Rewrite DNS Request with Fiddler

Today one of my colleagues had a situation where they needed a piece of software to communicate with a test webservice. However, we could not find a way to configure the software to use a custom webservice url. So enters Fiddler into the picture. When you want a url, say sub.domain.com, to end up sending the request to sub-test.domain.com, you can use a custom rule in Fiddler. This is at a higher level than the HOSTS file, by actually re-writing the request to a different domain name before the DNS translation and request are even made - just changing the DNS routing with HOSTS file may not work because of host header rules on the server side.

To accomplish this, open Fiddler, and navigate to the Rules menu -> Customize Rules. It should open the file customRules.js in your default editor (probably Notepad). You'll see that this file contains some default rules out-of-the-box. Also, there are some example rules given in comments that allow you to highlight certain requests, or modify any part of the request/response cycle, which of itself is a very powerful feature.

We are interested in adding a rule to OnBeforeRequest. Find the function call for OnBeforeRequest in about the middle of the file, and drop down to the end of the method. We will add a rule like this:

if (oSession.HostnameIs("sub.domain.com")) {
    oSession.hostname = "sub-test.domain.com";
}

This says that when the domain name "sub.domain.com" is encountered in a request, then the request hostname should be rewritten to "sub-test.domain.com". Since this occurs in the OnBeforeRequest event, the rewriting occurs even before the request is made, so the DNS translation applies to the new domain name instead. The server can't tell the difference, and thinks it's just a request for sub-test.domain.com, which makes for a very clean redirect. Then the response comes back into Fiddler, and back to the calling software, which doesn't know that its request was rewritten.

Hope this helps. Happy programming! :)

Multi-Hosting with Apache

As David Wheeler once famously said, "All problems in computer science can be solved by another level of indirection."  In this case, the indirection is a web server router.  In developing an Apache/Tomcat application, I've often needed to run multiple separate servers for Dev, QA, and staging environments at the same time.  Since I want them all to be easily accessible, I want separate, user-friendly url's all hosted on port 80.  How could you solve a problem like this?

The obvious solution is to run a single Tomcat server with multiple server entries for the separate urls.  However, this ties up port 80 to a single application, and I lose the isolation of the systems that is representative of the production environment.  The solution?  Add another layer of abstraction, via an Apache server that simply does routing.  Download and install a bare-bones Apache service, then add entries like the following to proxy the requests (httpd.conf configuration file):

<VirtualHost *:80>
 ServerName sub.domain.com
 ProxyPass / http://internal-ip:port/
 ProxyPassReverse / http://internal-ip:port/

 # ==== UPDATE HEADERS FOR FILTERING ====
 Header edit Location http://internal.domain.com/(.*) http://sub.domain.com/$1
 
 # ==== SETUP SUBSTITUTION CONTENT TYPES ====
 AddOutputFilterByType SUBSTITUTE text/html
 AddOutputFilterByType SUBSTITUTE text/css
 AddOutputFilterByType SUBSTITUTE text/javascript
 
 # ==== APPLY URL RENAME SUBSTITUTIONS TO LOCALHOST ====
 FilterChain replace
 Substitute "s|internal.domain.com|sub.domain.com|ni"
</VirtualHost>

<VirtualHost *:443>
 ServerName sub.domain.com
 
 # ==== HANDLE SSL REQUESTS ====
 SSLEngine On
    SSLProxyEngine On
    SSLCertificateFile      "/path/to/cer"
    SSLCertificateKeyFile   "/path/to/key"
 
 # ==== PERFORM PROXYING TO LOCAL SERVER ====
 ProxyPass / https://internal-ip:ssl-port/
 ProxyPassReverse / https://internal-ip:ssl-port/
 
 # ==== UPDATE HEADERS FOR FILTERING ====
 Header edit Location https://internal.domain.com/(.*) https://sub.domain.com/$1
 
 # ==== SETUP SUBSTITUTION CONTENT TYPES ====
 AddOutputFilterByType SUBSTITUTE text/html
 AddOutputFilterByType SUBSTITUTE text/css
 AddOutputFilterByType SUBSTITUTE text/javascript
 
 # ==== APPLY URL RENAME SUBSTITUTIONS TO LOCALHOST ====
 FilterChain replace
 Substitute "s|internal.domain.com|sub.domain.com|ni"

</VirtualHost>

You will also need to turn on the following modules for this to work (uncomment in modules section of httpd.conf - you don't need ssl_module if you're not going to use the SSL section):

• filter_module
• proxy_module
• proxy_connect_module
• proxy_ftp_module
• proxy_html_module
• proxy_http_module
• ssl_module
• xml2enc_module

The proxying logic above also makes the internal server think it has the url "internal.domain.com" rather than "sub.domain.com" so you can test multiple servers with the same external url but allow access via a custom url. This is a very powerful solution that allows you to point anything just about anywhere. In fact, you can move internal servers around, without needing to make configuration changes, by simply updating the routing Apache config (and opening the proper ports in the firewall if you are routing to another machine). I've used it extensively to manage a collection of 5 nearly-identical Apache/Tomcat servers.

