I'm trying to make a HTTP POST request using ab to a form built with django.
I'm using the following line:
ab -n 10 -C csrftoken=my_token -p ab_file.data -T application/x-www-form-urlencoded http://localhost:8000/
My ab_file.data looks like this:
url=my_encoded_url&csrfmiddlewaretoken=my_token
It always returns a 403 status code.
When I use curl using the same parameters, it works. The curl line:
curl -X POST -d "url=my_encoded_url&csrfmiddlewaretoken=my_token" --cookie "csrftoken=my_token" http://localhost:8000/
How can I do that?
File must have a properly url-encode data. If you url-encode manually, it is too easy to have typos like blanks wrong encodes. Best do it programmatically.
See an another answer: Apache Bench and POST data
on how to use Python to create such file ( ex: post.data)
Then use:
ab -T 'application/x-www-form-urlencoded' -n 10 -p post.data http://localhost:8080/
When using ab, the entire contents of the data file must be wrapped onto a single line - it fails silently if it's normally expanded JSON. So a post from a data file that works fine with curl will fail with ab until you do this.
Tip: If using Atom or VSCode, select all and hit Cmd-J to wrap everything to one line.
#jacobm654321,
for sure, the best thing to do is encode the URL programmatically. But my problem wasn't that. My problem is that the file containing the post data had a blank line at end of file. EditorConfig put it there. After remove that blank line, everything worked well.
Thanks anyway.
Related
I'm trying to use API scanner Docker image as described here: https://www.zaproxy.org/blog/2017-06-19-scanning-apis-with-zap/ and I want to do some requests replacement using regexp. I'm using command:
docker run -v $(pwd):/zap/wrk/:rw --network=host -t owasp/zap2docker-weekly zap-api-scan.py --hook=/zap/wrk/authentication-hooks.py -t docs/openapi.yaml -f openapi -w output/oppenapi.md -z "-configfile /zap/wrk/zapproxy.prop" -d
with "zapproxy.prop":
replacer.full_list(0).description=customerId
replacer.full_list(0).enabled=true
replacer.full_list(0).matchtype=REQ_HEADER_STR
replacer.full_list(0).matchstr=/api/customers/\d+
replacer.full_list(0).regex=true
replacer.full_list(0).replacement=/api/customers/1
and the replacement doesn't work for URL I want to modify: GET /api/customers/10. The same rule used via GUI works just fine.
I've also tried:
replacer.full_list(0).description=customerId
replacer.full_list(0).enabled=true
replacer.full_list(0).matchtype=REQ_HEADER_STR
replacer.full_list(0).matchstr=/api/customers/10
replacer.full_list(0).regex=false
replacer.full_list(0).replacement=/api/customers/1
it also works fine.
Simon Bennetts suggested to check how GUI saves those settings: https://www.zaproxy.org/faq/how-do-you-find-out-what-key-to-use-to-set-a-config-value-on-the-command-line/. As you can see - there aren't any esacapes in mastchstr.
Is there something that I need to do to pass this regex correctly?
Escaping was the issue:
replacer.full_list(0).description=clientId
replacer.full_list(0).enabled=true
replacer.full_list(0).matchtype=REQ_HEADER_STR
replacer.full_list(0).matchstr=/api/customers/\\d+
replacer.full_list(0).regex=true
replacer.full_list(0).replacement=/api/customers/2
I am trying to parse the log file generated by my RDS instance using pgBadger, so far with no results.
The log_line_prefix is set to %t:%r:%u#%d:[%p]:
A sample line in the log file looks like :
2019-09-24 17:19:25 UTC:172.31.10.173(53224):username#database:[12829]:LOG: execute <unnamed>: SELECT 1
I am using pgbadger with this command:
./pgbadger -p "%t:%r:%u#%d:[%p]:" postgresql.log.2019-09-24-17 -o pgbadger_rdsinstance.html
It throws the below error
Unmatched ( in regex; marked by <-- HERE in m/^(?:\d+-\d+-\d+T\d+:\d+:\d+\.\d+Z)?\s*(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)\s*[^:]*:( <-- HERE [^\(:]+\(\d+\):([^\#]+)\#([^:]+):\[(\d+)\]:(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})(?: [A-Z\+\-\d]{3,6})?:([a-zA-Z0-9\-\.]+|\[local\]|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[0-9a-fA-F:]+)?[\(\d\)]*:([0-9a-zA-Z\_\[\]\-\.]*)#([0-9a-zA-Z\_\[\]\-\.]*):\[(\d+)\]:(LOG|WARNING|ERROR|FATAL|PANIC|DETAIL|STATEMENT|HINT|CONTEXT|LOCATION):\s+(.*)/ at ./pgbadger line 2430.
