On my flight home yesterday a free, but limited, wifi option was available that allowed only for messaging (WhatsApp, Messenger, and I think the Google and Apple ones were specifically mentioned), but not web browsing. I checked and, sure enough, I couldn’t get web browsing to work, but WhatsApp and Messenger worked fine. I decided to try my XMPP client and I was pleasantly surprised to that that worked fine as well.

I know it’s a limited use case, where XMPP is one of the few unblocked protocols, but are there things I can do with it besides chatting? Could I use it to receive status updates from my server? Is there a way to use it for SSH somehow? I guess some sort of bot running on my server would be required. Seems like there are lots of possibilities, like bots that fetch websites or interact with ActivityPub. Has anyone found or tried anything like that?

cross-posted from: https://pixelfed.crimedad.work/p/crimedad/598286716239948208

Dog on a plane

My wonderful neighbor, Juicy, on our flight home.

#italiangreyhound #dog #gooddog

@aww@lemmy.ml

  • hansl
    link
    fedilink
    English
    arrow-up
    24
    ·
    1 year ago

    You can do SSH tunneling over DNS, so everything is possible.

      • CAPSLOCKFTW
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        You can basically connect any local port to any remote port normal or reversed. Reversed is -R, normal with -L. In this setting, correct me if im worng, you want to connect the open port on the airplane to one already prepared on a vps which allows you to do what you want e.g. proxy websites.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        The option -D $port creates a SOCKS5 proxy which can be used by most browsers, and will auto tunnel everything.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    5
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    DNS Domain Name Service/System
    IP Internet Protocol
    SSH Secure Shell for remote terminal access
    SSL Secure Sockets Layer, for transparent encryption
    TLS Transport Layer Security, supersedes SSL
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    6 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.

    [Thread #69 for this sub, first seen 19th Aug 2023, 17:16] [FAQ] [Full list] [Contact] [Source code]

  • AutumnSpark1226@lemmy.today
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    In theory, you could make a XMPP bot that can do all these things. Status information and executing simple commands shouldn’t be that hard but interactive commands might need a custom wrapper.

  • poVoq@slrpnk.net
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    https://github.com/msantos/xmppipe

    Would be one example, but there are actually many such projects.

    Especially if you are on a really bad or congested connection it actually works better than regular SSH.

    Obviously security trade-offs regarding this need to be carefully considered.

  • SteveTech@programming.dev
    link
    fedilink
    English
    arrow-up
    8
    ·
    1 year ago

    Like the other guy said, they’re probably not doing DPI to actually check for XMPP, so if something like portquiz.net:5222 loads, then you could host a VPN on the same ports as XMPP and have unrestricted internet.

    • CrimeDad@lemmy.crimedad.workOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      If I were to do this would I have to change my actual XMPP port? Or, is it just a matter of adjusting my DNS records somehow? Or something else?

      • SteveTech@programming.dev
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        would I have to change my actual XMPP port? Yes.

        You could port scan portquiz.net to find other unblocked ports if you want to use the same IP, or get a VPS or something to do the VPNing (Oracle cloud have free ones, or a cheap one will do).

  • rush@lemm.ee
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    XMPP can indeed be used for some other things

    For example, Google uses it to this day for Google Cloud Messaging - the push notifications service in Android.

    Just the how is something I cannot answer :/

    • u_tamtam@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      IIRC, Nintendo switches use xmpp extensively as well. Whatsapp is a modified version of xmpp. Many apps in the wild use xmpp for notifications, signaling and pubsub.

  • Smk@lemmy.ca
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    It is possible. As long as the protocol allows sending bytes of data controlled by the user which XMPP allows.

    You would basically wrap http with XMPP. You need a server that would understand XMPP, read the payload, create the http request, do the request for you, wrap the response with XMPP and send it back to you.

    You can do that with DNS as well which would bypass probably everything. However, your bandwidth wouldn’t be great.

  • drspod
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    What was your XMPP client connecting to? Was it a well-known public endpoint (that they could be whitelisting) or was it a private server? If the latter then that indicates that they are allowing arbitrary IP connections which in theory means that you should be able to proxy any traffic you want. I doubt they are doing DPI, since TLS makes this very difficult these days when you don’t control the certificate stores on the clients.

    I’d imagine they’re relying on some combination of DNS whitelisting and port blocking which should be trivial to circumvent if you know ahead of time what traffic they allow through.