HTTPS SSH

Flash Messenger - a dangerous ORB-ish thingy

This project started out as a stupid way of flashing a message in a tool tip balloon on a windows desktop so that browsers that were minimized or not in focus could alert a user about something important. Once I figured out how to implement bidirectional communication with an Internet Explorer COM instance I realized the true power of giving web applications access to the Win32 API, or in other terms I created an even more vulnerable programming architecture than embedded ActiveX objects!! hooray. :D

Then I thought, how awesome would it be if my web-based time tracking software could detect when I'm working and what client to bill time towards based on the application I was working with, and what files were open. It could take screen shots of my desktop to share work progress with clients. And I could keep track of billing overages via a simple little system tray notification balloon. Ultimately I never got around to complete billing automation, but the goal is certainly plausible.

This project is in a bit of flux as I haven't modified it in months if not years. I'm not even sure how well it works, as I recall I was still playing with the core logic. It's definitely a hack, and I'd love to dedicate the time to properly integrate with a browser via a plugin architecture or support other browsers besides IE, but I don't really care, and it solves my immediate problem. Plus plugins require installs and activations and security constraints and this is just a standalone executable with no security constraints!

Usage:

If you run the application, it will add an icon to your system tray to indicate that it is running. Every few seconds the application will take an inventory of all running IE COM instances. If the namespace window.navigator.flash does not exist, it will create a method by that name, and execute window.navigator.fm_ready() if it exists. This method will only run once and then be deleted so as to provide a web application with an acknowledgement that the Flash Messenger is available for processing calls - consider it the equivalent of DOMContentLoaded for a browser.

There are currently only a couple of commands available to execute over the ORB:

'Balloon' - shows a tooltip balloon with the message provided.

//javascript example
navigator.flash('balloon', 'hello world');

'CaptureScreen' - captures a screenshot of the users desktop. This would be useful in generating bug tickets for example, where a bugzilla new ticket page could take a snapshot for the user

'KeyHook' - allows hooking into system level keyboard data via a callback method. I was initially thinking of using this for building a better keypress mechanism since browsers tend to screw that up in various different ways. Ultimately I ended up using it as an out to lunch indicator where by I checked for keyboard activity around lunch time. This design allowes for system-wide activity detection.

'SendMail' - allows for sending an email via a configurable server without having to secure some public email forwarding server

'ForegroundWindowTitle' - returns the window caption of the currently active application. I used this to automatically bill time to appropriate clients based on what development projects I had in my foreground. Perhaps I went a little too automated in that regard ;)

Ideally future commands are built with a little more structure, and Win32 API options could be executed dynamically, but security would need to be an important focus. And really, by requiring a whitelisted domain and commands, this utility could be pretty secure. And since we have desktop access, we could easily require human interaction before doing anything too destructive.

This is mostly out there because I want to publish more of my projects to open source. If you want to send me a patch, I'll read it, but don't expect much support.

Licensing:

Copyright (c) 2010 Marcus Pope - http://www.marcuspope.com/

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.