Since I totally F'd up entire topic. Over here, where nobody has ever known what I meant, until I realized that I said a lot of things that didn't make sense at all, nor I could make up any reasonable statements from smart people out there. By suggestion of said discussion's member. Here I start clean topic, where I'll check 50 times, that what I ask, actually makes damn bit of sense.
Let's start with me, 1st party (don't know if that's how it works). Anyways, it's stripped down kernel. There's one application listening to port 69. It receives the HTTPS/1.1, then sends a HTTP/1.1 answers. For example, user who is logging in, he/she sends (imaginary example)
It checks into database, on failure:
And all works perfectly. Program is designed to send queries through HTTPS, server receives, interprets, finds, provides answer. So far so good. Right?
Josh decides to download the software. He installs it, has no malicious intents, wants to use program as it was designed. He logs in and starts seeking for "Recommended Allies" or something. He adds people, starts chatting, plays a game and is gone, by this time, since logging in and logging out (after he's done), he's sent these absolutely legal and meant queries to the server:
[login name="Ronald",pwd="whatarethoooose"] [recfrnds amount="10"] [addFriend name="Dawg"] [sendmsg name="Dawg" msg="Hi there!"] [addFriend name="Fiona"] [sendmsg name="I <3 U"] [recfrnds amount="10"] [addFriend name="Terek"] [enterGame invited="Terek; Fiona, Dawg"] [enterGame ready] [userAction logout]
Thus Josh has logged in, sought for recommendation of allies (for battle game or whatever). Added couple, went onto next page, added next, then invited his friends, and went into game. Then logged out.
Easy peesy lemon squeezy. Right?
So program reaches to people of all kind, unfortunately. It also arrives to Dick. Dick, whose parents were prophets. Decides to login into the game, switch between "Recommended Allies", added few, sent few chats. After he captured the HTTPS/1.1 requests he sent, after decryption with public and his private key (because according to this both server and user have key to the encrypted data, which is always findable one way or another, private key + public key = de/encryption key, right?), he finds out that he can send these queries for wanted results:
[login name=#USERNAME#,pwd=#PASSWORD#] [recfrnds amount=#AMOUNT OF ALLIES#] [addFriend name=#PERSON NAME#] [sendmsg name=#PERSON NAME# msg=#CONTENT MSG#] [enterGame invited=#INVITES PEOPLE#] [enterGame ready] [userAction logout]
Knowing that he just deciphered the request his computer could legally send to the servers. He decides to create a program, what will program do? Well.
FOREACH LOGIN => NAME etc. [login name=NAME,pwd=PWD] TODO = [recfrnds amount="100"] FOREACH TODO AS BEASS [addFriend name=BEASS] [sendmsg name=BEASS msg="Hi, I just came here to recommend you that virus on virus.com"] FOREACH END [userAction logout] FOREACHEND
Now, I could detect it, by fact that query would be sent each 0.1ms, and that adding 100 in one shot is rather impossible. But the thing still remains. They could set interval, they could add 10 each time, not 100. The fight would go on.
How could I verify these queries are sent by an illegal program (which has been proven to be doable, look below^)?
I could look on timing, I could set maximum recommendations to 10. But still. I don't like the idea that people would automate queries and force my server to respond, without them actually using the program.
Does that sound anywhere near normal?
^it is doable -
Here's a cut from previous topic.
I was playing online video game, it's quite popular and out there. On some day, a programmer released his very own version of the launcher (with buttons, shop, and ways to enter a game (which still would open the original "battle arena .exe")). Owners of game didn't like it. And even though program sent exactly same query as the original launcher, still, majority of users of this "new launcher" got banned for 3rd party software (as it was forbidden in ToU).
What could be the way they detected it? I mean, of course they could've updated their client to send additional token with HTTP(S) which the newly-forged program wouldn't send, and then ban everybody who didn't send that token (honey token).
But even then, the developer of his own new launcher, could've detected differences in patch version (from 4.2 => 4.3) and then block usage of it (through piece of code in launcher which would detect new version) and find out how the latest version works, update the code a bit, and keep being stealthy.
There must be some hardcore reason why said programmer didn't go for it.