Monitor the Custom Url Protocol Messages - Delphi - delphi

As you know the custom url protocol is a feature that allow us to make a communication between a web page and our application. For example, Y! Messenger uses this protocol when you want to send a pm to another person through a web page:
Click to send pm
Now, the question is how can I monitor(hook) all custom url protocol messages in the windows? Is it possible to catch them?

Iterate over the contents of the registry, looking for registered custom protocols. Those will be children of the HKey_Classes_Root key that have a value named URL Protocol. Each time you find one, record the default value of the shell\open\command key, and then replace it with a command line pointing to your program.
When your program is invoked, do whatever you need to do, and then invoke the original program using the command line you recorded earlier.

You can register your own protocol: Can Delphi be used to create and handle a custom protocol handler? Just add few keys in user's registry (protocol name and application to launch). It is similar to register file extension. Simple example is here.
I'm not sure that you can catch every request. Antivirus programs can do that, but at driver-level.

You might want to take a look at Fiddler HTTP Web Debugger, which intercepts all HTTP traffic by being a temporary proxy.
It is not written in Delphi, but should give you a good idea on how to approach your problem.

Related

What does this steam-desktop shortcut URL steam:// mean

How do steam-desktop shortcuts steam:// actually work?
The URL / target of them is something like: "steam://rungameid/717"
I know similar things like "ftp://mynetworkadress:1337/subfoldercontainsgoodstuff" or for sure "http://".
But why and how does this steam thing work, can you do something similar on your own (e.g. "niceapp://launchprocess/param") and if so, why would you?
steam:// is the Steam browser protocol, i.e. a proprietary URL handler.
The official documentation is at Valve Software.
An article by PCWorld on the Steam URL protocol and potential security threats can be found here:
When the Steam client is installed on a system, it registers itself as a steam:// URL protocol handler. This means that every time a user clicks on a steam:// URL in a browser or a different application, the URL is passed to the Steam client for execution.
But why and how does this steam thing work, can you do something similar on your own
Yes. You can implement anything on your own.
The URI format is basically:
<protocol>:<arguments>
Some protocols such as http and ftp accept URL as argument. However the argument for any arbitrary protocol does not have to be a URL. For example, the magnet: protocol used by Bittorrent does not use a URL instead it describes the torrent and the torrent hash.
As you have experienced, browsers support some protocols built in. This includes http and ftp as well as custom protocols such as about:config in Firefox and chrome://settings in Google Chrome to display the settings page.
If a browser encounters a protocol that it does not understand it will ask you what program you want to open the link with. It will then tell the OS to run that program and pass the argument as a command-line argument to that program. This is how you can get the browser to open steam: link in Steam or a magnet: link in a torrent client.
It used to be that you can type any protocol in the browser's URL bar and trigger this behavior. However, modern browsers also use the same input as a search bar so typing in protocol:argument manually these days will more likely trigger a Google search. But links still work as they used to.

How can my slack custom command produce /remind me like links

I am writting a custom slack command that implements a
task manager like interface (I know ... there are many out there :-), mine interfaces with odesk/upwork to outsource my micro-tasks :-) ) .
Anyway, I like a lot how the /remind command included Complete Delete etc links in its output to facilitate subsequent interactions with the user that entered the command and I am trying to figure out how to do the same trick.
What I have thought so far is to include links in my output that are ... GET /slack-link?method=POST&token=xxx&team_id=xx&command=.. ie carry in their query string the complete json payload that slack would have produced from a normal custom command. slack-link acts as a "proxy" whose sole role is to submit a POST back to my normal slack endpoint. I can even reuse the same response_url for these command-links.
I have not tried it but I think these URLs will just open another window so that path wont exactly work...
Has anybody tried something like that before?
As you've learned, those are currently only available to built-in commands. However, as I was curious and wanted to know how those are done, I looked in the API and found out that the URLs are just formatted normally but have a special "protocol":
You asked me to remind you to “test”.
​_<slack-action://BSLACKBOT/reminders/complete/D01234567/1234//0/0/5678|Mark as complete>
or remind me later: <slack-action://BSLACKBOT/reminders/snooze/D01234567/1234//0/0/5678/15|15 mins> [...]
Clicking on such a link results in an API request to method chat.action, with the following parameters:
bot: BSLACKBOT
payload: reminders/complete/D01234567/1234//0/0/5678
token: xoxs-tokenhere-nowayiampostingithere
So it looks like those URLs have three parts:
<slack-action://BSLACKBOT/reminders/complete/[...]|Mark as complete>
slack-action://: the "protocol" like prefix to let Slack know this is a chat action URL.
BSLACKBOT: the bot which (who?) will receive the payload. Can only be a bot user and the ID must start with B, or the API request will fail with invalid_bot.
the rest of the URL: the payload that gets passed to the bot. It doesn't look like this is parsed nor handled specially by Slack.
This is actually not a new feature, since they used to have API URLs back in late 2013 or early 2014 (I don't remember precisely) which they removed for "security reasons".
It could be interesting to see if we can use chat actions with custom bots, and if so, what we could do with it.
I got the answer from Slack support:
In regard to your original question: currently Slack doesn't provide
the ability to embed 'action' links in our custom integrations. Only
built-in features like /remind can utilize these at the moment. For
external services, you'll need to link to a URL that opens in an
external web browser.
We do hope to provide a similar function for custom integrations in
the future, allowing for interactive messages.
Thanks,
Ben

