#StackBounty: #proxy #csrf #same-origin-policy #cors CSRF not working over CORS proxy

Bounty: 50

I’m consuming OData services from JQuery and running into a typical scenario of Same Origin Policy. I do not have control over the server and therefore I can not implement CORS so the only thing I can do is to use a proxy in order to bypass the same origin policy. In particular I use cors-anywhere. But I tried others and still having the same issue.

So, anyway, until then it is all cool, I’m able to save the situation with the proxy and to execute my ajax call with no problem, but, this only works for GET requests. Because, now the server also requires a CSRF token for POST, PATCH, etc and it looks like the token I obtain through a call to the server through the proxy:

resuest csrf

is not valid for my next consecutive requests to the server. Moreover, I notice that every time I request a CSRF token like this(http://localhost:9191/https://my-server) I obtain a different one, which is not happening if I do the request without using the proxy(https://my-server). So, my question is:

Would anyone be able to explain why this is happening and if so, is there any way to overcome this problem in order to be able to make requests from JS?

So far I’ve tried a number of things such as rewriting Host, Referrer, Origin and other headers in the proxy without success and though I could really use some help from this wise community here. Any comments or suggestions welcome.

Cheers,


Get this bounty!!!

#StackBounty: #microsoft-word #proxy Enable Word Plugin Through Proxy

Bounty: 50

Office 2013:

I like to use the word-addon Grammarlyby google in word but I’m stuck on the log in screen. Office is being allowed to connect to the internet so I think it is related to proxy authentication.
How can I enable proxy authentication for this addon?


Get this bounty!!!

#StackBounty: #web-server #http #proxy Proxy server with customizeable logic of selecting upstream server

Bounty: 100

I’m looking for a proxy server, written in any language, that would allow to customize selection of the upstream server somehow. For example to let it take a random upstream server from a list.


Get this bounty!!!

#StackBounty: #active-directory #proxy #adfs #window-server-2012 Connecting user in adfs from an external c# web app

Bounty: 50

I’m creating a web application that will be used by users that are included in an Active Directory.

Before we were connecting our app directly to the ad using LDAPS. My Client is now using ADFS and want to close the LDAPS “gateway”

I’m kind of lost, but here is my comprehension :

The ADFS will be on the same domainController as the AD. Since my web app is on another server also on another domain, my client will have to specify that the claims made from my server are trusted.

So here is my question :

1 – What does my client have to do in adfs ?

  • I saw the notion of relying party, but is this notion only used if I have also ADFS install on my server ? or am i in the right direction ?

2- Do I need to install anything on my server ?

  • I think my client will need to give me a certificate so my call are trusted.
  • Do I have to install ADFS to my server, the claims will be made between adfs(s) ?
  • Do I need to install an ADFS proxy ?

Thanks in advance, im kind of more lost than before the beginning of my search.

P.S. I can’t use the integrated visual studio tool to connect to ADFS because I have a mixed authentification (Database and ADFS)


Get this bounty!!!

#StackBounty: #tls #android #proxy #tools Nogotofail usage android pentesting

Bounty: 50

I was looking at the google tool: Nogotofail https://github.com/google/nogotofail

I used their examples to set it up and this works for the examples with proxychains.

But now I want to use it with my android device or android emulator (SDK or Genymotion). But this is where I just do not understand what I have to do.

I tried:
– Installing their “App” but this just crashes on my device or gives 2 options “SSL/TLS” and “HTTP” in an emulator and doesn’t do anything
– Just proxying all traffic to my machine on 8443, this gives a lot of bad handshake errors in nogotofail
– Proxying through Burp to nogotofail, which gives the same bad handshake errors.

From google’s documentation I understand that it should work on a router or VPN. But I don’t understand how to get that to work via my normal computer, and why it would not work by just proxying (like Burp works).

I think I am missing some base level understanding of this problem, but the documentation doesn’t help me with this.


Get this bounty!!!

#StackBounty: #linux #remote #proxy #gateway Linux Replacement of RD Gateway

Bounty: 50

Is there a way to replace RDS Gateway with some sort of linux based proxy. I know there some ways to do it with ssh/port forwarding, but this is to replace a current RDS Gateway our users utilize for remote access (~300 users). I need to support multiple windows clients using their native RDP to connect to their windows desktops on campus, using some sort of linux proxy in between.

From my searching, there are some solutions (xrdp,ssh proxy, port forwarding, etc) that sort of do what I need but they either aren’t user friendly or they involve using multiple/non-standard ports. Before I give up my search and succumb to paying MS Licensing for RDS, is it currently possible to use linux to proxy RDP from windows using their native client?

[Multiple Remote Windows Clients] => [Linux proxy/gateway] => [Corporate Windows Desktops]


Get this bounty!!!

