On my flight home yesterday a free, but limited, wifi option was available that allowed only for messaging (WhatsApp, Messenger, and I think the Google and Apple ones were specifically mentioned), but not web browsing. I checked and, sure enough, I couldn’t get web browsing to work, but WhatsApp and Messenger worked fine. I decided to try my XMPP client and I was pleasantly surprised to that that worked fine as well.
I know it’s a limited use case, where XMPP is one of the few unblocked protocols, but are there things I can do with it besides chatting? Could I use it to receive status updates from my server? Is there a way to use it for SSH somehow? I guess some sort of bot running on my server would be required. Seems like there are lots of possibilities, like bots that fetch websites or interact with ActivityPub. Has anyone found or tried anything like that?
cross-posted from: https://pixelfed.crimedad.work/p/crimedad/598286716239948208
Dog on a plane
My wonderful neighbor, Juicy, on our flight home.
You can do SSH tunneling over DNS, so everything is possible.
Wait how do you do that? Local port forwarding with
ssh -L?You can basically connect any local port to any remote port normal or reversed. Reversed is -R, normal with -L. In this setting, correct me if im worng, you want to connect the open port on the airplane to one already prepared on a vps which allows you to do what you want e.g. proxy websites.
The option
-D $portcreates a SOCKS5 proxy which can be used by most browsers, and will auto tunnel everything.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
6 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.
[Thread #69 for this sub, first seen 19th Aug 2023, 17:16] [FAQ] [Full list] [Contact] [Source code]
Good bot, keep it up
Bad bot
Bad bot
This is a community for people who self host their own services, you think we need you to define SSH?
Exactly, how ever would we keep our own tribal community safe from people who want to learn /s
it’s a single comment from a single bot that you can block. it’s probably useful for new people, there’s always mountains of acronyms in tech
🤷🏿♀️, everyone gotta start someplace
In theory, you could make a XMPP bot that can do all these things. Status information and executing simple commands shouldn’t be that hard but interactive commands might need a custom wrapper.
RMS uses email to fetch websites instead of using a browser, you could easily do the same with XMPP.
What…the… Why?
He’s just a special guy.
The man is eccentric to say the least.
https://github.com/msantos/xmppipe
Would be one example, but there are actually many such projects.
Especially if you are on a really bad or congested connection it actually works better than regular SSH.
Obviously security trade-offs regarding this need to be carefully considered.
https://github.com/Shura0/mastaj
For ActivityPub access.
Man, I love the internet!
Ah very cool. I just need to figure out how to install it.
XMPP can indeed be used for some other things
For example, Google uses it to this day for Google Cloud Messaging - the push notifications service in Android.
Just the how is something I cannot answer :/
IIRC, Nintendo switches use xmpp extensively as well. Whatsapp is a modified version of xmpp. Many apps in the wild use xmpp for notifications, signaling and pubsub.
What was your XMPP client connecting to? Was it a well-known public endpoint (that they could be whitelisting) or was it a private server? If the latter then that indicates that they are allowing arbitrary IP connections which in theory means that you should be able to proxy any traffic you want. I doubt they are doing DPI, since TLS makes this very difficult these days when you don’t control the certificate stores on the clients.
I’d imagine they’re relying on some combination of DNS whitelisting and port blocking which should be trivial to circumvent if you know ahead of time what traffic they allow through.
Yeah it was the server I’m running in my house.
Like the other guy said, they’re probably not doing DPI to actually check for XMPP, so if something like portquiz.net:5222 loads, then you could host a VPN on the same ports as XMPP and have unrestricted internet.
If I were to do this would I have to change my actual XMPP port? Or, is it just a matter of adjusting my DNS records somehow? Or something else?
would I have to change my actual XMPP port? Yes.
You could port scan portquiz.net to find other unblocked ports if you want to use the same IP, or get a VPS or something to do the VPNing (Oracle cloud have free ones, or a cheap one will do).
The project is dead now, but have a look at Archipel, it’s a whole orchestrator (like Proxmox) based around XMPP
There used to be web, ftp, and gopher relays that would work through email, so I’m sure it’s possible.
It is possible. As long as the protocol allows sending bytes of data controlled by the user which XMPP allows.
You would basically wrap http with XMPP. You need a server that would understand XMPP, read the payload, create the http request, do the request for you, wrap the response with XMPP and send it back to you.
You can do that with DNS as well which would bypass probably everything. However, your bandwidth wouldn’t be great.
