How it works:
You —> Charles —> Internet
By sitting in between you and the Internet, Charles is able to pick up on every single network request that you send and receive. Once it picks up on some http requests, it shows you everything you need to know about it such as the headers in the request and the body of the response. It looks something like this:
This works great for http or unencrypted content, but what about https? Luckily there’s ways around that as well. Without going into the details, by installing a certificate on the device you want to debug, Charles can provide the same functionality for encrypted connections as well. Let’s use the Shopkick app as an example.
Trying to analyze the calls to https://app.shopkick.com doesn’t show any useful information because they’re encrypted over SSL. Let’s enable SSL Proxying.
And now we can see all that traffic in the clear.
Charles also allows us to copy the cURL command for a particular request. Let’s use this to simulate a login from the command line.
razvanbangu@Razvans-MacBook-Pro Fraudkick (master) $ curl -H "Host: app.shopkick.com" -H "X-Sts: 1459834233364" -H "X-Screen: 320,480" -H "X-App: shopkick/4.8.5" -H "X-Device: Apple/Unknown: iPhone4,1" -H "X-Device-Id: enhjbisq9flt3g37hegoctwf1s7gvkhtxks2lzry" -H "X-Sys: iPhone OS/9.0" -H "Proxy-Connection: keep-alive" -H "X-Client-Capabilities: 2" -H "Accept: */*" -H "Accept-Language: en-ca" -H "User-Agent: shopkick/1177 CFNetwork/758.0.2 Darwin/15.0.0" -H "X-Adv-Id: CD5B8AAC-32D4-4988-B217-349F3EDB6887" -H "X-Mac: 3DjMFoLY3Alb1HT-_aizd7FTyBU=" -H "X-API-Key: 0e8450ff-351e-406d-a365-03f735f87d9f" -H "Cookie: app_version=4.8.5; device=Apple/Unknown%3A%20iPhone4%2C1; device_id=enhjbisq9flt3g37hegoctwf1s7gvkhtxks2lzry; device_os=iPhone%20OS/9.0; device_type=Apple/Unknown%3A%20iPhone4%2C1" --data "password=<notmypassword>&device_id=enhjbisq9flt3g37hegoctwf1s7gvkhtxks2lzry&email=raz10%40razb.me&device_model=Unknown%3A+iPhone4%2C1&kcid=6Xl4mn7rEpgHUfmrIwdE203H3iKarm6Gf4%2FVaGH2LyU%3D-6Xl4mn7rEpgHUfmrIwdE203H3iKarm6Gf4%2FVaGH2LyU%3D-6Xl4mn7rEpgHUfmrIwdE203H3iKarm6Gf4%2FVaGH2LyU%3D" --compressed https://app.shopkick.com/shopkick/v1/user/login {"status": 0, "user_id": 16836985655, "user_info": {"first_name": "razzle", "is_google_plus_connected": false, "is_facebook_connected": false, "country": 1, "created_ts_utc": 1459823387000, "is_registered": true, "enrolled_loyalty_program_ids": [], "email": "[email protected]", "is_buy_and_collect_enrolled": false}, "client_app_ui_flags": {"aggregate_deals_enabled": true, "tab_navigation_enabled": true, "preselect_all_recommended_friends": false, "allowed_invite_media": "1,2,3", "show_kicks_center": true, "use_combined_store_and_deals_tab": false, "max_number_invalid_email_logs": 3, "saving_deals_enabled": true, "default_tab_context_override": "store", "show_new_card_linking_screen": false, "tab_context_order_override": ["store", "deals", "browse"], "number_of_recommendations": 10}, "session_key_base64_enc": "JRtCoHkdBjx6lA7xU+oUa3mgDmoltqNaj6YYvNPSNgbmYR6T49gzHEx6WWIkXUzoRcKgCP/FMmmmvLxtFZYfRg==", "common": {"popups_response": {"force_display": true, "popups": [{"type": 6, "layered_popup_details": {"text_views": [{"text": "Thanks for all your shopkick love - you've logged in on an additional device. Just remember that you can only do walk-ins and scans with one device at a time and can't share devices with your friends.", "frame": {"y": 155, "x": 20, "height": 200, "width": 280}, "style": {"color": "FFFFFF", "font_size": 14, "font_name": "HelveticaNeue"}, "android_style": {"color": "FFFFFF", "font_size": 14, "font_face": "Roboto"}}, {"text": "Did you know?", "frame": {"y": 80, "x": 0, "height": 100, "width": 320}, "style": {"color": "FFFFFF", "font_size": 40, "font_name": "HelveticaNeue-Light"}, "android_style": {"color": "FFFFFF", "font_size": 40, "font_face": "Roboto"}}], "buttons": [{"action": {"type": 1}, "image_view_info": {"frame": {"y": 0, "x": 0, "height": 460, "width": 320}, "image_url": "https://app2.shopkick.com/shopkick/images/generic_buttons/transparent_dismiss.png#2x&1_5x"}}], "image_views": [{"frame": {"y": 0, "x": 0, "height": 50, "width": 50}, "image_url": "https://app2.shopkick.com/shopkick/images/generic_buttons/close_button.png#2x&1_5x"}]}}]}, "request_id": "ChPAjAAAz1wABS+2TB5dSA"}}
Charles is great for debugging mobile apps which mostly only make use of http connections, however in order for this to work on a mobile device we need to configure the device to use our computer as a proxy. On iOS you can do this by going to the wifi settings and scrolling down to the HTTP Proxy section. Fill in the details to match your computer where Charles is running.
