Scanning a rest api web service using acunetix - web-services

I have a request post the send in acunetix scanner , but don't know how to send it and how to specify the post method , because when i added the headers in the "custom headers" option in acunetix scanner i got the get method sendded instead of the post one .
This is my request to send:
POST /Test/new_date HTTP/1.1
Host: app-test-ext
Content-Type: application/json
Cache-Control: no-cache
{UserName:test01,Password:poper}

Related

eBay post-order api

Trying to learn the eBay post-order api using Postman. I have put together a simple check_eligibility call using a listing to see how it works. The PostMan http call follows.
POST /post-order/v2/inquiry/check_eligibility HTTP/1.1
Host: api.ebay.com
X-EBAY-API-IAF-TOKEN: TOKEN AgAAAA**AQAAAA**aAAAAA**0QqhYQ**........
Content-Type: application/json
X-EBAY-C-MARKETPLACE-ID: EBAY_US
Accept: application/json
{ /* CheckInquiryEligibilityRequest */
"itemId": 125119365456,
"transactionId": 0
}
No matter how I structure the call I get a 401 unauthorized return. I am using a Auth'n'Auth token which according to eBay documentation, https://developer.ebay.com/DevZone/post-order/concepts/MakingACall.html#example, is acceptable.
Any thoughts?
Thank you in advance.

Google Photos REST API "pageSize" and "pageToken" parameters causing 400 Bad Request

I'm trying to get all media items in my Google Photos library and referred following documentation link.
https://developers.google.com/photos/library/guides/list
Documentation says client can request pages using pageSize and provided following example.
GET https://photoslibrary.googleapis.com/v1/mediaItems
Content-type: application/json
Authorization: Bearer OAUTH2_TOKEN
{
"pageSize":"100",
}
i think the comma after 100 is a documentation error and i removed it from request, but whenever i add pageSize (or pageToken) parameter, server always return with 400 Bad Request <p>Your client has issued a malformed or illegal request.<ins>That’s all we know.</ins>
Here are some example REST API calls i tried
GET /v1/mediaItems HTTP/1.1
Host: photoslibrary.googleapis.com
Content-Type: application/json
Authorization: Bearer xxx
{
"pageSize":10
}
GET /v1/mediaItems HTTP/1.1
Host: photoslibrary.googleapis.com
Content-Type: application/json
Authorization: Bearer xxx
{
"pageSize":"10"
}
GET /v1/mediaItems HTTP/1.1
Host: photoslibrary.googleapis.com
Content-Type: application/json
Authorization: Bearer xxx
{
"pageToken":"blha blha"
}
Please note that whenever i removed the json from request body, it start returning 200 OK with predefined pageSize. but i would like to control the pageSize and request next pages using pageToken.
Thanks for any guidance on this matter.
I just started looking at this too. Those parameters shouldn't be passed in the body. They are query parameters. So something like this:
https://photoslibrary.googleapis.com/v1/mediaItems?pageSize=100
That worked for me at least. Check out further documentation at https://developers.google.com/photos/library/reference/rest/v1/mediaItems/list to review information about the query parameters.

identifying the proper syntax for using HTTP dataset in ADFv2

I am able to successfully use Postman to authenticate and subsequently get data housed within a sandbox but I cannot figure out how to specify the same data within ADFv2.
I'm expecting to retrieve, temporarily store and later use a bearer token that this API generates. This token is then used in the second step that actually downloads the data I want in JSON format.
For the Authentication step, Postman generates code that looks this:
POST /v1/oauth/token HTTP/1.1
Host: api.sandbox.COMPANY.com
Ocp-Apim-Subscription-Key: MYKEY
Content-Type: multipart/form-data; boundary=----
WebKitFormBoundaryALPHANUM
cache-control: no-cache
Postman-Token: MYTOKEN
Content-Disposition: form-data; name="key"
MYKEY
Content-Disposition: form-data; name="grant_type"
vapi_key
------WebKitFormBoundaryALPHANUM--
I've created a linked HTTP and REST connection in ADFv2 with the base URL of "https://api.sandbox.COMPANY.com" and using no authentication.
I cannot figure out how to translate the functional Postman connection to a way that ADFv2 will work. Thoughts?
You could check this example.
https://learn.microsoft.com/en-us/azure/data-factory/connector-http#dataset-properties

