PHP Command Line Telnet Client

A while ago I wrote a single line PHP Command line client.

while (1) {  fputs(STDOUT, "\n\-PHP$ "); eval(trim(fgets(STDIN))); }

Recently I needed to test an XMPP server and found out that Windows7 does not have telnet enabled by default. Usually I'd just use putty as it supports telnet also but wondered if I could just do this from the command line via PHP. Well here it is, a PHP command line telnet client.

echo "PHP Telnet Client. (c) 2011 Fiji Web Design, http://www.fijiwebdesign.com.\n";

$opts = getopt("h:p:") or die("Invalid options. Please supply -h [host] -p [port]");

$host = $opts['h'];
$port = $opts['p'];

$fp = fsockopen($host, $port) or die("Could not connect to host ($host) on port ($port)");
echo "Connected to server...\n";

stream_set_blocking($fp, 0);

while (1) {

  $input = (fgets(STDIN));
  fwrite($fp, $input) or die('Could not write to server');
  sleep(1); // let server respond

  $out = '';
  while($buf = fread($fp, 2028)) {
    $out .= $buf;
  }

  if ($out != '') echo $out;

}

Now that isn't one line like the PHP command line client. Also, if you are on windows and a version of PHP lower then 5.3, you will not have the getopt() function. To solve this here is a substitute for getopt().

if (!function_exists('getopt')) {

  function getopt($opts) {
      $argv = $_SERVER["argv"];
      $result = false;
      $opts_array = explode(':', $opts);
      foreach($opts_array as $opt) {
          $key = array_search('-' . $opt, $argv);
          if($key && !in_array($argv[$key+1], $opts_array)) {
              $result[$opt] = trim($argv[$key+1]);
          } elseif($key) {
              $result[$opt] = '';
          }
      }
      return $result;
  }

}

Save the PHP code to a file, I call it telnet.php. Then open the shell and navigate to the directory which has telnet.php and type in:

php telnet.php -h [hostname] -p [port]

For example:

php telnet.php -h google.com -p 80

This will open a connection to google.com on the http port. Then you can type in your HTTP headers:

GET / HTTP/1.1
HOST: google.com

Then press enter twice, because HTTP requires that you send a newline to terminate the HTTP headers. Google.com should respond with the headers and HTML of the Google website.

You can telnet into any listening TCP port so for instance you can test XMPP servers.

php telnet.php -h talk.google.com -p 5222

Then send your XMPP stanzas.

Or even telnet into an email server and send or retrieve emails.

Notes

The socket connection to the server your are telneting to is currently non-blocking while the read from STDIN is currently blocking. This causes the response from the server to not show until you hit enter (send \n) a few times. It would be better design to have both streams non-blocking and do a socket_select() call but the current works for now and does not require socket_select() support which I believe requires php built with sockets support. The current implementation should work without that support but does use up a lot of CPU with the while(1) loop.

Google could be keeping track of the time you spend online through Firefox

Firefox seems to be giving Google some pretty revealing information in regular updates, even when you're not visiting Google.

Opening up Wireshark (formely Ethereal) and examining network traffic going through my machine I've noticed time and time again, HTTP requests to Google even when Firefox is sitting idle. I attributed this to having Gmail open, thinking it must be one of those Javascript Remoting calls or XMLHttpRequests going on in the background.

Today I noticed it again, and realized that I only had a page on my local web server open. It definitely could not be sending HTTP requests to Google.

Filtering out just the single TCP request revealed this:

GET /safebrowsing/update?client=navclient-auto-ffox&appver=2.0.0.13&version=goog-white-domain:1:30,goog-white-url:1:371,goog-black-url:1:20001,goog-black-enchash:1:48465 HTTP/1.1
Host: sb.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: SID=<snip>; MPRF=<snip>; NID=9=<snip>; PREF=ID=<snip>:TM=<snip>:LM=<snip>:DV=<snip>:GM=<snip>:IG=<snip>:S=<snip>; rememberme=<snip>
Cache-Control: max-age=0

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Cache-Control: public,max-age=600
Content-Encoding: gzip
Server: TrustRank Frontend
Content-Length: 2766
Date: Thu, 10 Apr 2008 15:19:52 GMT

..........MW...H.]....G.B...R-.$..1.
.Z%&.........%u.X.....q...>...+.....5I.
..........4...}S.
0...Y"sPV..e..."...x...9.n..Xq..v..<.. G..^..)..i.?.=.o. <snip>

What happens is every now and then, Firefox Polls Google with a HTTP Request for updates on phishing sites, which is really nice. Google probably has the largest database on phishing sites, and it is nice that they are "helping" us out by keeping our Firefox browser updated on the latest phishing sites being found in its extensive indexes.

Now if we look at the HTTP request, nothing fancy, just the HTTP request headers, HTTP Response with Gzip encoded body. (If you decode the Gzip encoded body it is easier to see its data on the latest Phishing sites - the GET URI suggest that too.

