I am trying to upload data to a webserver using curl. I have analyzed the data sent to the server, from a browser, using wireshark, shown below:
POST /cgi-bin/upload.cgi HTTP/1.1
Host: 192.168.1.22
Connection: keep-alive
Content-Length: 2637
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://192.168.1.22
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/30.0.1599.101 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryn1sckmiVOVfCwUMQ
Referer: http://192.168.1.22/upload.html
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
I looked at the webpage the browser accesses to upload the information, shown below:
<form method="POST" enctype="multipart/form-data" action="http://192.168.1.22/cgi-bin/upload.cgi">
File to upload:
<input type="file" name="theupload"><br>
Should it be updated?<input type="checkbox" name="configuration"><br>
<input type="submit" value="Press"> to upload the file!
</form>
I attempted to use:
curl --referer http://192.168.1.22/upload.html -F theupload=#file1.xml -F config=on http://192.168.1.22:80/cgi-bin/upload.cgi
My output was
POST /cgi-bin/upload.cgi HTTP/1.1
User-Agent: curl/7.33.0
Host: 192.168.1.22
Accept: */*
Referer: http://192.168.1.22/upload.html
Content-Length: 2650
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------fd126312049d1f47
The server returns HTTP/1.1 417 Expectation Failed.
I am just learning curl, and I am unsure of what to do. Do i need to emulate the header of the browser command as closely as possible? or is the boundary what is probably throwing it off?
Thanks for you help.
try to use curl -H "Expect:" ...
Related
when investigating network behavior, I usually use postman for sending HTTP requests, however
I need the option to send a raw HTTP request (via clear text), or at least only the headers, and it seems that postman does not support to edit your request via clear HTTP text. (buy the way the opposite is possible, you can read the raw http text of the requests you constructed in postman but you can't edit them)
for example:
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: he-IL,he;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 21114
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: csrftoken=0alLaljTasofjCWZv7gcmukXuz6gMxfzlWpV691hzZZ1hTBcdVJ3mH8ozRDnO6hu; tk_or=%22%22; tk_lr=%22%22; session_id_12211=ff6a58b0baf98005748ce5a3c6a732aef33b750f; splunkweb_csrf_token_12211=10024448868272708216; token_key=10024448868272708216; experience_id=4852e1c6-726b-1ab3-bafa-f0a735d3f708; splunkd_12211=NjcrwAj_TLgz5JalVh2HTynLdbp_CPnfHFKi8qmsODiH40HI2urbPvAvJ9uvDKKoM3nATXEkS6dGytD0TvfiOtAUGJhk7Od25on_gJcZrQwcePQZ8HQaCmGScm^RXmOdDa^KVvN
Host: localhost:12211
Origin: http://localhost:12211
Pragma: no-cache
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest
X-Splunk-Form-Key: 10024448898272708216
does postman allow editing the raw HTML? if not, there is other tool that can?
My (working) code looks as follows:
<script type="text/javascript" src="../AAAA/1111.js"></script>
<script type="text/javascript" src="BBBB/2222.js"></script>
The headers I see on the server side are:
GET /AAAA/1111.js HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Accept: */*
Referer: http://localhost:8000/admin
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: Idea-864a62cc=6c435764-3873-4567-a197-140cd7e7fac1
GET /BBBB/2222.js HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Accept: */*
Referer: http://localhost:8000/admin
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: Idea-864a62cc=6c435764-3873-4567-a197-140cd7e7fac1
How can I tell the path (on the server side) since they both look the same? One is below the referer and the other is in a sibling directory to the referer, yet I can't tell from the HTTP header. The ".." info seems to be lost yet the server gets it right? How does it know?
Thanks!
Blake McBride
That's because the browser resolves relative references. See Section 5 of RFC 3986 for details.
So no, you can't tell these apart on the server.
To send an HTTP request through a socket to a server, i would do something like this:
GET / HTTP/1.0
Host: www.example.com
User-agent: SomeBot
...
How would you go about programmatically defining an HTTPS request? I'm not looking for any programming language specific answer, something that teaches me the essence of HTTPS.
