I try to send a simple HTTP GET Request using AutoIT TCPSend() command. The problem is that when I check the traffic using SmartSniff, everything is on the same line without linebreaks.
My code is as follows:
TCPStartup()
$ip = "195.143.118.23"
$port = "80"
Global $tcp = TCPConnect($ip, $port)
TCPSend($tcp, "GET HTTP/1.1")
TCPSend($tcp, "Host: ")
TCPSend($tcp, "Connection: keep-alive")
TCPSend($tcp, "Accept: ")
TCPSend($tcp, "User-Agent: ")
TCPSend($tcp, "Referer: ")
TCPSend($tcp, "Accept-Encoding: ")
TCPSend($tcp, "Accept-Language: ")
TCPSend($tcp, "Cookie: ")
TCPSend($tcp, "Connection: keep-alive")
TCPCloseSocket($tcp)
Use #CRLF at the end of every string
Like
TCPSend($tcp,"Hello Line"&#CRLF)
It would also be better to send it once as one big string and not line by line
And don't close the socket.
If you want to get a respone fron the server, you have to use the function TCPRecv. After this you can close the socket.
Related
I am trying to get data from an API with a POST request. The request works well with a direct shell command :
system(sprintf('curl POST -k --tlsv1.2 -v "https://api-gateway.inpi.fr/services/apidiffusion/api/marques/search" -H "X-XSRF-TOKEN: %s" -H \'accept: application/xml\' -H "Content-Type: application/json" -H "Cookie: XSRF-TOKEN=%s; access_token=%s; session_token=%s" -d \'%s\' > test.xml',token,token,access_token,refresh_token,json_request))
However, I would like to use httr for many reasons. I use the following code :
test <- httr::POST(
"https://api-gateway.inpi.fr/services/apidiffusion/api/marques/search",
httr::set_config(config(ssl_verifypeer = 0L)),
config = (add_headers(
"X-XSRF-TOKEN" = token,
"accept" = "application/xml",
"Content-Type" = "application/json",
"Cookie" = sprintf("XSRF-TOKEN=%s; access_token=%s; session_token=%s",token,access_token,refresh_token)
))
,set_cookies(`X-XSRF-TOKEN` = token,
`XSRF-TOKEN` = token,
access_token = access_token,
session_token = refresh_token)
,body = json_request
)
But this returns a 403 Forbidden error (my_token being the token I use) :
$error
[1] "access_denied"
$error_description
[1] "Invalid CSRF Token '*my_token*' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.
It seems like httr did not take into account my cookies because the token is different inside the test object I create :
> test2$cookies
domain flag path secure expiration name value
1 api-gateway.inpi.fr FALSE / FALSE <NA> XSRF-TOKEN *another_token*
Any idea ? I am sorry that I can't create a reproducible example for obvious security reasons.
Thank you !
The solution was wierd.
I had to rid off from httr, I used UNIX system commands instead, and it worked with the same request.
system(sprintf('curl POST -k --tlsv1.2 "https://api-gateway.inpi.fr/services/apidiffusion/api/marques/search" -H "X-XSRF-TOKEN: %s" -H \'accept: application/json\' -H "Content-Type: application/json" -H "Cookie: XSRF-TOKEN=%s; access_token=%s; session_token=%s" -d \'%s\' > %s/res.json',tokens$xsrf_token,tokens$xsrf_token,tokens$access_token,tokens$refresh_token,json_request,tempdir()))
It seems like httr tries to handle cookies by its own, so maybe that's what caused my problem.
I am using Safari to test my C++ socket handler, I send a request to the application, in the address bar:
http://127.0.0.1:8124/?{%22module%22:%22mdFileIO%22,%22command%22:%22open%22}
In my application I send a response:
const QString CRLF("\r\n");
QString strContent(strResponse)
,strDtNow(QDateTime::currentDateTime().toUTC().toString("ddd, dd MMM yyyy hh:mm:ss"))
,strHdr = "200 OK" + CRLF
+ "Content-Type: application/json" + CRLF
+ "Content-Length: " + QString::number(strContent.length()) + CRLF
+ "Date: " + strDtNow + " GMT" + CRLF + CRLF;
strResponse = strHdr + strContent;
In the above 'strContent' contains:
{"ack":"ack","module":"mdFileIO","time":"2020-10-05 18:00:19"}
The output for the response looks like this:
200 OK\r\nContent-Type: application/json\r\nContent-Length: 62\r\nDate: Mon, 05 Oct 2020 18:25:59 GMT\r\n\r\n{\"ack\":\"ack\",\"module\":\"mdFileIO\",\"time\":\"2020-10-05 18:25:59\"}
The return from write() is 161. Safari shows the following:
A couple of errors in the header:
The header should have started with "HTTP/1.1 "
The Content-Type should have been: "application/jsonrequest"
im looking to replace some login logic in on kong, for permission checks on a specific url (like upstream) to an envoy filter in istio.
