I've caught this packet sent from my browser to X site when I login:
POST http:/page_to_login HTTP/1.1
Host: host_name
Connection: keep-alive
Content-Length: 63
Accept: application/json, text/javascript, /; q=0.01
Origin: http:/host_name.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36
Content-Type: application/json; charset=UTF-8
Referer: http://name_host.com
Accept-Encoding: gzip, deflate
Accept-Language: en,it-IT;q=0.8,it;q=0.6,en-US;q=0.4
Cookie: __gads=ID=ba4aa3e1f26167ce:T=1420379969:S=ALNI_Max051cucDaIPAjfr_u43Jz3tF-eQ; mlUserID=qoqCnShSTTHg; ebNewBandWidth_.name_host.com=2137%3A1424452854024; ff11_lastvisit=1424960092; ff11_lastactivity=0; __adnt_intro=1; __utma=85431950.643346397.1420379964.1425039982.1425049087.44; __utmb=85431950.10.10.1425049087; __utmc=85431950; __utmz=85431950.1425032713.42.10.utmcsr=dotnethell.it|utmccn=(referral)|utmcmd=referral|utmcct=/forum/messages.aspx; sly_cook_fc=17313 18 0_; comp_drogat-premier-leagueLeghe2015Quad=0=87834; _ga=GA1.2.643346397.1420379964; _gat=1; rta_nxtml=
And this is how the password and username have sent to the server:
{"u":"my_username","p":"my_password","aliaslega":"","check":"u1-L12"}
How can I encapsulate this information and create js/php functions to automatically login to X site?
Related
The following code is used to connect to an API and get data.
function req() {
var xhr = new XMLHttpRequest();
xhr.open("GET", "https://url/api");
xhr.setRequestHeader("Accept", "*");
xhr.setRequestHeader("uid", "1234");
xhr.setRequestHeader("x-api-key", "1234");
xhr.send();
}
The function is called via a button
The API is confirmed working with postman. Firefox displays the following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
The interesting problem is that when inspecting with Firefox, the set headers seem to be misaligned
Host: url
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: uid,x-api-key
Origin: null
Connection: keep-alive
I can edit this in Firefox to the correct way:
Host: url
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
uid: 1234
x-api-key: 1234
Origin: null
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
And will get successful state 200
What could be the issue of wrong formatting when using js?
Originally we sent the authentication in the URL as
http://root:root#172.19.50.30/mjpg/video.mjpg?resolution=1024x768&compression=70
and that worked fine. As long as the password wasn't using special characters, this worked. But bad practice and Chrome forced me to do it differently.
The Wireshark header for this request:
GET /mjpg/video.mjpg?resolution=1024x768&compression=70 HTTP/1.1
Host: 172.19.50.30
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://172.19.50.30/local/ipsloitering/index.html?&language=en-US
Connection: keep-alive
Authorization: Digest username="root", realm="AXIS_00408CC561BC", nonce="7kRiObt8BQA=b937e181325fd66b88f1179eb1f5efe649c49e66", uri="/mjpg/video.mjpg?resolution=1024x768&compression=70", algorithm=MD5, response="5f31e9a6fe08992737bacd47bf4131a5", qop=auth, nc=00000001, cnonce="33c8306da3831b3a"
To allow for other characters, and use chrome, I used following JS Code:
fetch(url,
{
method:'GET',
headers: {
'Authorization': 'Basic ' + btoa("root:root")
},
}
)
and the response is
GET /mjpg/video.mjpg?resolution=1920x1080&compression=70 HTTP/1.1
Host: 172.19.50.30
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://172.19.50.30/local/ipsloitering/index.html?&language=en-US
authorization: Basic cm9vdDpyb290
origin: http://172.19.50.30
Connection: keep-alive
HTTP/1.1 401 Unauthorized
Date: Tue, 11 Dec 2018 08:54:07 GMT
Server: Apache/2.4.27 (Unix) OpenSSL/1.0.2k
WWW-Authenticate: Digest realm="AXIS_00408CC561BC", nonce="LqVkObt8BQA=f5ede433bcdc7b2d1a7b12c0763156e9d45b8972", algorithm=MD5, qop="auth"
Content-Length: 381
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
How do I get the fetch() to use Digest, or what is causing this?
This is kind of strange. I make a rest post call to couchdb 2.0 to update the user database and I get back a 401 status message "error=bad_request" and "reason=Referer header must match host."
However if I change the "post" to "put", then it is happy and returns status of 201 as expected. I could continue use puts, but that isn't the standard.
Suggestions?