#StackBounty: #proxy #openvpn OpenVPN through proxy, can't get client ip address

Bounty: 100

I have 3 pc’s:

  • pc1 hosts the VPN server
  • pc2 hosts a proxy server and acts as client 1
  • pc3 acts as client 2
  • pc3 shares a network with pc2, but not with pc1
  • pc2 shares a network with pc1.
  • client1 is connected through the proxy on pc2
  • client2 is also connected through the proxy on pc2

So the setup looks like this:

----------------
|      pc3     |
|  VPN Client2 |
|  10.100.0.3  |
----------------
       |
       | Network A
       |
----------------
|      pc2     |
| Proxy server/|
|  VPN Client1 |
|  10.100.0.2  |
----------------
       |
       | Network B
       |
----------------
|      pc1     |
|  VPN Server  |
|  10.100.0.1  |
----------------

Now, pc1 hosts a webserver which will get the ip address of the client making the request for the webpage.

When I make the request from PC2 I can correctly see the request came from PC2.

But when I make the request from PC3 I expected to see the VPN assigned ip address of 10.100.0.3, but instead I get the ip address from PC2 in the case when client 1 is connected, if client 1 is not connected will get the ip address of the VPN server itself (10.100.0.1)

I thought I created a direct ‘tunnel’ which would make pc1 think the request came directly from pc3, what am I doing wrong?


Get this bounty!!!

#StackBounty: #proxy #openvpn OpenVPN through proxy, can't get client ip address

Bounty: 100

I have 3 pc’s:

  • pc1 hosts the VPN server
  • pc2 hosts a proxy server and acts as client 1
  • pc3 acts as client 2
  • pc3 shares a network with pc2, but not with pc1
  • pc2 shares a network with pc1.
  • client1 is connected through the proxy on pc2
  • client2 is also connected through the proxy on pc2

So the setup looks like this:

----------------
|      pc3     |
|  VPN Client2 |
|  10.100.0.3  |
----------------
       |
       | Network A
       |
----------------
|      pc2     |
| Proxy server/|
|  VPN Client1 |
|  10.100.0.2  |
----------------
       |
       | Network B
       |
----------------
|      pc1     |
|  VPN Server  |
|  10.100.0.1  |
----------------

Now, pc1 hosts a webserver which will get the ip address of the client making the request for the webpage.

When I make the request from PC2 I can correctly see the request came from PC2.

But when I make the request from PC3 I expected to see the VPN assigned ip address of 10.100.0.3, but instead I get the ip address from PC2 in the case when client 1 is connected, if client 1 is not connected will get the ip address of the VPN server itself (10.100.0.1)

I thought I created a direct ‘tunnel’ which would make pc1 think the request came directly from pc3, what am I doing wrong?


Get this bounty!!!

#StackBounty: #proxy #openvpn OpenVPN through proxy, can't get client ip address

Bounty: 100

I have 3 pc’s:

  • pc1 hosts the VPN server
  • pc2 hosts a proxy server and acts as client 1
  • pc3 acts as client 2
  • pc3 shares a network with pc2, but not with pc1
  • pc2 shares a network with pc1.
  • client1 is connected through the proxy on pc2
  • client2 is also connected through the proxy on pc2

So the setup looks like this:

----------------
|      pc3     |
|  VPN Client2 |
|  10.100.0.3  |
----------------
       |
       | Network A
       |
----------------
|      pc2     |
| Proxy server/|
|  VPN Client1 |
|  10.100.0.2  |
----------------
       |
       | Network B
       |
----------------
|      pc1     |
|  VPN Server  |
|  10.100.0.1  |
----------------

Now, pc1 hosts a webserver which will get the ip address of the client making the request for the webpage.

When I make the request from PC2 I can correctly see the request came from PC2.

But when I make the request from PC3 I expected to see the VPN assigned ip address of 10.100.0.3, but instead I get the ip address from PC2 in the case when client 1 is connected, if client 1 is not connected will get the ip address of the VPN server itself (10.100.0.1)

I thought I created a direct ‘tunnel’ which would make pc1 think the request came directly from pc3, what am I doing wrong?


Get this bounty!!!

#StackBounty: #proxy #openvpn OpenVPN through proxy, can't get client ip address

Bounty: 100

I have 3 pc’s:

  • pc1 hosts the VPN server
  • pc2 hosts a proxy server and acts as client 1
  • pc3 acts as client 2
  • pc3 shares a network with pc2, but not with pc1
  • pc2 shares a network with pc1.
  • client1 is connected through the proxy on pc2
  • client2 is also connected through the proxy on pc2

So the setup looks like this:

----------------
|      pc3     |
|  VPN Client2 |
|  10.100.0.3  |
----------------
       |
       | Network A
       |
----------------
|      pc2     |
| Proxy server/|
|  VPN Client1 |
|  10.100.0.2  |
----------------
       |
       | Network B
       |
----------------
|      pc1     |
|  VPN Server  |
|  10.100.0.1  |
----------------

Now, pc1 hosts a webserver which will get the ip address of the client making the request for the webpage.

When I make the request from PC2 I can correctly see the request came from PC2.

But when I make the request from PC3 I expected to see the VPN assigned ip address of 10.100.0.3, but instead I get the ip address from PC2 in the case when client 1 is connected, if client 1 is not connected will get the ip address of the VPN server itself (10.100.0.1)

I thought I created a direct ‘tunnel’ which would make pc1 think the request came directly from pc3, what am I doing wrong?


Get this bounty!!!