Rails connect to Asterisk and make phone calls

Hi i have googled all day long but i can't find an answer.
I have to write a web app which talks to asterisk.
It should be able to do ClicktoCall operations.
Can you guys recommend something ?
I came across a few projects but I'm still not sure.
I just want to connect to Asterisk and do calls from the web app.
thanks
If you're a Ruby programmer the best way for you to hook into Asterisk is adhearsion. It wraps up Asterisk's AGI and Manager (MAPI) APIs for you.
Also hAve a look at SIP, asterisk, adhearson and VoIP and in particular Adam Kalsey's answer. He works for Tropo which sponsor the adhearsion project.
First you need to know, that the protocol Asterisk uses is SIP, you can learn more at the Wikipedia.
Since you want to use an rails application, you may want to use ruby as well, so there's a ruby implementation named OverSip, you can check their API and see if it fits your requirements.
If you are aiming at web calls, you'll need an WebRTC, Flash or Java applet. For WebRTC you can check sipML5 for an opensource solution.
You can also opt for an interface, that will start a call from one number to another, using your phone. When the first call is picked up the server starts ringing in the destination.
Also you could make use of cloud communications providers like twilio, tropo, etc.
Try this Google search:
rails asterisk manager interface
I saw some interesting things right off. I am not trying to be one if those Use Google type people, just didn't want to paste all the links in that I found from this Google search.
Check it out, hope it helps.
There are several ways to do this but the three easiest ones are
1. Generate a call file on the Asterisk server
These files should be written to the dir
/var/spool/asterisk/outgoing
Asterisk will then pickup the file, process and delete it.
It's pretty aggressive when doing this so it's recommended to write the file into a temporary directory and then move it to the spool dir for processing.
An tutorial of the file format is here:
https://www.voip-info.org/asterisk-auto-dial-out/
(I personally feel this is a bit "hacky", and prefer doing it with an API call)
2. Generate the call by the AMI API interface.
Use the Originate function of the AMI API to generate the call. It's pretty easy to set this up just configure the manager.conf file whitch sets up a HTTP server on port 5038 from witch you can call the API.
https://www.voip-info.org/asterisk-config-managerconf/
3. Set up the call using the ARI API
First you need to setup ari.conf, this is enough for now:
[general]
enabled = yes
pretty=yes
allowed_origins=http://ari.asterisk.org
[my_username]
type = user
read_only = no
password = my_password
password_format = plain
This is a little bit more complicated to set up, but it really isn't that hard if you just get past the technical geek-speak. Just set up two channels, setup a mixing bridge and add both channels to the bridge.
To set up a click2call you dont even need to do that...
This is the call we use (ruby):
where
#{sip_id} is your registered SIP username
#{number} is the extension that is sent to the dialplan
#{USERNAME}
#{PASSWORD} is from ari.conf
HTTParty.post("http://sipserver.com/ari/channels?endpoint=SIP/#{sip_id}&extension=#{number}&context=outgoing&priority=1&timeout=30&api_key=#{USERNAME}:#{PASSWORD}")
(Note that you need to send the variabels for the variable parameter as a separate JSON for the originate command if you need to send them)
A really useful tool to understand how this works is the swagger at
http://ari.asterisk.org. We already allowed this origin in ari.conf so it should be ready to go. Remember to open your ports in firewalls etc.
Setup your Server IP and port and the API_KEY is in this format: my_username:my_password

