breach. If the data being leaked is sent via secure means, such as over a VPN, or HTTPS, then the network monitor will not detect the breach – however, it would be most effective against accidental data leaks by careless employees, rather than hackers who are aware of all the security systems employed within a network.

A recent routine security review discovered a file containing some users’ names, emails and hashed passwords was publicly accessible on a third-party system.

…

The names, emails and hashed passwords in the file belong to users who registered on data.gov.uk on or before 20 June 2015.

This effectively means that the security breach probably happened on the the 20th of June 2015, and the UK government only discovered it now, 2 years later!

If you’ve ever used the Hola plugin to mask your IP, or pretend you are in a different country in order to watch video streaming for another country, then you may be surprised to know it uses your PC as a proxy server, for companies to route web requests via your machine in order to do – who knows what. Access to this network starts at $500 a month, so they earn well from using your computer, and internet connection.

I’m certain this is all in the small print, and all legal, but is it moral?

But, this is a development blog, so let’s see how to code this; I’m using C#, and the username and passwords have been removed for privacy reasons.

var client = new WebClient
{
Proxy = new WebProxy(“zproxy.luminati.io:22225”)
{
Credentials = new NetworkCredential(“xxx”, “yyy”)
}
};
var strIp = client.DownloadString(“http://icanhazip.com/”);
Response.Write(strIp);

In order to get a username / password, you need to sign in to Luminati

Just to mention one of my own websites ; I maintain a list of proxies here – http://proxy.apixml.net/

Process credit card payments via an iPhone or iPad app, via Stripe using this app

https://itunes.apple.com/us/app/credit-card-payment/id1245576958?mt=8

Once you open the app, you are prompted to create a new Stripe Account, or connect to an existing account. Once done, you simply enter the amount, currency and the customer’s credit card details, to get paid into your Stripe account. Once in your stripe account, they will make bank transfers out to your bank account.

The app was developed in Cordova / Ionic – and the feature for scanning the credit cards is using the CardIO plugin. The back-end is in ASP.NET over HTTPS, and there is no database connected to it, so no data is stored about the transactions on our servers (Although stripe has this info)

Open Subtitles is a great online resource for finding subtitles for movies online, and you can also interact with it programmatically using their XML-RPC API – but it’s quite complex, so it’s best to start with a pre-built library.

I went for this library on SourceForge – https://sourceforge.net/projects/opensubdotnet/

it had a demo console app that works out of the box, but you should register your own user agent with OpenSubtitles, so they know who you are.

I needed a two step process for my app – which you can download on iTunes here:

https://itunes.apple.com/gb/app/open-subtitles/id522825951?mt=8

The first was to make a search for movies by name; which you can do using the opensubdotnet library below;

OSDotNetSession session = OSDotNetSession.LogIn(“”, “”, “en”, “**YOUR USER AGENT HERE**”);

List<SearchSubtitleResult> List = session.SearchByQuery(Request.QueryString[“film”]);

Then, once you get that list of films, with language variations, you can ask the user to select one, you can get the download link at this stage, however, if you need to do any server processing of the subtitles, then you can’t just download this and unzip it, since OpenSubtitles will block your server for not being a human (a captcha)

But, I get the IMDB ID and Subtitle File at this stage, and pass it through to the next step

OSDotNetSession session = OSDotNetSession.LogIn(“”, “”, “en”, “**YOUR USER AGENT HERE**”);
List<SearchSubtitleResult> List = session.SearchByImdbId(strImdb);
SearchSubtitleResult selected = List.First(f => f.IDSubtitleFile == strSubtitleID);
MemoryStream mem = session.DownloadSubtitle(selected);
string strLang = selected.ISO639.ToLower();
Encoding enc = Encoding.GetEncoding(“iso-8859-1″);
if (strLang==”he”) enc = Encoding.GetEncoding(“iso-8859-8″);
if (strLang==”el”) enc = Encoding.GetEncoding(“iso-8859-7″);
if (strLang==”ar”) enc = Encoding.GetEncoding(“iso-8859-6”);
StreamReader sr = new StreamReader(mem,enc);
string strText = sr.ReadToEnd();

Note that you need to be careful with text encodings here. The text is not necessarily going to be in the latin (i.e. english) alphabet. So I have made exceptions here for Hebrew (he), Greek (el) and Arabic (ar). This should be extended for Chinese, Korean, Japanese, Russian, Thai, Hindu, Georgian etc., but if anyone wants to complete that list, please comment below.

Converting images to text has long been quite a difficult task for computers to perform, since it requires a type of fuzzy-logic, where things are not exact or precise.

We’ve developed a OCR web service, where you can submit a image either as a base-64 encoded string, or as a URL to an image that is hosted somewhere online.  – by default, it is set to recognise one line of text (not a page), but you can change that via the extraArguments, psm settings.

Check out the new API at http://ocr.apixml.net

And for those who don’t want to read, here’s how to make a GET request to the API:

GET /ocr.asmx/ProcessUrl?url=string&extraArguments=string HTTP/1.1
Host: ocr.apixml.net

I’ve listed a few devices that I’ve previously used to test apps; and they’re all listed on ebay for a quick sale –

Apple iPod touch 6th Generation Space Grey (16GB) 

HTC android phone, unknown model

Apple iPhone 3G – 8GB – Black (Unlocked) Smartphone (MB48…

nokia xl

We naturally count in base 10 (decimal), and if you do some programming, then you’ll be familiar with base 2 (binary), and base 16 (hex).

So, what about if you wanted to make your own custom base, like base 36 or base 25?, here’s some code to covert a custom base (base36) to decimal and back again

private static int ConvertToBaseAlpha(string alpha)
{
string strBase = “ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890”;
int intValue = 0;
int intPower = 1;
foreach(char c in Enumerable.Reverse(alpha.ToCharArray()))
{
var intPosValue = strBase.IndexOf(c);
intValue += intPosValue * intPower;
intPower *= strBase.Length;
}
return intValue;
}

private static string ConvertFromBaseAlpha(double alpha)
{
string strBase = “ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890”;
string strValue = “”;
int intPower = strBase.Length;
while((int)alpha!=0)
{
var intMod = (int)(alpha % intPower);
alpha /= intPower;
strValue = strBase.Substring(intMod, 1) + strValue;
}
return strValue;
}

Want to send a fax directly from your iPhone or iPad, this app lets you do it;

https://itunes.apple.com/gb/app/fax-off/id1243420093?mt=8

It’s cheekily called “Fax Off!”, and it lets you upload any document that’s stored on cloud storage, be that Dropbox, Google Drive, Box.com, and many others, and send it via a Fax to anywhere in the world.

Technically, it’s running on Ionic / Angular / Cordova frameworks, with Twilio and Filestack doing the back-end.