All geek questions in one place

Can a browser directly interact with another browser on the same network?

I play around trying to find a way to connect between two browsers on the same network in order to set up WebRTC without a roundtrip server (no STUN / ICE / TURN). Basically, an alternative to the approach is here where the โ€œhandshakeโ€ is done using copy / letter / paste.

After sifting through all the examples of interaction between browsers, I could find (for example, through cookies or WebTCP ) plus a bunch of questions about SO (for example, here ), I again wonder:

Question :
If Alice and Bob visit the same foo.html page while on the same network and they know each other's internal assigned IP addresses, are there any ways they can communicate exclusively with what is available in the browser?

This excludes non-standard APIs such as Mozilla TCP_Socket_API , but all tricks (img, iframes, cookies, etc.) are also allowed.

I'm just curious if I can listen to someone from the same network that "broadcasts" something through a browser in general.

Edit :
foo.html will be on a static server, without logic, without ICE, without shortcut.

Edit :
Still not a solution, but a websocket server as the Chrome extension approaches. Example here: an almost clean browser without a WebRTC server

+6
source share
4 answers

Yes, you can establish a direct connection between two browsers over a local network using WebRTC. This requires the use of ICE, but this does not mean that an external STUN or TURN server is required. If browsers are on the same network, ICE will succeed only with local candidates for each browser.

STUN / TURN is only needed to ensure that two endpoints can establish a connection, even if they are on different networks and behind NAT.

In fact, if you use most of the WebRTC sample applications (e.g. apprtc ) with two browsers connected on the local network, ICE will most likely select and use a pair of local addresses. In this case, a channel allocation will be created on the TURN server, but it will not be used.

In the WebRTC application, you can disable the use of STUN / TURN by passing empty ice servers when creating the PeerConnection.

+3
source

While the MDN documentation lists WebSocketServer as the client API, I donโ€™t think it is for sure (maybe they wanted to document how to write a server there ).

At the moment, I do not know the standard way to create a server socket in a web browser. I know a couple of attacks for scanning a local network, but most of them rely on an active server outside the network, that is, you connect to the server and get back JavaScript that opens a WebSocket connection. Thanks to this connection, I can completely control the client and open more WebSockets with local IP addresses for scanning the internal network.

If the internal websites do not correctly implement CORS ( see here ), I can access all the internal websites that the current user is currently registered with. This is an insidious attack vector that allows external attackers to view internal browser documents without hacking anything. There is a demonstration of the attack on this page .

Even Flash will not allow you to create a server socket .

If you enable the Java applet, and the Java version on the client is very old or the user blindly clicked โ€œOKโ€, then you can create server sockets.

on this topic:

+1
source

This can be easily explained. The answer is impossible. In order for alice and bob to communicate at all without third-party developers, at least one of them must listen for incoming connections. It is not possible to use only a standard web browser.

+1
source

You can take a look at this

https://github.com/jed/browserver-client

I think you can easily create an HTTP server with javascript and send messages from one browser to another

With Nodejs, you can achieve the same.

0
source

Source: https://habr.com/ru/post/978724/

More articles:


All Articles