C# - bringing implicit-defined variables out of scope

I have a habit of using implicit-typed declarations for everything in my code, because I think it makes things clean, simple, and easier to maintain.  It also has the side effect of causing all your variable declarations to be short and line up because they all start with "var".

If you're like me and use implicit typing, you may have encountered the issue where an implicitly-typed variable needs to be brought out of an inner scope into an outer scope.  For example, suppose you are requesting some data from a database and you want to handle any Exceptions.  Naturally, you wrap the data in a try...catch call:

try {
  var theData = GetData();
} catch (Exception ex) {
  // handle exception
}

// do something with theData

Now suppose you want to use theData later in the code.  How do you reference it?  You have to define theData outside of the try..catch, and initialize it to a null value.  Since you can't implicit-type a value of null, this requires you to explicitly define the type for the variable.  So much for implicit-typed declarations!

There is a clever workaround to this situation by making use of generics and lambda expressions. The compiler is usually able to determine the proper type of any lambda expression if it's a simple return value and method call. Supposing that GetData returns a type of IQueryable<Company>, say, the following lambda expression clearly has a type of Func<IQueryable<Company>>:

() => {
  try {
    return GetData();
  } catch (Exception ex) {
    // handle exception
    return null;
  }
};

Now that we've wrapped the code into a Func, it can be passed into a generic method that does nothing more than call the func and send the return value back to the caller.

T ListScope<T>(Func<T> ScopedFunction)
{
    T result = ScopedFunction();
    return result;
}

It would seem like this is a pointless process, just to pass a function into another method which calls the passed function. However, since the compiler is able to determine the return type of the inner function, it can also determine the generic type T. Therefore the result can be assigned to an implicitly-typed variable, which no longer has the scoping issue since the entire inner scope was passed in and handled by another method:

var theData = ListScope(() => {
  try {
    return GetData();
  } catch (Exception ex) {
    // handle exception
    return null;
  }
};

Notice that I did not have to define the type anywhere in the above code, and I'm able to pull the value out of the try..catch into variable theData. I've found this method so useful that it is a static utility method in all of my projects. You can also use this for other things besides try..catch, because it's flexible enough to accommodate any scenario:

// if statement
var result =
    LiftScope(() => {
        if (a == b)
            return GetData(true);
        else if (b == c)
            return GetData(false);
        else
            return GetData(true, 2);
    });

// using statement
var result = 
    LiftScope(() => {
        using (var myContext = new MyDataContext())
        {
            return myContext.MyTable.Where(w => w.A == B).ToList();
        }
    });

Happy programming!

Surface RT Jailbreak

The wonderful people at XDA Developers forum have successfully unlocked the Windows Surface RT.  I have watched the development since Christmas after I got a new Surface.  This week the jailbreak was successful, so I dug in and followed the instructions (here's a blog post by the exploit's author explaining a little more about the hack).  After a couple of tries, and a couple of BSOD's, I have a fully unlocked Surface!

I immediately started downloading the sample ARM compiled apps on the forum to run them.  Since the Surface comes with .NET 4.5 built for ARM, any simple .NET app should work out-of-the-box.  To date, the following applications have been built for ARM and successfully executed on an unlocked Windows Surface RT (links go to the post with a downloadable ARM executable):

• Tight-VNC - Remote administration server/client
• Putty - SSH/Telnet/etc. client
• Bochs - x86 emulator
• 7-zip - powerful zip/unzip utility

Some notes from my own experience if you are going to give this a try:

• Use the new app published by netham45 instead of building app1 for yourself.
• Don't forget to run the runExploit.bat file as administrator, or it will appear to succeed but not actually work.
• When the batch script asks you to press volume down, then enter, make sure to do both quickly, or you will likely experience a BSOD.

I'm excited and looking forward to a polished exploit, and a growing library of ARM-ready apps :)