HTTP/1.1 500 Internal Server Error when calling Web Service from .NET Client

I'm trying to connect to a https web service (not .NET as far as I know).
I can't control the other side in any way, I just got some standards and a wsdl to operate
with it.
I have created at first the client using Add Service Reference, tried some things until I get through some problems, where one most serious was that I couldn't add the Authentication header to the message which was resulting in fail.
Added the service using old Add Web Reference and seemed more easily managed and appropriate, using a partial class and override the GetWebRequest, I added this code so I can preauthenticate with the service and add the security header, which they don't mention in the wsdl link. I know that it is not mandatory for services to tell this but it would be nice my Web Service creators fellow developers.
protected override WebRequest GetWebRequest(Uri uri)
{
HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(uri);
if (PreAuthenticate)
{
NetworkCredential networkCredentials = Credentials.GetCredential(uri, "Basic");
if (networkCredentials != null)
{
byte[] credentialBuffer = new UTF8Encoding()
.GetBytes(networkCredentials.UserName + ":" + networkCredentials.Password);
request.Headers["Authorization"] = "Basic" + Convert.ToBase64String(credentialBuffer);
}
else
{
throw new ApplicationException("No network credentials");
}
}
return request;
}
To call the service I added this code:
using (Service client = new Service()) // autogenerated Service class
{
client.EnableDecompression = true;
// Create the network credentials and assign
// them to the service credentials
NetworkCredential netCredential = new NetworkCredential("test1", "test1");
Uri uri = new Uri(client.Url);
ICredentials credentials = netCredential.GetCredential(uri, "Basic");
client.Credentials = credentials;
// Be sure to set PreAuthenticate to true or else
// authentication will not be sent.
client.PreAuthenticate = true;
// Make the web service call.
Request req = new Request { UserName = "test2", Password = "test2"; // an object created from autogenerated code
RequestResult result = client.processMessage(req); // autogenerated code
}
While testing this call and checking with fiddler my request. I see 2 calls a keep alive call with these header, nothing special.
CONNECT server:443 HTTP/1.1
Host: server
Connection: Keep-Alive
Sending 570 returning a 200 result.
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 00:05:13.743
Connection: close
And the call with the data sending 571 result 500 error:
POST /host/Service HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5448)
Authorization: BasicdXNlcOTc3MzQyMGTDFTR4dftfrdg5 // changed this hash for security reasons
VsDebuggerCausalityData: // Removed this hash for security reasons
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Host: server-host-url
Content-Length: 7238
Expect: 100-continue
Accept-Encoding: gzip
Connection: Keep-Alive
The error exception in .NET client:
Error on verifying message against security policy Error code:1000
As you see the Authorization header exist. I also tried with adding a space after Basic you can see above where exactly in the overriden method, and seemed fiddler recognized it better and also decoded the username:password header.
This results into that response:
HTTP/1.1 500 Internal Server Error
Date: Sat, 21 Apr 2012 21:05:22 GMT
Server: Oracle-Application-Server-11g
X-Powered-By: Servlet/2.5 JSP/2.1
X-Cnection: close
Transfer-Encoding: chunked
Content-Type: text/xml;charset="utf-8"
Content-Language: en
X-Pad: avoid browser bug
Set-Cookie: BIGipServerpoolXoas243_254_9999=437682499.99988.0000; path=/
The strange thing I wonder first is if the first call should be preauthenticated, the handshake keep alive one? This 500 error I know that causes when authentication header is not present, but mine is. Preauthentication is what I need to know how it should happen and I guess it's not working if it should appear in the 1st message.
Another strange thing is that if I change the 2 pairs of passwords opposite, I see on fiddler that I get 3 messages, 1 with the handshake and result in 200 and "TWO" others with 401 Authorization Required.
This drives me crazy. Any help appreciated to save my soul.
Thank you!

Cookie is not getting set in HTTP request in JAXWS when it's set using context

I am trying to set cookie from client using below code snippet, I am using JAXWS RI 2.2.3.
Map<String, Object> ctxt = ((BindingProvider) portType).getRequestContext();
Map<String, List<String>> httpHeaders = new HashMap<String, List<String>>();
httpHeaders.put("Content-Encoding", Collections.singletonList("gzip"));
httpHeaders.put("Cookie", Collections.singletonList(cookie));
ctxt.put(MessageContext.HTTP_REQUEST_HEADERS, httpHeaders);
From the SOAP log I see that Cookie is not getting set, but it's set in the context header.
Any other header is getting set except Cookie and I am not able to find out the reason.
I need to get a session from one service and set it to another service to work with it, but I am not able to do so here.
HTTP headers: {Cookie=[mysession="529fc605-8188-7f3b-21ad-92407976d5a9";], Accept-Encoding=[gzip], Content-Encoding=[gzip]}
---[HTTP request - https://10.112.83.155:443/eam/sdk/]--- Accept: text/xml, multipart/related Accept-Encoding: gzip Content-Encoding: gzip Content-Type: text/xml; charset=utf-8 [] Set-Cookie: vmware_soap_session="529fc605-8188-7f3b-21ad-92407976d5a9"; SOAPAction: "urn:internaleam/2.0" User-Agent: JAX-WS RI 2.2.3-b01-
This was a bug in JAX-WS. Bug link: JAX_WS-1044
Currently fixed in JAX-WS 2.2.7 which is not yet released.