Once that is done, open safari and navigate to http://charlesproxy.com/getssl That will prompt you to install the Charles certificate and allow you to debug SSL connections coming from your device.
Happy debugging!
]]>In order to achieve this, what we are going to do is link together a chain of computers starting with yours, going all the way around the world, and ending right back where it started; with yours. After setting that up, we will be sending a picture of yourself from yourself to yourself, and in the process circumnavigating the world.
Before we begin, I will be using DigitalOcean to spin up our servers. If you want to follow along at home, DigitalOcean offers new users a promo code to get you up and running for free. Use: DONEWS or you can use my personal promo url: m.do.co/c/74fd80a9022a the choice is yours.
After creating an account with DigitalOcean, you will want to set up an SSH key for use with your servers. DigitalOcean has a great tutorial on how to set that up which you should follow and complete before reading further.
Now, we will spin up 6 servers, one in each of the following data centres: San Fransisco, New York, London, Amsterdam, Frankfurt, and Singapore. Upon creating each server, select Ubuntu 14.04.4, the $5/month option, and add your SSH key.
NOTE: All commands in this tutorial are assumed to be executed by the root user.
Once all of your servers are up and running, SSH into every one of them and set a root password. For the sake of simplicity, we will be communicating between our servers via SSH root@host. You probably do not want to do this in practise.
Before we go any further, it may be worth confirming that a request from Singapore->San Fransisco does indeed go across the Pacific Ocean to complete the loop around the world. In order to do that, SSH into your Singapore machine and type in the following command:
$ traceroute <San Fransisco IP Address> -T
Replacing <San Fransisco IP Address> with the actual address of your San Fransisco server.
If all goes well, you should see output similar to this:
root@AroundTheWorldSingapore:~# traceroute 192.241.221.191 -T traceroute to 192.241.221.191 (192.241.221.191), 30 hops max, 60 byte packets 1 128.199.191.253 (128.199.191.253) 0.477 ms 128.199.191.254 (128.199.191.254) 0.474 ms 0.452 ms 2 103.253.144.233 (103.253.144.233) 0.440 ms 103.253.144.229 (103.253.144.229) 0.449 ms 0.429 ms 3 116.51.27.189 (116.51.27.189) 1.371 ms 103.253.144.249 (103.253.144.249) 0.440 ms 116.51.27.189 (116.51.27.189) 1.596 ms 4 ae-1.r20.sngpsi05.sg.bb.gin.ntt.net (129.250.3.146) 14.718 ms 116.51.27.189 (116.51.27.189) 1.692 ms ae-1.r20.sngpsi05.sg.bb.gin.ntt.net (129.250.3.146) 14.708 ms 5 ae-8.r22.snjsca04.us.bb.gin.ntt.net (129.250.3.48) 167.050 ms 178.774 ms ae-1.r20.sngpsi05.sg.bb.gin.ntt.net (129.250.3.146) 14.732 ms 6 ae-19.r01.snjsca04.us.bb.gin.ntt.net (129.250.3.27) 181.920 ms ae-8.r22.snjsca04.us.bb.gin.ntt.net (129.250.3.48) 168.298 ms 169.413 ms 7 ae-40.r02.snjsca04.us.bb.gin.ntt.net (129.250.3.121) 175.240 ms ae-4.r05.plalca01.us.bb.gin.ntt.net (129.250.5.32) 197.201 ms ae-40.r02.snjsca04.us.bb.gin.ntt.net (129.250.3.121) 187.610 ms 8 xe-0-4-0-17.r06.plalca01.us.ce.gin.ntt.net (129.250.203.82) 168.083 ms ae-4.r05.plalca01.us.bb.gin.ntt.net (129.250.5.32) 182.682 ms xe-0-0-0-23.r05.plalca01.us.ce.gin.ntt.net (129.250.204.118) 181.313 ms 9 xe-0-0-0-23.r05.plalca01.us.ce.gin.ntt.net (129.250.204.118) 186.122 ms 198.199.99.238 (198.199.99.238) 184.223 ms xe-0-4-0-17.r06.plalca01.us.ce.gin.ntt.net (129.250.203.82) 178.457 ms 10 192.241.221.191 (192.241.221.191) 186.219 ms 176.327 ms 172.506 ms
Taking a look at lines 4 and 5, we can see that our packet went from sg.bb.gin.ntt.net to us.bb.gin.ntt.net and the time across those two nodes spiked from 14.718ms to 167.050ms. This is pretty promising that our packets do in fact cross the ocean. Now we can continue with linking our servers together.
