Finding webservers in local network
Gabriel D'Espindula wrote 06/02/2020 at 18:42 • 0 pointsHi folks. I did quite a few project where a webserver is created to host a page, like using the esp webserver or octoprint and something that bother me is when I need to find the IP of those things. It's not complicated, but if I take my project to someone else's house and just wanna make it run sucks to find the IP. mDNS still not fully compatible so I did a simple page to find the IP of those webservers, and I can use from my phone. Now is running here: https://github.com/gabrieldespindula/winkSeeker/tree/master
For me works, but I'll be very glad if someone that has a little project on serving a page could just let me know it if works as well.
I'll add a list of common modem configurations for those without mask and gateway and perhaps a simple library to add a standard response to create a better list of devices... But for now I just deployed the basic crawler. Glad if someone could test it :)
Cheers
Discussions
Become a Hackaday.io Member
Create an account to leave a comment. Already have an account? Log In.
Cool little tool you made there.
200.200.200.x is weird indeed.
Are you sure? yes | no
I would run 'nmap' from the Linux command line, and let it scan the local area.
You can tell it to look for just the HTTP or HTTPS port, which lets you quickly see any IP address that is hosting a webserver. It usually also shows you the Hostname and one or two other details of the device it detected, so you might even be able to directly look for 'ESP' somewhere in the device list.
Are you sure? yes | no
"then any website you visit on the internet can."
But, is not exactly that true?
Are you sure? yes | no
Well, more or less. A browser is a sandbox that does not allow access to your files. If by "hack you" is know where you are and your habits and when you used their website, then yes, but a website is not comparable to downloading an .exe from a non trusted source and running it, that can watch your webcam, steal all your data send it to a server then delete your hard drive at the end. In comparison, any website running on an up to date browser is safer :)
Are you sure? yes | no
So, if I visit a website, it cannot drop a cookie which can end up containing malicious code?
Are you sure? yes | no
not if you visit it in incognito mode :)
Are you sure? yes | no
Oh, I thought incognito mode only deletes cookies etc. when I end the browser session, not prevent cookies being stored during the session. Can a malicious cookie not do lasting harm before it is deleted?
Are you sure? yes | no
haha funny, define harm, a bunch of warnings that no one sees ?
Are you sure? yes | no
Nice initiative, I did face such issues like everyone I guess. If you're interested how Philipps solved this issue, you can have a look at this comment : https://github.com/HomeSmartMesh/smart_home_3d_webapp/issues/7#issuecomment-592929292
I figured it out as after an update, the library started trying to contact the internet server, while I have no online account, so got stopped by the CORS policy, after searching, I found out that Philipps also have a method for discovery in local network
The protocol is ssdp, but it's no fun, complicated, I don't find it practicle to use, yet that's a standard for exactly your issue.
https://github.com/diversario/node-ssdp
Are you sure? yes | no
The chat does not allow to attach pictures, this is a classic protection policy in Chrome, here's the error message when opening developer mode :
Mixed Content: The page at '<URL>' was loaded over HTTPS, but requested an insecure resource '<URL>'. This request has been blocked; the content must be served over HTTPS.
not even on local net, I think you need some CORS config
Access to fetch at 'http://10.0.0.1/' from origin 'http://127.0.0.1:5500' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Are you sure? yes | no
Yep, and apparently there is no way around the mixed content for this application... Unless I host somewhere else.
Are you sure? yes | no
But thanks for the cors update. I dont have this issue when I run from my localhost. I'm not in my pc now, but later I'll check if I added a cors header in the response from my esp, maybe thats why I'm not having this trouble.
Edit:
I just saw my esp code and yes, I added the cors header there (server.sendHeader("Access-Control-Allow-Origin", "*");), that's why I don't have the issue. I'll try to delete this line and add the no-cors in the fetch, lets see if it works. Thanks again for the feedback!
Are you sure? yes | no
I just noticed that the github page isn't working because is https by default and I can't send an http request from it... I'll see how can I fix it...
Are you sure? yes | no
Its a good point, I can tell you it won't cause any harm, but if you want you can check by yourself, the code is open. I also believe posting malicious code in my personal github account in an open source repository won't be the smartest way of doing it. If you run the debugger in your browser is also possible to see it wont send anything anywhere except get requests to a bunch of local ips.
However, is just a tool that I think can help someone having same trouble as me.
Recently I did a temperature sensor to my dad's aquarium and all the process of configuring the thing to work in his network was very bothersome, I needed my computer around as well... Wish I could just give him the sensor and it works from his phone, that's why I made this page.
Are you sure? yes | no
How can I know that there is no malicious code included? Are you sucking my network in the background while I patiently wait for some results to show up while drinking many, many cups of coffee?
Are you sure? yes | no
It's a static website, and hosted on github (github.io) so no server code running other than serving the files. If that page can hack you, then any website you visit on the internet can.
Are you sure? yes | no