Not sure what should be the correct pattern here. Looks like it isnt able to parse 172.31.10.173(53224).
I tried by escaping the parenthesis like : %t:%r\\(%a\\):%u#%d:[%p]:, but that doesnt help.
I parsed a sample log file by removing this (53224) part, and it works just fine.
What should be the correct pattern for this prefix?
If this is pgBadger 11.1 or newer, you can try using --format rds and remove --prefix. I guess this is a new bug that needs to be reported, but at least --format rds worked for me.
Reading the manual page, it seems like -post_data always accepts data from stdin. But I'd like to pipe HTML into lynx, too. Can I do both, preferably using something like
$ generate_html | lynx --stdin -dump -post_data='mydata'
I'm trying to use procmail to send emails to a PHP script so the script will check a MySQL database and edit the subject line based on the sender email. I believe I've got a working procmail to do this:
:0:
* ^To:.*#barrett.com
! '/usr/local/bin/php-5.2 -f $HOME/ticket/emailcustcheck.php'
However, I'm not sure exactly how procmail executes the command. How does the email get passed to the PHP script, and therefore, how do I refer to it inside the script?
The correct syntax for piping to a script is
:0 # no lock file
* ^To:.*#barrett\.com
| /usr/local/bin/php-5.2 -f $HOME/ticket/emailcustcheck.php # no quotes, use pipe
The ! action would attempt to forward to an email address, but of course, the long quoted string with the path to your PHP interpreter is not a valid email address.
If you need locking (i.e. no two instances of this PHP script are allowed to run at the same time), you need to name a lock file; Procmail cannot infer a lock file name here, so the lock action you had would only produce an error message anyway. If you are uncertain, adding a named lock file is the safer bet, but if you don't have concurrency issues (such as, the script needs to write to a database while no other process is using the database) it should not be necessary, and could potentially slow down processing.
The condition regex also looks somewhat imprecise, but I can only speculate that you might want to trigger on Cc mail as well as direct To:. Look up the ^TO_ macro in the documentation if so.
The script gets the message as its standard input; it should probably read all input lines to an array, or split into two arrays so that everything before the first empty line goes into the "headers" array and the rest goes into the "body" array. Or perhaps PHP has some class which can read an email message into an object from standard input.
:0 wf
* ^To:.*#barrett\.com
| /usr/local/bin/php-5.2 -f $HOME/ticket/emailcustcheck.php
The f tells procmail that you are going to filter the message ie change it.
The w Wait for the filter or program to finish and check its exitcode.
If you want to work only on the body of the message you must add the flag b
If you want to work only on the header of the message you must add the flag h
I think I've written maybe one shell script my entire life, and I'm not even sure if it's possible to do this, but I'm trying to write a script that will ftp the contents of a directory, one at a time. That is, it'll ftp one and then close the connection, then ftp the second, and close that etc. This is because there may be up to five files in a directory all of which are a minimum of 2GB each. FTPing them all at once always results in a reset connection. I thought that if I could match by partial filename, then perhaps that will help, as they are all named the same way.
So, in a directory, it'll have:
SampleFileA_20100322_1.txt
SampleFileA_20100322_2.txt
SampleFileB_20100322_1.txt
SampleFileC_20100322_1.txt
I'd like to ftp SampleFileA_xxxx_1 first, then SampleFileA_xxxx_2, etc. This is the current ftp script, which tries to download everything all at once...
#!/bin/bash
REMOTE='ftp.EXAMPLE.com'
USER='USERNAME'
PASSWORD='PASSWORD'
FTPLOG='/tmp/ftplog'
date >> $FTPLOG
ftp -in $REMOTE <<EOF
_FTP>>$FTPLOG
quote USER $USER
quote PASS $PASSWORD
bin
cd download
mget *
quit
_FTP
:wq!
based on your question I think you need something like
files=`ls Sample*txt`
for file in $files
do
run_ftp_function $file
done
you'll need to setup "run_ftp_function" to do the send (like you already have) using $1 as the file to send