web server

40 Articles

Secret Messages Could Be Hiding In Your Server Logs

August 28, 2019 by 13 Comments

[Ryan Flowers] writes in with a clever little hack that can allow you to hide data where nobody is going to go looking for it. By exploiting the fact that a web server will generally log all HTTP requests whether or not it’s valid, he shows how you can covertly send a message by asking the server for a carefully crafted fictitious URL.

We aren’t talking about requesting “yousuck.txt” from the server that hosts your least favorite website, either. As [Ryan] demonstrates, you can compress a text file, encode it with uuencode, and then send it line by line to the destination server with curl. He shows how the process, which he calls “CurlyTP” can be done manually on the command line, but it would be a simple matter of wrapping it up in a Bash script.

To get the message back, you just do the opposite. Use grep to find the lines in the log file that contain the encoded data, and then put them through uudecode to get the original text back. Finding the appropriate lines in the log file is made easier by prepending a prearranged keyword to the beginning of the URL requests. The keyword can be changed for each message to make things easier to keep track of.

If you’re still wondering why anyone would go through the trouble to do this, [Ryan] provides an excellent example: a covert “dead drop” where people could leave messages they’d rather not send through the usual channels. As long as the sender used a service to mask their true IP address, they could anonymously deliver messages onto the server without having to use any special software or protocol they might not have access to. Even the most restrictive firewalls and security measures aren’t likely to be scanning URLs for compressed text files.

We’ve seen web-based dead drops done with Python in the past, and even purpose built “PirateBoxes” that allow people to covertly exchange files, but we like how this method doesn’t require any special configuration on the server side. You should check your server logs, somebody might be trying to tell you something.

Four Years Of Learning ESP8266 Development Went Into This Guide

July 30, 2019 by 20 Comments

The ESP8266 is a great processor for a lot of projects needing a small microcontroller and Wi-Fi, all for a reasonable price and in some pretty small form factors. [Simon] used one to build a garage door opener. This project isn’t really about his garage door opener based on a cheap WiFi-enabled chip, though. It’s about the four year process he went through to learn how to develop on these chips, and luckily he wrote a guide that anyone can use so that we don’t make the same mistakes he did.

The guide starts by suggesting which specific products are the easiest to use, and then moves on to some “best practices” for using these devices (with which we can’t argue much), before going through some example code. The most valuable parts of this guide especially for anyone starting out with these chips are the section which details how to get the web server up and running, and the best practices for developing HTML code for the tiny device (hint: develop somewhere else).

[Simon] also makes extensive use of the Chrome developers tools when building the HTML for the ESP. This is a handy trick even outside of ESP8266 development which might be useful for other tasks as well. Even though most of the guide won’t be new to anyone with experience with these boards, there are a few gems within it like this one that might help in other unrelated projects. It’s a good read and goes into a lot of detail about more than just the ESP chips. If you just want to open your garage door, though, you have lots of options.

Tea Bot Solves Another First World Problem

July 24, 2019 by 19 Comments

In the movie Wall-E, future humans live in floating chairs and have everything done for them. Today, we grumble if we have to go to physically find a light switch or a remote control. How far away can floating chairs with screens be? T2, the Tea Bot, gets us one step closer to that. Using a laser-cut frame, an ESP8266, and a servo motor, the T2 brews your tea for exactly the right amount of time.

We were kind of hoping the robot would at least dunk the tea bag in and out, but it does provide a web interface that lets you select the brew. Of course, the code is available, so you could make modifications — maybe turn on a hotplate underneath the cup.

Continue reading “Tea Bot Solves Another First World Problem”

Control Anything With A Chat Bot

January 5, 2019 by 1 Comment

In the world of Internet of Things, it’s easy enough to get something connected to the Internet. But what should you use to communicate with and control it? There are many standards and tools available, but the best choice is always to use the tools you have on hand. [Victor] found himself in this situation, and found that the best way to control an Internet-connected car was to use the Flask server he already had.