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: api-auth
namespace: api
spec:
workloadLabels:
app: api
filters:
- listenerMatch:
listenerType: SIDECAR_INBOUND
listenerProtocol: HTTP
filterName: envoy.lua
filterType: HTTP
filterConfig:
inlineCode: |
function version()
return "v1"
end
function log(handle, value)
handle:logInfo(version() .. ": " .. value)
end
function dump(o)
if type(o) == 'table' then
local s = '{ '
for k,v in pairs(o) do
if type(k) ~= 'number' then k = '"'..k..'"' end
s = s .. '['..k..'] = ' .. dump(v) .. ','
end
return s .. '} '
else
return tostring(o)
end
end
function is_empty(value)
return value == nil or value == ""
end
function get_header(handle, header)
return handle:headers():get(header)
end
function envoy_on_request(request_handle)
local auth_host = "auth-service.services.svc.cluster.local"
local path = "/api/v1/has-permission"
local cluster = "outbound|8080||" .. auth_host
local request_headers = {
[":method"] = "POST",
[":path"] = path,
[":authority"] = auth_host,
["Authorization"] = get_header(request_handle, "Authorization")
}
local request_body = ""
local timeout = 5000 --ms
log(request_handle, "Sending auth request, headers: " .. dump(request_headers) .. ", request_body: " .. request_body .. ", timeout: " .. timeout)
local response_headers, response_body = request_handle:httpCall(
tostring(cluster),
request_headers,
request_body,
timeout
)
log(request_handle, "response_headers: " .. dump(response_headers))
log(request_handle, "response_body: " .. dump(response_body))
if tonumber(response_headers[":status"]) ~= 200 then
log(request_handle, "Key Authentication Failed")
request_handle:respond(
{[":status"] = response_headers[":status"]},
response_body
)
do return end
end
end
so this is my lua, but im still missing something, i need to send extra parameters on my body post request.
example working curl:
curl -i 'https://foo-api.com/list' \
-H 'Connection: keep-alive' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache' \
-H 'AuthCode: cmdpby50ZWl4ZWlyYUBqdW1pYS5jb20iLCJleHAiOjE1ODUwNDg2MjIsImlzcyI6ImZpcmV3b3JrcyJ9.JkvIhmQuumS32HhSzKuAhpPvjLVwOrRJXwajMjBU9Ag' \
-H 'Accept-Language: en' \
-H 'Authorization: Bearer 6InNlcmdpby50ZWl4ZWlyYUBqdW1pYS5jb20iLCJleHAiOjE1ODUwNDg2MjIsImlzcyI6ImZpcmV3b3JrcyJ9.JkvIhmQuumS32HhSzKuAhpPvjLVwOrRJXwajMjBU9Ag' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Sec-Fetch-Dest: empty' \
-H 'application: COMPANYCODE'
how iam supposed to send this kind of content inside the post using lua?
thanks and best regards
I am trying to send a mail with zip file attached from an unix box. I am limited to use sendmail utility. i ziped the files using the command
zip test.zip 1.html 2.html 3.html
and when trying to send mail with below commands. One of the three files (first file) is not opening properly. but the rest 2.html and 3.html is working fine.
I am getting the error as "Unavailable Data: 1.html"
(
echo "From: from#from.com"
echo "To: to#to.com"
echo "Subject: subject"
echo "Mime-Version: 1.0"
echo 'Content-Type: multipart/mixed; boundary="X12345"'
echo '--X12345'
echo "Content-Type: application/zip;"
echo "Content-Transfer-Encoding: base64"
echo "Content-Disposition: attachement; filename=test.zip"
base64 test.zip
echo '--X12345'
) | sendmail -t
Can some please help. Thanks in advance.
You failed to provide empty line to mark end of main headers and end of mime part header.
(
cat - <<END
From: from#from.com
To: to#to.com
ubject: subject
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="X12345"
--X12345
Content-Type: application/zip;
Content-Transfer-Encoding: base64
Content-Disposition: attachement; filename=test.zip
END
base64 test.zip
echo '--X12345'
) | /usr/sbin/sendmail -t
I run:
curl -i -X POST -H "Content-Type: application/octet-stream" --data #race.mov "http://127.0.0.1:8080/api/v1/put_file"
where race.mov is 4134329 bytes. But only 1931871 are received by the program listening on port 8080.
so I try another file that's 2482905 bytes. But only 1150635 are received. Isn't that weird?
irb(main):002:0> 1931871.0 / 4134329.0
=> 0.4672755845023461
irb(main):003:0> 1150635.0 / 2482905.0
=> 0.4634228856923644
What's going on to make curl only send 46% of the binary data?
Update this same go program:
dat, err := ioutil.ReadFile("/Users/aa/Movies/race.mov")
fmt.Println(err)
endpoint := fmt.Sprintf("http://127.0.0.1:8080/api/v1/put_file")
fmt.Println(endpoint)
buffer_reader := bytes.NewReader(dat)
resp, err := http.Post(endpoint, "application/octet-stream", buffer_reader)
fmt.Println(resp, err)
makes the correct length happen so it MUST be curl