Capture outgoing HTTP request from Controller / Service

So I have the following scenario (it's a Grails 2.1 app):
I have a Controller that can be accessed via //localhost:8080/myController
This controller in turn executes a call to another URL opening a connection using new URL("https://my.other.url").openConnection()
I want to capture the request so I can log the information
I have a Filter present in my web.xml already which does the job well for controllers mapped in my app. But as soon as a request is fired to an external URL, I don't get anything.
I understand that my filter will only be invoked to URLs inside my app, and that depends on my filter mapping which is fine.
I'm struggling to see how a solution inside the app is actually viable. I'm thinking of using a mixed approach with the DevOps team to capture such outgoing calls from the container and then log them into a separate file.
I guess my questions are:
Is there a way to do it inside the app itself?
Is the approach I'm planning a sensible one?
Cheers!
Any reason why you don't want to use http-builder? There a Grails plugin for it, and it makes remote XML calls much easier than handling the plumbing yourself. At the bottom of the linked page they describe how you can enable request logging via log4j configuration.

How to I access a SoundCloud public stream?

How do I play a track from a SoundCloud URL, which, for example, I got from the xml response from a query
<stream-url>https://api.soundcloud.com/tracks/31164607/stream</stream-url>
I should have thought that it would have been as easy as:
https://api.soundcloud.com/tracks/31164607/stream&client_id=my_client_id
yet I get
<error>401 - Unauthorized</error>
All I want to do is consume it in a Silverlight MediaElement, so all I need is set some url to the MediaElement's Source property.
I've checked an application that I wrote about 2 years ago, and THEN, accessing the stream url was as easy as this for a public track:
http://api.soundcloud.com/tracks/18163056/stream&consumer_key=MY_CONSUMER_KEY
however this no longer seems to work.
For example, all I had to do then in C# was:
MediaElement me = new MediaElement();
me.Source= new Url("http://api.soundcloud.com/tracks/18163056/stream&consumer_key=MY_CONSUMER_KEY");
me.Play();
Any hints would be appreciated.
I had a reply on a Microsoft forum that seems to imply that SoundCloud might not be possible to stream to Windows 8 Metro devices without consuming the whole stream before playback starts - which is quite worrying and would seem to imply that to make authentication possible, it would have to be done entirely in the url querystring insterad of using the header:
(The following reply is the answer to the following question: 'I am able to access an audio stream by http using the MediaElement, however I need to access it via https in which I need to add the oAuth info to the header of the initial request.
How is this done when using a MediaElement, and if it cannot be done, what is the workaround for consuming an audio feed in Metro 8 that requires header authentication to stream?')
"Direct access to the underlying network stream is not currently permitted by the MediaElement. Because of this there is currently no way to modify the header of the HTTP request to include any additional authentication information. That said, you do have control over the URL. You could theoretically setup an HTTP proxy service that translated the HTTP GET request parameters into the necessary oAuth credentials. Keep in mind that this is just a theoretical workaround. You may find different behavior in practice. Another theoretical workaround would be to handle the oAuth yourself via a raw stream socket and pass the retuned media data to the MediaElement via "Set Source" and a "Random Access Stream". Please keep in mind that this method has major limitations. in order to use a "Random Access Stream" with the ME you need to make sure all of the data is available before passing it to the ME."
The proxy service is not scalable for an application that is merely distributed for free as every stream would need to come via the proxy. And the raw stream socket, although getting around this, would mean that playback could not start until the whole file had downloaded - and this goes against all current UX (User Experience) guidelines.
So once again, if anyone has any tips, or info about how the whole authentication thing can be achieved in a querystring instead of using headers, I'd appreciate it!
I'm a little confused about whether you're referring to a public or a private track? If it's a public track, then you shouldn't need to send any authentication information, just your client id.
When I request https://api.soundcloud.com/tracks/31164607/stream?client_id=YOUR_CLIENT_ID then I get a 302 redirect to the proper mp3 stream.
Remember, adding parameters to a URL must start with a ? not &. This could (more than likely) be the reason why you are getting a 401 (SC is not picking up the client_id).
After authentication the link like this
http://api.soundcloud.com/tracks/103229681/stream?consumer_key=d61f17a08f86bfb1dea28539908bc9bf
is working fine. I am using Action Script.
I'm following up on Tom's reply because he calls attention to url character specificity. My HTTP requests randomly started failing today, and I was prefacing my client_Id with a ?. As soon as I changed that single ? to &, it started working. So in my case, SC wasn't picking up my client_Id because I used the wrong character. I think depending on where in the request we're talking about specifically, it's worth noting that differences between ? and & do make a difference.

Resources