On my flight home yesterday a free, but limited, wifi option was available that allowed only for messaging (WhatsApp, Messenger, and I think the Google and Apple ones were specifically mentioned), but not web browsing. I checked and, sure enough, I couldn’t get web browsing to work, but WhatsApp and Messenger worked fine. I decided to try my XMPP client and I was pleasantly surprised to that that worked fine as well.
I know it’s a limited use case, where XMPP is one of the few unblocked protocols, but are there things I can do with it besides chatting? Could I use it to receive status updates from my server? Is there a way to use it for SSH somehow? I guess some sort of bot running on my server would be required. Seems like there are lots of possibilities, like bots that fetch websites or interact with ActivityPub. Has anyone found or tried anything like that?
In theory, you could make a XMPP bot that can do all these things. Status information and executing simple commands shouldn’t be that hard but interactive commands might need a custom wrapper.
Like the other guy said, they’re probably not doing DPI to actually check for XMPP, so if something like portquiz.net:5222 loads, then you could host a VPN on the same ports as XMPP and have unrestricted internet.
You could port scan portquiz.net to find other unblocked ports if you want to use the same IP, or get a VPS or something to do the VPNing (Oracle cloud have free ones, or a cheap one will do).
It is possible. As long as the protocol allows sending bytes of data controlled by the user which XMPP allows.
You would basically wrap http with XMPP. You need a server that would understand XMPP, read the payload, create the http request, do the request for you, wrap the response with XMPP and send it back to you.
You can do that with DNS as well which would bypass probably everything. However, your bandwidth wouldn’t be great.
You can basically connect any local port to any remote port normal or reversed. Reversed is -R, normal with -L. In this setting, correct me if im worng, you want to connect the open port on the airplane to one already prepared on a vps which allows you to do what you want e.g. proxy websites.
IIRC, Nintendo switches use xmpp extensively as well. Whatsapp is a modified version of xmpp. Many apps in the wild use xmpp for notifications, signaling and pubsub.
What was your XMPP client connecting to? Was it a well-known public endpoint (that they could be whitelisting) or was it a private server? If the latter then that indicates that they are allowing arbitrary IP connections which in theory means that you should be able to proxy any traffic you want. I doubt they are doing DPI, since TLS makes this very difficult these days when you don’t control the certificate stores on the clients.
I’d imagine they’re relying on some combination of DNS whitelisting and port blocking which should be trivial to circumvent if you know ahead of time what traffic they allow through.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
There used to be web, ftp, and gopher relays that would work through email, so I’m sure it’s possible.
In theory, you could make a XMPP bot that can do all these things. Status information and executing simple commands shouldn’t be that hard but interactive commands might need a custom wrapper.
RMS uses email to fetch websites instead of using a browser, you could easily do the same with XMPP.
What…the… Why?
He’s just a special guy.
The man is eccentric to say the least.
The project is dead now, but have a look at Archipel, it’s a whole orchestrator (like Proxmox) based around XMPP
https://github.com/ArchipelProject/Archipel
https://github.com/Shura0/mastaj
For ActivityPub access.
Ah very cool. I just need to figure out how to install it.
Man, I love the internet!
Like the other guy said, they’re probably not doing DPI to actually check for XMPP, so if something like portquiz.net:5222 loads, then you could host a VPN on the same ports as XMPP and have unrestricted internet.
If I were to do this would I have to change my actual XMPP port? Or, is it just a matter of adjusting my DNS records somehow? Or something else?
You could port scan portquiz.net to find other unblocked ports if you want to use the same IP, or get a VPS or something to do the VPNing (Oracle cloud have free ones, or a cheap one will do).
https://github.com/msantos/xmppipe
Would be one example, but there are actually many such projects.
Especially if you are on a really bad or congested connection it actually works better than regular SSH.
Obviously security trade-offs regarding this need to be carefully considered.
It is possible. As long as the protocol allows sending bytes of data controlled by the user which XMPP allows.
You would basically wrap http with XMPP. You need a server that would understand XMPP, read the payload, create the http request, do the request for you, wrap the response with XMPP and send it back to you.
You can do that with DNS as well which would bypass probably everything. However, your bandwidth wouldn’t be great.
You can do SSH tunneling over DNS, so everything is possible.
Wait how do you do that? Local port forwarding with
ssh -L?The option
-D $portcreates a SOCKS5 proxy which can be used by most browsers, and will auto tunnel everything.You can basically connect any local port to any remote port normal or reversed. Reversed is -R, normal with -L. In this setting, correct me if im worng, you want to connect the open port on the airplane to one already prepared on a vps which allows you to do what you want e.g. proxy websites.
XMPP can indeed be used for some other things
For example, Google uses it to this day for Google Cloud Messaging - the push notifications service in Android.
Just the how is something I cannot answer :/
IIRC, Nintendo switches use xmpp extensively as well. Whatsapp is a modified version of xmpp. Many apps in the wild use xmpp for notifications, signaling and pubsub.
What was your XMPP client connecting to? Was it a well-known public endpoint (that they could be whitelisting) or was it a private server? If the latter then that indicates that they are allowing arbitrary IP connections which in theory means that you should be able to proxy any traffic you want. I doubt they are doing DPI, since TLS makes this very difficult these days when you don’t control the certificate stores on the clients.
I’d imagine they’re relying on some combination of DNS whitelisting and port blocking which should be trivial to circumvent if you know ahead of time what traffic they allow through.
Yeah it was the server I’m running in my house.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
6 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.
[Thread #69 for this sub, first seen 19th Aug 2023, 17:16] [FAQ] [Full list] [Contact] [Source code]
Good bot, keep it up
Bad bot
This is a community for people who self host their own services, you think we need you to define SSH?
🤷🏿♀️, everyone gotta start someplace
Exactly, how ever would we keep our own tribal community safe from people who want to learn /s
it’s a single comment from a single bot that you can block. it’s probably useful for new people, there’s always mountains of acronyms in tech
Bad bot