My research:
When i goto https://www.google.co.in/webhp?tab=ww&ei=sg7MUvKgGoX_rAeKxoGIDg&ved=0CBQQ1S4 this is what i get:
GET https://www.google.co.in/webhp?tab=ww&ei=sg7MUvKgGoX_rAeKxoGIDg&ved=0CBQQ1S4 HTTP/1.1
:host: www.google.co.in
x-chrome-variations: COy1yQEIlLbJAQiftskBCKS2yQEIqLbJAQiptskBCL62yQEI8YPKAQ==
accept-encoding: gzip,deflate,sdch
accept-language: en-US,en;q=0.8
user-agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36
:path: /webhp?tab=ww&ei=sg7MUvKgGoX_rAeKxoGIDg&ved=0CBQQ1S4
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
:version: HTTP/1.1
cache-control: max-age=0
cookie: PREF=ID=c032cbb31701d0d8:U=3a8fed312bb2ee57:FF=0:LD=en:TM=1374381891:LM=1376055657:S=BooLSkeTxOsbOYls; NID=67=HDIT9zwo-KKhljgRnJMz4u_5L_qpj3FvsN9Y47dWZmByQRS4N8QYs64IcEjFYphs6YpbrmvgsejwaL5YwxzbkY_qYaKU7wBfDA9N955NznF7IIyeHxcQ5UX8Dm999AElAKdkyswNbwUx1WJZo5vEuIaqC4Hdw4AkjsdwmFjY4ujPiEAj72z93QpCLleM-NXOK8N5YWn8DqiteGrEZUQ3FdPK3vkfDet_GF3CcBnkiYWxXON6R8Kum8BWaJGtm9h5dA; SID=DQAAANQAAAB2hOHWGXo76aWm_lgruhW0NH_zbU26rK7YMM_uiyMRvIBoyiEb3Gn_j2AhtmM4v6a74DinFMAOIjq5N4g4JcAAXaMEXz1dUz8MVup_nt1udNM0hpvybeWPxE1xK8rvdL2ra9moRW58jRzzA0HdpmkrH_t2ZIQ7GhqJlxp6lOS_jfvmeeb3REYFp6Q08hRYvCRDmhYFQ7NSt_Ua_3EWu4d_o125kvZ0x0bwm7JDKEcO3S-b6SJ4KnAGIWYjQKPdirgIFEUm1vApvIr4hoa4Z01rBt9YTmhwdEG5KvJmjusPkQ; HSID=AoEbPqSO97tEXhBOd; SSID=Abkp9uP00vi4wX19_; APISID=idPvNkfOQ-W9vefw/AjRgJIuDHZMDnME-B; SAPISID=5UH5pOlPn4c_31En/AcwfUulAqos_McwmH
:scheme: https
referer: https://www.google.co.in/
:method: GET
I see that it is pretty understandable, yet slightly alien...
I made an HTML page with some JavaScript that works fine on my laptop on Linux, but fails when I upload it on a Windows server. I think it is a header issue so I am not writing the Ajax code, but the request headers :
Ajax Request :
GET /index-1.html HTTP/1.1
Host: mydomain.com
Connection: keep-alive
Accept: undefined
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1553.0 Safari/537.36 SUSE/30.0.1553.0
Referer: http://mydomain.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Server Answer :
HTTP/1.1 406 Not Acceptable
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Thu, 19 Sep 2013 19:40:44 GMT
Content-Length: 1346
What should I set the headers to?
If you actually read the description of status code 406 you'll quickly find out that the problem is likely caused by "accept: undefined".
Despite what the title may suggest, this is not related to the common "preventing double post request" issue.
In my application, I add some data on outgoing HTTP traffic, and with some some websites, I randomly encounter an HTTP POST request that has a double-header, resulting in a server termination, as I assume the server doesn't understand the request and decides to cut me off. As the title says, I'm literally seeing two POST headers in a single request. This only happens when I append some custom HTTP fields to the header. For example, I came across this today when I followed a surveygizmo.com link, as seen in the trace at the bottom of this post.
I cannot understand if it's the browser that's doing something funky because it noticed I've modified some data, or it's something in my LSP application that causes this to happen.
When I debug my application, I only see the intercepted request the first time, which is when I inject the custom data. After that, I don't see the request anywhere except in Wireshark, so it's not like I can remediate the double headers by deleting the redundant data.
Things to note looking at the trace:
The data I'm appending is 'Custom-FieldN:'
Two almost-identical headers
Three double-CRLF's in one single request header (how is that possible?)
The Request:
POST http://www.surveygizmo.com/s3/1212345/Who-Are-You HTTP/1.1
Host: www.surveygizmo.com
Custom-Field1: UserNameBob
Custom-Field2: 2578291789
proxy-connection: keep-alive
Content-Length: 836
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Origin: http://www.surveygizmo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryaQraA7ZABICMT6jO
Referer: http://www.surveygizmo.com/s3/1212345/Who-Are-You
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,ja;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sg-response-979523-1212345=0%3B1369154430_519ba37e477bc8.35524744%3B1369154430%3BPartial
POST http://www.surveygizmo.com/s3/1212345/Who-Are-You HTTP/1.1
Host: www.surveygizmo.com
Custom-Field1: UserNameBob
Custom-Field2: 2578291789
proxy-connection: keep-alive
Content-Length: 836
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Origin: http://www.surveygizmo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryaQraA7ZABICMT6jO
Referer: http://www.surveygizmo.com/s3/1212345/Who-Are-You
accept-encoding: gzip,deflate
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6,ja;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sg-response-979523-1212345=0%3B1369154430_519ba37e477bc8.35524744%3B1369154430%3BPartial
------WebKitFormBoundaryaQraA7ZABICMT6jO
Content-Disposition: form-data; name="sg_navchoice"