The fun part is in the Cookies:

Cookie: SID=<snip>; MPRF=<snip>; NID=9=<snip>; PREF=ID=<snip>:TM=<snip>:LM=<snip>:DV=<snip>:GM=<snip>:IG=<snip>:S=<snip>; rememberme=<snip>

I've snipped the actual values of course. The SID we can safely assume is the google Application level session id due to its characteristics including its name, size of the hash etc. among others. What bugs me is that this SID ties this HTTP request to my Information in their database, my name, address, bank account etc. etc. The ID Cookie most likely holds non-authenticated session ID (one of those will). You can think of it as everything you have done on *.google.com, and now even when you're not on google, until you delete the cookies.

Note: the cookies aren't valid only on the host: sb.google.com, they are valid on google.com also as they are sent to .google.com. Which means any of the domains *.google.com will trigger Firefox to send the cookies. The cookies are set similar to below:

PREF=ID=<snip>:TM=<snip>:LM=<snip>:S=<snip>; expires=Sat, 10-Apr-2010 17:22:38 GMT; path=/; domain=.google.com

Notice when the cookies expire, in 2 years from now. So if you never delete your cookies, your activity is tracked for the next 2 years directly with these cookies.

With all of that said, let me stress that I'm not trying to sound any conspiracy theories here. It may very well be some technical limitation or a simple oversight. After all, Google already knows what you search for, what and who you e-mail, who you chat with and what you chat about, who you socialize with, what your social life looks like, what files are stored on your computer, what documents and spreadsheets you work on, what you blog about, what pictures you share, what you shop for, what newsgroups you read, what current events you keep up with, how you run your website, what stocks you monitor, what books you like to read, and, of course, what newsfeeds you read.

A similar find, Is Firefox/Google Spying on Your News Feeds? (Update), notes that at the time of the writing of that article, 2006, the cookies were being kept till 2038, nice...

Now why would google need to know all this just to update Firefox with phishing site information? I tried to think of a possible reasoning for this, but just couldn't. The closest I could think of is if Google could tell in advance using your SID what phishing sites you would most likely visit, only send the needed ones to Firefox. Whooowee.... if they could do that, then they definitely know too much.

There is no valid reason to send your SID, PREF, ID, and other information to Google just to update Firefox with phishing information. The HTTP request is initiated by Firefox, not the user. The update does not have anything to do with the users Google account or the Google Session.

Now in addition to everything else they know about you and me, they have Firefox updating them even when you're not on Google. Letting Google know when you're online. Now I'm a bit of a night owl, I don't want Google to know that... opps too late.

Lets hope this bug gets fixed soon...

Secure HTTP over SSH proxy with Putty

This articles explains how to set up your own SSH proxy for browsing the internet. It will allow you to encrypt your browser session, as well as hide your local IP from outsiders, which is more secure.

Please note that it is your responsibility to use the information in this article within the legal laws of your country. Some countries do not allow encryption of internet traffic, therefore you SHOULD NOT use this resource if you live in such a country. I live in Fiji and not one of those countries, therefore, I provide this information openly for those living in such countries.

Benefits of an HTTP over SSH Proxy

Once you've set up your proxy, all HTTP Requests from your country, to your remote server will be encrypted over SSH.

Your IP address as seen from the remote HTTP server you are connecting to (remote website) will be that of your remote SSH server, not your local computer. So to the remote site, it looks like you're in the country of your remote SSH server.

What would I use this for?

I use it every time I need pass over any sensitive information over an unsecured network, such wireless network, or internet cafe.

How Do I set up an HTTP over SSH Proxy

You will require a remote SSH server. If you purchase web hosting online, normally it will come with SSH access. If you purchase a shared hosting account, then you may have to ask for SSH access. Having a dedicated or VPS server will definitely come with SSH access.

You will also require an SSH client on your local computer. The one I use is Putty.

Setting up Putty to create an SSH tunnel

Once you have Putty installed, open it and under the session category, type in the IP address or Domain name of your remote server into the "Host Name" field.

In the Category open up the Connection Tree. Connection -> SSH -> Tunnels. Under Tunnels you will have "Add new forward port". For source port, type in a free port number. eg: 3000.

Choose the dynamic option under Destination, and click the Add button. You should have D3000 listed under the Forwarded ports list.

Now go back to the Session category and click the open button to start the SSH session. You should now have port 3000 on your local machine bound to the putty session. It will listen for any incoming traffic and forward it on.

Setting up your browser to use the SSH tunnel as its proxy

I use Firefox, but this could easily be done with IE6 or IE7 also. In Firefox click on the Tools Tab.

• Tools -> Options -> Advanced -> Network
• Under Connection click on the Settings button
• Choose Manual Proxy configuration, and SOCKS v5
• Fill in localhost for the host, and 3000 for the port
• Click OK and reload the page

Now you should be browsing the internet through your SSH proxy. To confirm this you can visit http://whatismyip.com/ and view your IP. It should change when you switch between using the Socks Proxy and using a direct connection to the internet.

You can also type 'whois IP', into your SSH console to view the details for your IP. Where IP is your IP seen by whatismyip.com.

Now you can worry a bit less about your online privacy.