October 27, 2017
Sometimes the simplest seeming jobs end up being more annoying that it should be. Moving a file from your computer to your phone and vice-versa should be a fairly simple task. However, it’s usually a mess of deciding to email it to yourself, put it into Google docs or Dropbox or hunting around for that USB cable (and appropriate adaptors).
The following method solves this problem but at the expense of being ABSOLUTELY INSECURE. There is no encryption and no passwords. Your data is un-encrypted in transit and at rest. If you’re thinking of transferring anything secret then either don’t do it like this or encrypt it before you transfer it. However, the number of times I need to move a picture or PDF far outnumbers the number of times I want to move super-secret personal information.
What this technique lacks in security it makes up for in ridiculous convenience.
It works as follows:
- Click UPLOAD on the source device and select a file.
- Click DOWNLOAD on the destination device.
When the file has been downloaded a single time it is deleted from the server. Only a single file will ever be retained for transfer and then only until it is downloaded.
If you look at the URL in the screenshot you can see the nod to “security” is to obfuscate the URL. We will also choose a random port. This will make simple drive-by probes unlikely to find the page but remember, your data is travelling in plain text across the internet.
If you already have a server running Apache or Nginx with PHP enabled then you can serve the file in the usual manner, even via HTTPS and password protect access if you want to.
However, if you just want something quick and dirty then we can serve it using the built-in web server in PHP.
First, you need to install PHP on your server. Whatever is the default version will work just fine.
Next, create a location to serve
index.php from. We will use
/var/www/yopp for this guide:
mkdir -p /var/www/yopp
-p will create all the necessary parent directories in case
/var/www doesn’t already exist.
Now, create the obscure part of the URL by creating a directory with a long, random name.
If you don’t use it already, the command pwgen, is a much better alternative to mashing the keyboard when generating passwords. It’s available in the default repos of every distro I’ve ever used.
You can run it with just
pwgen and it will output a bunch of 8 character passwords. I like to create an alias in my
.bashrc file so that I get 20 character passwords by default:
alias pwgen='pwgen 20'
pwgen 20 gave me
seen6ageePahxahnaMee so we need to create a new directory under
/var/www/yopp/ using the random string:
Now, move into the new directory you just created and download the
index.php from GitHub:
cd /var/www/yopp/seen6ageePahxahnaMee wget https://raw.githubusercontent.com/josephernest/Yopp/master/index.php
The default maximum file size is 50MB, if you would like to make this bigger (or smaller) simply edit
index.php and modify this line:
$maxsize = 50*1024*1024; // 50 MB
50 to be whatever number of MB’s you want new maximum file size to be.
Now, drop back to
/var/www/yopp to start the PHP web server. The command to start the PHP web server has the following form:
php -S <interface>:<port> -t document_root
If the public IP of my server is
172.31.45.14 and I want to use port
3748 the command will look like:
php -S 172.31.45.14:3748 -t /var/www/yopp
The problem with this is that it will only run as long as you have this terminal open and connected. In order to detach the command from the terminal correctly and send all of its output to the bit bucket i.e.
/dev/null use the following command:
nohup php -S 172.31.45.14:3748 -t /var/www/yopp > /dev/null 2>&1 &
The additional, incredibly useful, Bash commands here are:
> /dev/null 2>&1Send standard output to the bit bucket (
> /dev/null) and also direct standard error into standard out (
2>&1) so it is also deleted.
nohupThis disconnects the process from the terminal that it was launched in.
&This creates the process as a job and can be managed using standard Bash job control.
In order to kill this process, you run the
jobs command and find the PHP server. This is what running
jobs produced on my Ubuntu server:
jobs + Running nohup php -S 172.31.45.14:3748 -t /var/www/yopp > /dev/null 2>&1 &
The job number is the number in square brackets i.e.
. In order to kill job 1 use the
kill command along with
%` and the job number. Here is the command to kill job one:
The URL that you need to use to access the upload/download page will depend on the random URL and port that you chose. In the case of the example this URL would access the page:
Obviously, that is a little difficult to remember so simply bookmark it in any browsers that you need to access it from.
If you want the PHP server to run for a set time and then die use the bash
timeout command. This command will kill any process that follows if after a set period of time. Using
timeout 300 nohup php -S 172.31.45.14:3748 -t /var/www/yopp > /dev/null 2>&1 &
Means the PHP server will terminate after 300 seconds or 5 minutes.