This program binds a web server to the address of your wifi network interface on a random port, and sets a default handler for it. The default handler serves the content and quits the program when the transfer is complete.
The program prints a QR code that encodes the text:
Most QR apps can detect URLs in decoded text and act accordingly (i.e.: open the URL with the default browser), so when QR the code is scanned the content starts being downloaded by the mobile browser.
If the URL isn't being manually entered (I mean that's the whole point of the QR code right?) then adding some random unguessable text would solve the problem of something else on your network connecting to that port. It doesn't solve the problem entirely as it's still possible to MITM the HTTP connection but it's a tad more difficult.
I can see myself using this to move files quickly between a desktop and a laptop or vice versa by ignoring the QR code and just putting in the port.
Alternatively you could try the gfycat method by appending a few adjectives and a noun to create a readable but nonsensical phrase: https://gfycat.com/enlightenedpositiveasianporcupine
But IMHO If security on your own network is so intense that a random app opening temporarily on a random local port is a security concern then this app isn't for you.
$ nc -l 12345 < data.txt
$ nc host-a-or-its-ip 12345 > data.txt
> transfer multiple files in a reasonable manner
you mean, for example, choosing the destination directory and things like that?
The idea of QR code is amazing. I'll put this to my news letter next week. Look out for it
If you “play” a series of qr codes with checksums and record them from a phone and process the video on the phone you can exfil data without tripping any IDS.
Opening a port often requires privileges or can at least trip an IDS. Silly really.
What your saying is that these machines don't log at the operating system level, in the fashion of a tracelog, but count on bad actors to use COTS implementations of those system level calls, and log the high level events?
Its a good thing that there isn't much overlap between people who understand penetration strategies and people who can write their own software.
2018/03/22 18:46:55 listen tcp: address fe80::XX:XXXX:XXX:XXXX:57532: too many colons in address
System Preferences > Network > [click your ethernet or wifi adapter on left, unlock padlock if needed] > Click Advanced on right > Click TCP/IP tab > NONE, or Configure IPv6: Link-local only
The problem seems to come from the fact that the port is just appended to the address, but with an ipv6 you have to surround it with brackets
I don't know if it is the barcode scanner app (I use the one from zxing, a very popular choice), or the Android implementation (LG, Android 7), but here is a description of what happens:
As soon as I scan the barcode, it is copied to the clipboard. Then something goes to check if the URL is working (the barcode app? android clipboard? not sure). Since you exit after the first request, my browser never gets the chance to download the file.
If I remove the os.Exit(), I get it working (and then terminate qr-filetransfer via ctrl+c).
Anyhow, very nice work. Kudos!
Users response to this tool is really overwhelming, lots of interesting ideas and solutions have been already provided in the last 24 hours!
The workflow is easy:
1. the tool spawns a disposable web server
2. the tool prints a QR code that encodes an URL that points to the server
3. the device scans the QR, the scanned text is the URL
4. the tool turns off the disposable server as soon as the transfer is complete
iOS doesn't have built-in QR reader. So good QR app just should open recognized URL, and then suggest application which will be used to open the file.
Could anyone recommend such app? Tried "Scan" (iOS app), doesn't work for me: has problems recognizing qr code (probably because of my terminal fonts/background) and doesn't suggest app to open file even if QR code is recognized.
I'm trying to collect as much info as possible to identify the cause. Thanks!
How does it happen I cannot know.
Tried once again after posting this comment and it worked. Who knows where the software goes.
The workflow would be something like: Upload to Nextcloud (it would need to ask username/password) => Get Nextcloud URL (eg via WebDAV) => Create QR code.
would be nice if it could allow pipes. example to send the clipboard:
$ pbpaste | qr-filetransfer
2018/03/22 15:06:48 At least one argument is required
But for now I think you should stick with:
pbpaste > /tmp/clipboard.txt && qr-filetransfer /tmp/clipboard.txt
Thanks for the idea, I'm tracking it in github.
pbpaste | qr-filetransfer /dev/stdin
$ echo <(true)