I want to programmatically do HTTP post by parsing the below URL.
I am parsing the HTML Form parameters and then trying to post but it seems there is another parameter being added in runtime called metadata1 which is not there in the form.
Can someone help me how to figure out metadata1 ?
https://www.amazon.in/ap/signin?_encoding=UTF8&openid.assoc_handle=inflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.in%2Fgp%2Fyourstore%2Fhome%3Fie%3DUTF8%26action%3Dsign-out%26path%3D%252Fgp%252Fyourstore%252Fhome%26ref_%3Dnav__gno_signout%26signIn%3D1%26useRedirectOnSuccess%3D1
Related
I have a form that submits to a POST action URL I don't have control over, which leaves server-side validation on that URL out of the question. I need to be able to pass a pen test with reCaptcha and am curious if the below scenario would work.
One idea I had was to do all the normal client-side reCaptcha validation using the callback response and then enabling the submit button via JS.
That button would preventDefault() to submit the form to a different PHP file (via ajax). That PHP file would perform proper server-side validation, then based on the response submit the form to the main post url on the success ajax response or not via the error response via JS.
I could also load the form without a POST URL then populate the URL in the DOM based on the success ajax response prior to JS submit.
Does anyone have any better ideas or other ways I can validate recaptcha server-side even if I don't have control over the main POST URL?
Or do you think that client-side only validation could pass a pen test?
Thanks in advance for any input.
I was looking on how to get values of form data that are passed with POST requests and found this answer.
I know you you can get GET query parameters quite easily in JavaScript doing window.location.search but is there a way to do similar for POST request or document.forms is my only option?
To expand on what RUJordan said:
When you do a POST, the information is sent to the server using an entirely different method and does not show up in the URL or anywhere else that JavaScript can get access to it.
The server, and only the server, can see it.
Now, it is possible to take some of the form data and fill JavaScript variables and/or hidden form fields so the server can pass data back down to the client.
If you need more help, you'd be better off opening another question explaining exactly what problem you are trying to solve.
Do you want javascript to see the data was POSTed to load the current page?
JavaScript does not have access to the request body (where the POST content is) that loaded the page. If you want to be able to interact with the POSTed parameters, the server that received the request would need to respond with the necessary data written back out on the page where javascript can find it. This would be done after the form was submitted, as part of the response to that POST request.
Or do you want to know what your page could POST form the forms that are on it?
Inspecting document.forms will let you see what could be POSTed later if those forms were submitted. This would be done before the form was submitted, without a request being made.
I want to login to hotmail email account with httpclient. For that I need to pass 21 parameters to http post method including username and password. I found this out through temper data addon in firefox. I also found out that few of them are generated dynamically.(i.e. their values change each time we reload the page). My problem is to how do I find these dynamically generated values of the parameters which have to be passed in http post. I tried to find them with firebug addon but it did not help ! I think values are generated by javascript. If it is, then how do I parse them ? I have used Html parser before but it seems that it does not support javascript parsing. I would appreciate any idea regarding this.
Thank you.
This might be some form of CSRF anti forgery token, in which case I don't think you going to come right. They might be stored in some cookie, or in a hidden element in the page.
More info: http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/
I am looking to create a widget similar to the one created by Get Satisfaction (http://getsatisfaction.com/). You can see their widget by clicking on 'Feedback' on the left side of the page.
We would like the user to be setup by copying a bit of JS to their webpage and nothing else.
In its simplest use, a user would open the widget and enter data. This data would be sent to our server (cross domain) for processing and a response sent back to the user.
Can anyone shed some light on how this can be done?
I've read that I can send a JSONP request using jQuery and handle a response callback- can this be encapsulated with injected javascript?
All help greatly welcome.
Regards
You are correct, JSONP is the correct method for this and should work for your situation. JSONP is basically injecting a <script> tag to simulate a GET response, the contents of the script is a callback method with the JSON object inside it. Hense the name, JSON + Padding.
Note: JSONP does obviously not support POST callbacks or custom headers, as it is just a <script> tag that gets injected and removed when ready.
I'm building REST web app and my server side Java code expects request body to have pure JSON string.
My goal is to use regular HTTP POST method (not ajax) and set JSON into request body message.
If I use ajax, it is very simple. Something like:
var jsonInput = '{"foo":"bar"}';
ajaxRequest.setRequestHeader("Content-Type", "application/json");
ajaxRequest.send(jsonInput)
But I want to use regular HTTP POST.
Looking at the thread below, the answer is to create a form with hidden input field and put JSON in to the input field and have server side code handle the rest.
JavaScript post request like a form submit
I tried that and it works just fine but do I really have to bother creating new form and input field to accomplish this? Or is there any other way available?
NOTE: I don't want to use JQuery or Prototype framework. Just simple Javascript.
FORMs only allow for name-value pairs to be submitted, and so your JSON needs to be inserted into one such pair.
Yout can read about this at w3.org
As a solution, what about using xhr to send the data to the server, exchange it for some token, and then direct the user via a regular GET to a url passing the token?
This should fit with the REST paradigm too.