dakkar has quit [Remote host closed the connection]
dakkar has joined ##bash-crimes
dakkar has quit [Quit: e via, verso nuove avventure]
<sdomi>
this isn't terribly impressive but i think it's quite funny so i will present it here
curl_posting has joined ##bash-crimes
<curl_posting>
finally, IRC support in cURL / HTTP/1.1
curl_posting has quit [Remote host closed the connection]
<sdomi>
`curl --http0.9 http://localhost:6667 -X $'USER sdomimeow 0 * :curl\nNICK curl_posting\nJOIN ##bash-crimes\nPRIVMSG ##bash-crimes :finally, IRC support in cURL' -v`
<misentropy>
lol
<misentropy>
reminds me of an old exploitable thing in ancient browsers; some were Everything Internet (cough Netscape Communicator) and had an irc client built-in
<misentropy>
tl;dr there were cross-protocol attacks
<misentropy>
and they were glorious to behold
<misentropy>
lots of browser users flooding irc servers
<misentropy>
that's my story and I'm sticking to it
<misentropy>
that's why there's protected port ranges in modern browsers
<eloy>
would it be possible to write a DHCP server in bash?
<eloy>
I guess you'd need a dependency on socat/ncat then
<JAA>
lol
<JAA>
I wrote an HTTP-IRC interface. I could've just used curl...
<JAA>
eloy: Would the `accept` loadable not be sufficient?
<jn>
o hi eloy :)
* eloy
waves to jn
<JAA>
You can use `--request-target ' '` to get rid of the / (or, even better, use that for part of the message). Not sure it's possible to avoid the trailing HTTP/* though.
<JAA>
(An empty value isn't accepted.)
<JAA>
Yeah, the HTTP version string is hardcoded.
<JAA>
Uh, but you can just throw that into a dummy no-op command.
<JAA>
My tests get blocked because the connection isn't registered when the JOIN etc. are sent. Are you hiding something in the localhost proxy? :-)
<JAA>
`-H Host: -H User-Agent: -H Accept:` to suppress the automatic headers, by the way.
<JAA>
sdomi: ^
<sdomi>
eloy: yup! you can do tuntap with a lot of hacks (... i have an upcoming blogpost about this, actually), and then sky is the limit, kinda
<eloy>
nice
<sdomi>
JAA: tbh if you're bothered with the `/ HTTP/1.1` then you can just add another \n to the -X
<sdomi>
it's not like curl is gonna mind, and that will terminate the command
<JAA>
Yeah, I added a `\nPING :` to make it valid IRC, too.
<sdomi>
as for the localhost proxy - nope, that was just a socat to see what's happening :p
<JAA>
Hmm
<sdomi>
change your username, maybe?
<sdomi>
it may complain a bit more if it is actually registered
<JAA>
Not testing on Libera, the nick is fine.
<JAA>
I just get 451s before the 001.
curl_posting has joined ##bash-crimes
<curl_posting>
launching once more, just so I can dump a log :p
curl_posting has quit [Remote host closed the connection]
<JAA>
Server tries to do ident, processes the JOIN and PRIVMSG already (error 451), then finishes ident and registers the connection.
<JAA>
I tried playing with making multiple requests, too, but that can't work for several reasons (HTTP/0.9 requiring connection termination, -X not being per URL, etc.).
<JAA>
Hmm, weird.
<sdomi>
tbqh i'm surprised that sending everything at once works on libera right now, i remember writing clients in the past and needing to wait for specific codes before I could join a channel and stuff
<JAA>
Yeah, 001 is the one you should normally wait for.
<sdomi>
also, do you have a legit usecase for this, or are you messing around? because I have "proper" (heavy airquotes here) IRC bots in bash, with ncat (although you could probably just use /dev/tcp)
notcurl has joined ##bash-crimes
<notcurl>
ohai
notcurl has quit [Remote host closed the connection]