In order to move data from one server to another, we’re going to use SSH port forwarding. In this tutorial I will explain how to do this for the first and last server, and the process for the ones in the middle is pretty much identical.
SSH into all of your servers, modify /etc/ssh/sshd_config, and add the following line to the file:
GatewayPorts clientspecified
After saving, restart ssh:
$ service ssh restart
This allows us to specify which interface the next machine in the chain should listen on.
Now, from your San Fransisco server, execute the following command:
$ screen ssh -L <San Fransisco IP Address>:4455:<New York IP Address>:4455 <New York IP Address>
This tells our San Fransisco server to forward all requests to its port 4455 over to our New York Server’s port 4455. Repeat this process for New York -> London, London -> Amsterdam, Amsterdam -> Frankfurt, and lastly Frankfurt -> Singapore.
If you are using OSX, before going onto the last step you need to allow remote login to your mac. To do this, go to Settings -> Sharing-> Remote Login. Make sure it is checked.
For the last link in the chain, we must hook up our Singapore server to our local computer. From your personal computer, execute the following command:
$ screen ssh -R <Singapore IP Address>:4455:localhost:22 <Singapore IP Address>
At this point, you now have a complete chain of computers starting from San Fransisco, around the world to Singapore, and finally crossing the Pacific Ocean and back to your personal computer.
Now, it is time to actually send a picture of yourself around the world.
Navigate to the directory of the picture you want to send, and execute the following command:
$ scp -P 4455 <picture> root@<San Fransisco IP Address>:/
This command is normally used to copy the file <picture> from your local machine to the / directory of the San Fransisco server. However, since we are specifying -P 4455, which the San Fransisco server is forwarding to New York, the copy file command gets forwarded to the New York server instead. And since the New York server is forwarding port 4455, the chain goes on all the way up to Singapore which is configured to forward its port 4455 to your local personal computer’s port 22.
Your beautiful picture travelled from your computer to San Fransisco, New York, London, Amsterdam, Frankfurt, Singapore, and back to your computer.
Congratulations! You have officially gone around the world!
A quick time profile gives us the following results:
root@Razvans-MacBook-Pro Desktop $ time scp -P 4455 selfie.JPG [email protected]:/ selfie.JPG 100% 19KB 19.4KB/s 00:00 real 0m12.866s user 0m0.019s sys 0m0.009s
Alas in just 12.866 seconds you have travelled over 20,000 miles. You deserve a break.
]]>
Upon getting access to the VPS I immediately tried the first thing anyone would try, and that of course was running a Minecraft server on it. I was very excited about the possibility of hosting a completely free Minecraft server for my friends and I to enjoy, until I realized that it was impossible to connect to the server from the Internet.
So, I gave up and ran my Minecraft server on AWS instead. Thanks for reading.
Just kidding. I came across SSH reverse tunnels instead.
SSH is an incredibly powerful tool which is capable of doing a lot more than just being a secure shell to a remote machine. One of the additional features it has is reverse tunnelling.
Imagine you have two machines: MachineA, and MachineB.
MachineA can create outgoing connections, but can not accept incoming connections.
MachineB accepts both incoming and outgoing connections.
MachineA establishes an SSH connection to MachineB, and configures MachineB to forward all requests to port 8080 over to MachineA’s port 2020 (using the same SSH connection).
It looks something like this:
MachineB <—SSH—- MachineA // Establish the connection MachineB:8080 —SSH—> MachineA:2020 // Port forwarding over the established connection
This works fine because MachineA is not relying on any incoming connections made directly to it, but rather is able to accept incoming connections which arrive at MachineB. Now all I needed was another server which is not behind a firewall to act as MachineB.
Fortunately I have several small, inexpensive servers which were perfect for the job.
Using this functionality of SSH, I was able to piggy back one of my weaker servers to act as a proxy for the stronger server which was running Minecraft. My friends would connect to my weak server port 8080, and get forwarded over the SSH tunnel to the Minecraft server sitting behind a firewall on port 2020.
Alas, we were finally able to play Minecraft.
]]>