The remote controlled car was originally supposed to come with an Arduino, but the microcontroller was missing upon arrival. He had a Raspberry Pi around, and was able to set that up to replace the Arduino. He also took the opportunity to use the expanded functionality of the Pi compared to the Arduino and wrote a Flask server to control it, which is accessed as if you are communicating with a chat bot. Sending the words “go left/forward” to the Flask server will control the car accordingly, for example.

The chat bot itself contains some gems as well, and would be useful for any project that makes use of regular expressions. It also seems to be easily expandable. The project also uses voice commands, and does so by making extensive use of Mozilla’s voice recognition suite. If you want to get deep in the weeds of voice recognition on your own though, you can also explore TensorFlow at your leisure.

Easy Time-lapse Video Via Phone And Command Line

January 13, 2018 by 6 Comments

A good time-lapse video can be useful visual documentation, and since [Tommy]’s phone is the best camera he owns he created two simple shell scripts to grab time-lapse images and assemble them into a video. [Tommy]’s work is just the glue between two other things: an app that turns the phone into an IP camera with a web server on the local network, and the ability to grab a still image from that server on demand.

The app he uses for his iPhone normally serves video but has an undocumented feature that allows single frames to be downloaded by adding ‘/photo’ to the end of the URL, but the ability to get a still image is a common feature on IP camera apps for smartphones. His capture script (GitHub repository here) should therefore need only minor changes to work with just about any IP camera app.

Perching a phone over a workspace and using it to create a time-lapse with a couple of shell scripts is a great example of combining simple tools to get better functionality. It could be a good way to get additional use out of an older smartphone, too. Heck, even older dumbphones can still get some use out of them; Shmoocon 2017 brought us details on rolling your own 1G network.

7-Segment Digits Slide Stylishly On This OLED Clock

October 2, 2017 by 19 Comments

Over at Sparkfun, [Alex] shared an OLED clock project that’s currently in progress but has a couple interesting twists. The first is the use of a small OLED screen for each digit, to which [Alex] added a stylistic touch. Digits transition by having segments slide vertically in a smooth animated motion. It’s an attractive effect, and the code is available on his github repository for anyone who wants to try it out.

[Alex] also found that by using an ESP32 microcontroller and synchronizing the clock via NTP over WiFi, the added cost of implementing a real-time clock in hardware becomes unnecessary. Without an RTC, time would drift by a few seconds every day and require a reset. At the moment the clock requires the SSID and password to be hardcoded, but [Alex] would prefer to allow this to be configured via a web page and could use some help. If you have implemented a web server on the ESP32, [Alex] would like to know how you handled multiple pages. “I’ve been scratching my head throughout the build on how to get this done,” he writes. “With the ESP8266, there’s on(const String &uri, handler function), but that seems to have been removed on the ESP32.” If you can point [Alex] in the right direction, be sure to pipe up.

OLED displays and clocks often go together, as we have seen with projects like the DIY OLED Smart Watch, but it’s nice to see someone using the OLED’s strengths to add some visual flair to an otherwise plain display.

Hackaday Prize Entry: Minimalist HTTP

July 23, 2017 by 27 Comments

For his Hackaday Prize entry, [Yann] is building something that isn’t hardware, but it’s still fascinating. He’s come up with a minimalist HTTP compliant server written in C. It’s small, it’s portable, and in some cases, it will be a bunch better solution than throwing a full Linux stack into a single sensor.

This micro HTTP server has two core modules, each with a specific purpose. The file server does exactly what it says on the tin, but the HTTaP is a bit more interesting. HTTaP is a protocol first published in 2014 that is designed to be a simpler alternative to WebSockets.

[Yann] has been experimenting with HTTaP, and the benefits are obvious. You don’t need Apache to make use of it, HTTaP can work directly with an HTML/JavaScript page, and using only GET and POST messages, you can control hardware and logic circuits.

As this is a minimalist HTTP server, the security is dubious at best. That’s not the point, though. This is just a tool designed for use in a lab or controlled environments with an air gap. Safety, scheduling, encryption, and authentication are not part of HTTaP or this micro HTTP server.

The HackadayPrize2017 is Sponsored by: