VaKo Posted January 31, 2008 Share Posted January 31, 2008 At my workplace we have a very strict firewall in place, all web traffic must go threw a proxy filter which doesn't allow the downloading of exe files as they're a risk. I can't ping tunnel or ssh tunnel or connect to a VPN outside of our WAN. But, I still occasionally need to download a exe while I'm at work. My idea for a solution to this problem is a php or perl script where you give it a link, it downloads a file to a friendly server, zips it up (or just renames the file) and gives me a link to the proxy safe file I can download (in the same fashion as kimag.es). What are your solutions for this spec using a standard lamp stack? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted January 31, 2008 Share Posted January 31, 2008 that'll take too long why not just code up a little php that will download it and rename it to filename.exe.zip or filename.zip I doubt the proxy will catch that and it will take less load on the server maybe con the_php_jedi to do it in a way that also deletes the file on download I'd do it now, but I'm at work so hit me up in IRC later and I'll do it when I'm home Quote Link to comment Share on other sites More sharing options...
digip Posted January 31, 2008 Share Posted January 31, 2008 Souds like you need soem sort of transcoder script. Back in the day, Angelfire used to have an option to upload files, not just from your pc, but you could point it to any link, and as long as you had read permissions to the file, it would pull it down and plac eit in your uploads directory. So, say you had an image or exe file you wanted to move to your angelfire page, you paste the link into the form and it grabbed it. It also gave you the option to rename it before storing it, so you gave it the link and a file name of your choosing. I used to do this to pull in exe files at work because they still allowed ZIP files through the proxy. All i did was log on to angelfire, give it the link of the file I wanted and a somename.zip and it then placed it in my folder on angelfire. I could then download the zip file and rename it to exe and do whatever I needed to do. Now, I have nto used angelfire in years. I have no idea if they still have this function builtin. I imagine it was probably nto the smartest feature since it coudl probably be abused in some way to make angelfire execute downloaded code, but I do not have an accoutn with them anymore so I can not verify this feature still even exists. Using LAMP, I am sure you coudl write a script in php to do the same thing. There are a few addons out there that let you create zip files as well, but I have never tried it personally. Sounds like a good project to work on... Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 31, 2008 Author Share Posted January 31, 2008 Thats pretty much my idea, I go to a page on my server, bung in the link to file.exe, click go, then get given a link for said file.exe.zip and download it from my box. Using zip in store mode (ie sans compression) was my intended method of using zip. (I don't code myself, so I wouldn't know where to start) Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted January 31, 2008 Share Posted January 31, 2008 <?php header('Content-type: application/zip'); header('Content-Disposition: attachment; filename="file.zip"'); if(isset($_GET['url'])){ Â Â require $_GET['url']; } else { Â Â echo 'please enter data'; } ?> thoughts? also this only uses security though obscurity so be weary of that maybe in another version I'll add the input box and some safety measusers copyright me for now Quote Link to comment Share on other sites More sharing options...
digip Posted January 31, 2008 Share Posted January 31, 2008 You should also password protect the page itself. You dont want people to access your upload form and fill your server with files. <?php // Define your username and password $username = "pickanamevako"; $password = "pickapasswordvako"; if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) { ?> <div style="position: absolute; left: 100; top: 56; z-index: 99;"> <table width="270" height="250"><TR><TD valign="top"><BR> <blockquote> <form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> Â Â <p><label for="txtUsername">Username:</label> Â Â <br /><input type="text" title="Enter your Username" name="txtUsername" /></p> Â Â <p><label for="txtpassword">Password:</label> Â Â <br /><input type="password" title="Enter your password" name="txtPassword" /></p> Â Â <p><input type="submit" name="Submit" value="Login" /></p> </form> </blockquote> </td></tr></table> </div> <?php } else { ?> <!---// Above part goes before any executing code of the page!! //----> <!--//Begin Content for page below this line: This section is only viewable after a successful logon through PHP control above. //--> <!--Begin Upload script here-> This is the content you can only see after logged on to the page. <!--//End Content for Pages above this line, enclosing all to be hidden until logged on.//--> <?php } ?> Still needs the rest of his upload script. @SomeoneE1se - just looked at it again. It sends the zip file to me just fine, only its nto the real zip file. The zip file I create contains data, but when your script sends me the file, it is just a text doc with the line "please enter data" :) It lookslike yoru echo statement is creating a text file with the line "please enter data" and spitting it out as file.zip Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 1, 2008 Share Posted February 1, 2008 I think you need to look at using a HTTP tunnel. It's your normal traffic tunneling aproch except over the HTTP protocol and will work threw proxyies. http://www.nocrew.org/software/httptunnel.html Quote Link to comment Share on other sites More sharing options...
digip Posted February 1, 2008 Share Posted February 1, 2008 Upload code. This takes a url in the form of http://somesite.com/thefileyouwant.exe and copies it into a gzip file named file.gz. You can just as easily name it file.zip instead of .gz by changing the code below. <form name="ZipFiles" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> Enter the URL to Download: <input type="text" title="URL" name="fileURL" /> <input type="submit" name="Submit" value="Zip it Up!" /> </form> <?php if ($_POST['fileURL'] == "") { echo 'Please Enter A URL To Download'; exit; } else{ /* Stream File from Remote Server to Local server */ $httpfile = file_get_contents($_POST['fileURL']); /* Create a compressed file containing an arbitrarty string * File can be read back using compress.zlib stream or just * decompressed from the command line using 'gzip -d foo-bar.txt.gz' */ $fp = fopen("compress.zlib://file.gz", "wb"); if (!$fp) die("Unable to create file."); fwrite($fp, $httpfile); fclose($fp); echo '<a href="./file.gz">Click here to Download zipped file!</a>'; } ?> If you leave off the http:// part it throws an error. Someone can clean that part of the code up if they want to, I just didn't get to it yet. edit: Cleaned it up a bit to give you the link afterwards. Quote Link to comment Share on other sites More sharing options...
digip Posted February 1, 2008 Share Posted February 1, 2008 Ok, went a step further and made two files. One to logon to the upload form, the other posts to it and returns the URL for the zippd up file at zipit.php. Just be sure to change the logon and password in vako.php. Right now they are set to 1 and 2. Also, rename these files to somehting not obvious, and change the code to point to the renamed files. This way no one can create their own script to http-post to your zipit.php file on your server and send a HUGE file that could either fill up your diectory or send 100's of requests to the form. http://www.twistedpairrecords.com/digip/vako.rar It overwrites the file.gz every time you give it a new URL. I should warn that this only works on http prefixed urls. Change the Stream section to match your needs for other things like https, ftp, etc. I tested it on an exe file and it saves it in a file.gz as "file". U unzipped it and renamed it back to its original name.exe and it ran fine. <?php /* Read local file from /home/bar */ $localfile = file_get_contents("/home/bar/foo.txt"); /* Identical to above, explicitly naming FILE scheme */ $localfile = file_get_contents("file:///home/bar/foo.txt"); /* Read remote file from www.example.com using HTTP */ $httpfile = file_get_contents("http://www.example.com/foo.txt"); /* Read remote file from www.example.com using HTTPS */ $httpsfile = file_get_contents("https://www.example.com/foo.txt"); /* Read remote file from ftp.example.com using FTP */ $ftpfile  = file_get_contents("ftp://user:pass@ftp.example.com/foo.txt"); /* Read remote file from ftp.example.com using FTPS */ $ftpsfile = file_get_contents("ftps://user:pass@ftp.example.com/foo.txt"); ?> Take from http://us3.php.net/stream Quote Link to comment Share on other sites More sharing options...
VaKo Posted February 1, 2008 Author Share Posted February 1, 2008 cool, i'll give them a whirl tomorrow night Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 1, 2008 Share Posted February 1, 2008 digip correct me if I'm wrong but not one of your files will get the file from another site, also mine never saves anything to the server HD it only streams it from another site and renames it Quote Link to comment Share on other sites More sharing options...
digip Posted February 1, 2008 Share Posted February 1, 2008 digip correct me if I'm wrong but not one of your files will get the file from another site, It downloads whatever URL you pass to it and zips it up into file.gz Have you tried it? It does work, or at least for me and my settings for PHP. You might get an error if you have certain settings disabled on the server like "URL file-access is disabled in the server configuration" if "allow_url_fopen" is off. If thats the case, you can use CURL alternatives, but I have not tried anything for curl yet. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 1, 2008 Share Posted February 1, 2008 digip correct me if I'm wrong but not one of your files will get the file from another site, It downloads whatever URL you pass to it and zips it up into file.gz Have you tried it? It does work, or at least for me and my settings for PHP. You might get an error if you have certain settings disabled on the server like "URL file-access is disabled in the server configuration" you're right my apologies I missed the write out part Quote Link to comment Share on other sites More sharing options...
digip Posted February 1, 2008 Share Posted February 1, 2008 digip correct me if I'm wrong but not one of your files will get the file from another site, It downloads whatever URL you pass to it and zips it up into file.gz Have you tried it? It does work, or at least for me and my settings for PHP. You might get an error if you have certain settings disabled on the server like "URL file-access is disabled in the server configuration" you're right my apologies I missed the write out part Also, there is a problem if your host blocks "file_get_contents" so I have made a CURL alternative as well in the event that anyone has a problem with my first script. They both work, but the first one leaves a security hole, if it does work on your server. The reason being that if it allows access when file_get_contents is used and Allow_url_fopen is turned on, someone can append the url in the browser and post code against it in an attemtp to take over the server. The CURL version is safer.(Or at leasts thats what DreamHost told me. My original script works fine on my dev box, but not on my dreamhost account. I then had to make the CURL version to get it to work, so both work, just depends on your PHP installation and settings that are enabled/disabled) http://www.twistedpairrecords.com/digip/CURL_ZipIt.rar Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.