You are here

A Fool's Guide to Bypass Openfire's Client Control

Today the Openfire Team announced the open sourcing of the Client Control module for Openfire. This module promises it "allows to specify which XMPP clients are allowed to connect to the server".

In this guide I will give you instructions about how you can bypass this restriction and always use Coccinella. Don't be afraid that this tutorial will be too difficult for you! Thanks to Coccinella's flexible branding features, even a child can do this. No, you don't have to recompile Coccinella or apply some difficult hacks. It's only a matter of adding 1 small line to Coccinella's preferences file and then restarting Coccinella! Read further to see how easy it is to bypass OpenFire's Client Control module.

Coccinella pretending to be Psi
  1. Locate Coccinella's preferences folder on your platform:
    • Windows: C:\Documents and Settings\UserName\Application data\Coccinella\
    • Windows Vista: C:\Documents and Settings\UserName\AppData\Roaming\Coccinella\
    • Mac OS X: /Users/UserName/Library/Preferences/Coccinella/
    • Linux: /home/UserName/.coccinella/
    • Portable Coccinella, the folder CoccinellaPrefs in the same folder as the Cocccinella executable
  2. Use your favorite text editor to add the following line to the preferences.rdb file (replace "Psi" with another client name when it is also blocked):

    *appName: Psi

  3. Restart Coccinella; if all went right you will see that the window title changed to "Psi" and you will be able to connect to a restricted OpenFire server.

As this short tutorial shows, the kind of protection that the OpenFire Client Control module promises is so weak that even a child can bypass it without problems!


Nice. That Openfire feature is just like IE only websites. Way to go Openfire devs!

I sure hope no *public* Jabber servers implement this block, but for a corporate server, it does have it's uses in helping mandating policy. Chances are J. Random User is going to ask helpdesk why he can't log in with client X and then get the answer "Company policy to only support client Y. Use client Y."

So, this block doesn't have to be any better than this in either case.