I use addheader in webinject test:
addheader="__RequestVerificationToken: {PARSEDRESULT}"
In request debug header (in http.log) I see:
--RequestVerificationToken: TOKEN
I think it should be __RequestVerificationToken insted of --RequestVerificationToken
So I can not complete the request because of wrong header.
Am I doing something wrong?
Answer
The "__" characters should be escaped by adding a colon : character.
addheader=":__RequestVerificationToken: {PARSEDRESULT}"
The problem was described here
https://github.com/sni/Webinject/issues/25#issuecomment-324053146
Related
I am validating a domain field in the form. I am using Validators.pattern(this.domainPattern) for doing that.
I am using below pattern:
public domainPattern: string = "^(?:[a-z0-9][a-z0-9-]{0,61}[a-z0-9]\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$";
It works fine for many cases. But when there is a white space in domain it is not triggering pattern error. What I am missing?
Quick help will be highly appreciated.
Thanks.
Try this pattern:
(?(?<= )(?=[^ ])|^)(?:[a-z0-9][a-z0-9-]{0,61}[a-z0-9]\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]
I just added (?(?<= )(?=[^ ])|^), conditional which checks:
first it checks condition (?<= ) if what is preceeding is space, if it is, then check if what's after is not a space with (?=[^ ]), if the condition fails, then check if we are at the beginning of a string with ^.
Demo
UPDATE
OP said:
I want user to enter just one valid domain name. If user enters "google.com google.com" it should be treated as invalid
Then you could use this pattern
^(?!.* .*)(?:[a-z0-9][a-z0-9-]{0,61}[a-z0-9]\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$
Just added (?!.* .*) which checks if there's sapce in following line, if it is, then it won't match anything, as space indicated multiple domain names.
Another demo
I am actually got an Angular form which upload some files on a cloud, but those files could be in directories with subdirectories like
"directory/subdirectory/filename"
My form had some inputs, and I added a ng-pattern on a text input.
I can't accept sentence with "/" at first character like
/directory/subdirectory/filename
I am searching for a regex to deny any "/" until the first letter of a directory name.
So, correct way is:
directory/blabla;
and wrong way is:
/directory/blabla;
I tried [^/]* but it is detect all the '/' in my sentence.
Any idea please ?
This should do: ^[^\/]\S+$
The regex checks that the first character is not a '/', and then accepts every non-whitespace character till the end.
Demo
I need to pass tokens like b'//x0eaa#abc.com//x00//xf0//x7f//xff//xff//xfd//x00' in my Django Url pattern. I am not able to find matching regex for that resulting Page not found error.
My url will be like /api/users/0/"b'//x0eaa#abc.com//x00//xf0//x7f//xff//xff//xfd//x00'"/
I have tried with following regex
url(r'^api/users/(?P<username>[\w\-]+)/(?P<paging_state>[\w.%+-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,4})/$', views.getUserPagination),
Please pass the token in request header or body and then use accordingly in your view.
Considering there are some static predictable elements in your url like -
api/users/
/" before b
"/ at the end after '
So I can see the url in either of the 2 ways below. Regex's mentioned accordingly:
api/users/(set of words, digits or hyphens)/"(any character except newline)"/
REGEX: ^api\/users\/([\w\d\-]+)\/"(.*)"\/$
URL: url(r'^api\/users\/([\w\d\-]+)\/"(.*)"\/$', views.getUserPagination),
api/users/(set of words, digits or hyphens)/"(one character-b)'//(any no. of words or digits)#(any no. of words or digits).(any no. of words or digits) (any no. of words, digits, front slashes)'"/
REGEX: ^api\/users\/([\w\d\-]+)\/"([a-g]'\/\/[\w\d]*#[\w\d]*.[\w\d]*[\/\w\d]*')"\/$
URL: url(r'^api\/users\/([\w\d\-]+)\/"([a-g]'\/\/[\w\d]*#[\w\d]*.[\w\d]*[\/\w\d]*')"\/$', views.getUserPagination),
You should be able to use either of the above two. There can be multiple ways to match the token part in your url. So unless it is a big security concern, you can do with the simplest approach as mentioned in point 1.
I'm working on script that would show potentially dangerous HTTP requests, but I don't know how to filter URI in HTTP request correctly. The idea is to look if any URL is contained in GET parameters, but ignore the URLs which are added to GET parameter with specified word (for example - GET parameter with name goto can contain any URL. So if there is starting line of request like this ...
GET /check/request?first=1&second=http://domain.tld/something&third=3 HTTP/1.1
... there must be match. In case we have other request's starting line like ...
GET /check/request?goto=http://domain.tld/something HTTP/1.1
... this one should be ignored.
Base regex which matches any line with URL is:
^(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$
I was trying to modify it correctly, but my version only matches lines which contains word goto in URL itself, not as parameter:
^(GET|POST).*\?.*(?!.*goto)\=http\:\/\/.* HTTP\/.*$
Any help would be appreciated.
UPDATE
^(GET|POST).*\?.*(?<!goto)\=http\:\/\/.* HTTP\/.*$
Check here
You probably meant lookbehind to http://.* rather than lookahead to .*:
^(GET|POST).*\?.*(?<!goto)\=http\:\/\/
Please see an example on regex101.
I am trying to exclude gmail's requests from Live Http headers, but I cant
seem to get the exclude reg ex to work.
My exclude regex is this: .gif$|.jpg$|.ico$|.css$|.js$|.*mail.google.com.*
Any ideas/suggestions?
I have had the same problem and its soultion was stupid simple:
do you have enabled the check box ("exclude URL by RegExp" (or similar - I have only the german version))?
Hint: you do need to add the .* at start and end of your expression, because the request will be excludes if it contains the pattern (is must not match the complate url).
I think. You sould use "\." to catch a dot. Dot without slash is any symbol.
Like this:
\.gif$|\.jpg$|\.ico$|.css$|\.js$|.*mail\.google\.com.*