POST http://localhost:5984/_users/org.couchdb.user:test1 HTTP/1.1
Host: localhost:5984
Connection: keep-alive
Content-Length: 364
Pragma: no-cache
Cache-Control: no-cache
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
content-type: application/json
Accept: */*
DNT: 1
Referer: http://localhost:9000/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
Cookie: io=YBMMIY0pejGjeHV9AACO; AuthSession=foo
{
"_id":"org.couchdb.user:test1",
"_rev":"1-8e2136e07f62238327f87d1ae54a29df",
"type":"user","roles": "user"],
"name":"test1",
"email":"test1#foo.bar",
"fullName":"Test1 esq",
"phone":"555-555-5555",
"id":"org.couchdb.user:test1",
"password_scheme":"pbkdf2",
"iterations":10,
"derived_key":"0e076f6f85f1389fd90ff181d433e1438e8e30a4",
"salt":"37f590de042f07956f6cc11b8a9eb012"
}
Response
HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://localhost:9000
Access-Control-Expose-Headers: content-type, cache-control, accept-ranges, etag, server, x-couch-request-id, x-couch-update-newrev, x-couchdb-body-time
Cache-Control: must-revalidate
Connection: close
Content-Length: 67
Content-Type: application/json
Date: Thu, 29 Dec 2016 23:15:25 GMT
Server: CouchDB/2.0.0 (Erlang OTP/17)
X-Couch-Request-ID: b45ec52b5c
X-CouchDB-Body-Time: 0
{"error":"bad_request","reason":"Referer header must match host."}
**This works**
PUT http://localhost:5984/_users/org.couchdb.user:test1 HTTP/1.1
Host: localhost:5984
Connection: keep-alive
Content-Length: 364
Pragma: no-cache
Cache-Control: no-cache
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
content-type: application/json
Accept: */*
DNT: 1
Referer: http://localhost:9000/
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Cookie: io=62j8pWngSUNyLwKjAACX; AuthSession=xyyz
{
"_id":"org.couchdb.user:test1",
"_rev":"1-8e2136e07f62238327f87d1ae54a29df",
"type":"user",
"roles":["user"],
"name":"test1",
"email":"test1#foo.bar",
"fullName":"Test1 esq",
"phone":"555-555-5555",
"id":"org.couchdb.user:test1",
"password_scheme":"pbkdf2",
"iterations":10,
"derived_key":"0e076f6f85f1389fd90ff181d433e1438e8e30a4",
"salt":"37f590de042f07956f6cc11b8a9eb012"
}
So, you have troubles with mismatching referrer and expected host because of different port numbers. According to this https://github.com/couchbase/couchdb/blob/2.5.1.1/src/couchdb/couch_httpd.erl#L344
you can place X-Forwarded-Host header with your value - localhost:9000
I have written a servlet Filter in which I am trying to get the value of custom header=samlRequest, From rest client/postman chrome plugin i am getting the value of samlRequest, but using ajax call i have provide samlRequest key and its value but in java i am getting the only key samlRequest in "Access-Control-Request-Headers", how to get value of samlRequest.
$.ajax({
url: "http://indlin500.corp.test.com:31000/test/Portal/index.html",
type: "GET",
headers: { 'samlRequest': 'eJzVWVlz4roSfs6/oJhHJvECBkMRTsk2+2ow68stY8u2wBuWjQ2//srsyUlmJufOramTSjm41f '},
beforeSend: function(xhr){xhr.setRequestHeader('samlRequest', 'eJzVWVlz4roSfs6/oJhHJvECBkMRTsk2+2ow68stY8u2wBuWjQ2//srsyUlmJufOramTSjm41f ');},
success: function() { alert('Success!' + authHeader); }
});
FirewalledRequest[
weblogic.servlet.internal.ServletRequestImpl#4f839843[ OPTIONS
/testsOSS/Portal/index.html HTTP/1.1 Connection: keep-alive
Access-Control-Request-Method: GET Origin: http://10.19.121.17:7001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Access-Control-Request-Headers: authorization, samlrequest,
x-partnerkey Accept: / DNT: 1 Referer:
http://10.19.121.17:7001/authentication-uxf-login-0.0.1-SNAPSHOT/customLoginPage.html Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8
]]
Using chrome rest client plugin I am getting samlRequest in the header with value i have provided.
FirewalledRequest[
weblogic.servlet.internal.ServletRequestImpl#24d746a[ GET
/testOSS/Portal/index.html HTTP/1.1 Connection: keep-alive
Cache-Control: no-cache samlRequest: eJzVWVlz4roSfs6/oJhHJvECBkMRTsk2+2ow68stY8u2wBuWjQ2//srsyUlmJufOramTSjm41f User-Agent: Mozilla/5.0
(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/55.0.2883.87 Safari/537.36 Postman-Token:
ce7765d0-94b5-a1e1-d6ba-2abada3dfdd6 Accept: / DNT: 1
Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8
]]
When you make a cross-origin request from browser, the browser makes a preflight request before the actual request. It is an OPTIONS request, unlike the intended GET request.
Try adding a CORS filter before the actual filter which will reply OK for any OPTIONS request. A sample code can be found here :
https://amodernstory.com/2014/12/27/using-cors-headers-with-java-example/
by the way, you don't need to set header in request twice. You can remove the beforeSend block from the ajax request.
i have an iframe with src set to (let say) domainA.com and parent url is domainB.com, from this iframe i make an ajax call to domainA.com/ajax.asp, this works in chrome and firefox, but not with safari and IE. bellow are complete header request for chrome and safari.
REQUEST HEADER (Chrome)
POST /Ajax.asp HTTP/1.1
Host: domainA.com
Connection: keep-alive
Content-Length: 29
Accept: */*
Origin: http://test.takeoutmenuz.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://domainA.com/menu.asp?userid=1025
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,id;q=0.6
Cookie: userid=1025; ASPSESSIONIDAQCQASBD=IDGHMLJDBHOKJFBIKMCNDHDA; ZZZZZ=here
REQUEST HEADER (Safari)
POST /Ajax.asp HTTP/1.1
Host: domainA.com
Connection: keep-alive
Content-Length: 29
Accept: */*
Origin: http://test.takeoutmenuz.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://domainA.com/menu.asp?userid=1025
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,id;q=0.6
as you see, there is no Cookie header in safari, based on explanation from this page the problem is that Cookie stuff (if i not mistaken). how to make it work without Cookie, should i do something on response header in Ajax.asp or do something in ajax script (i already add withCredential field to it)?