I am trying to send form data to a webservice but below "Request Header" in the "Network" of the Chrome DOM I got the origin evil.example and referer "localhost:8080".
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:nb-NO,nb;q=0.8,no;q=0.6,nn;q=0.4,en-US;q=0.2,en;q=0.2
Connection:keep-alive
Content-Length:91
Content-Type:application/x-www-form-urlencoded; charset=UTF-8;
Host:office.insoft.net:9091
Origin:http://evil.example/
Referer:http://localhost:8080/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2230.0 Safari/537.36
I want to change to another origin and "localhost:8080" would be the best origin.
How do I resolve that problem?
The overwrite of the header origin is caused by Allow-Control-Allow-Origin: * chrome extension.
Link to the extension
Try disabling this extension in order to solve your problem.
To create a jupyter_notebook_config.py file if it is not there, , you can use the following command line from ~/.jupyter:
$ jupyter notebook --generate-config
Uncomment this
c.NotebookApp.allow_origin = '*'
Related
Problem 1: (resolved - Thanks #Ranjith Thangaraju)
I tried to access this website via postman, but I can't do this because I got an error: https://i.stack.imgur.com/Dmfj8.png
Then when I try to access it on chrome - there's no restriction at all - I can access it: https://finance.vietstock.vn/
Could someone please help me to explain or help with this?
I'm sorry if someone else had the same issue and it is fixed, if you see some other similar, please point me the direction on that
Problem 2:
When I access this page [https://finance.vietstock.vn/CEO/phan-tich-ky-thuat.htm],
there is one of the APIs that I've tried to call from the postman but I couldn't, could you please point me a solution for this?
Chrome: https://i.stack.imgur.com/RTfsM.png
Postman: https://i.stack.imgur.com/2P2Qe.png
Go to Headers -> Click on Bulk Edit
Add the Following Lines
Host: finance.vietstock.vn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Then Hit Send!! ;)
I have requested an api by postman but it didn't response required page, however it says: Request is missing required HTTP header ''
When I went to website developer section/Network tab in XHR, it shows required output.
Request Headers: Accept:application/json, text/plain, / Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8 Connection:keep-alive Host:panthera.api.yuppcdn.net Origin:test.com Referer:test.com User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36 Query String Parameters view source view URL encoded
How can I resolve this?
Please help.
Request an API contract from the developer who's API you are invoking. This API contract must contain what headers are required for the successful invocation of the API.
If it a public API it should also contain its contracts published or documented on the respective site from where you are referring the API specs.
I'm using Jmeter to test my Jira instance. I recorded a login and a Scrumboard action.
When I want to replicate this using 2000 users I am getting an error.
I know this is because of the Token in needs.
How can I create a regex for finding the token?
I am doing a request to the server that looks like this
GET httb://SOMESERVERON.intranet:8080/secure/Dashboard.jspa
Cookie Data:
JSESSIONID=#IDNUMBER; atlassian.xsrf.token=#TOKENNUMBER
Request Headers: Connection: keep-alive Referer:
httb://SOMESERVERON.intranet:8080/plugins/servlet/gadgets/ifr?container=atlassian&mid=0&country=UK&lang=en&view=default&view-params=%7B%22writable%22%3A%22false%22%7D&st=atlassian%3AWYF9KCckTIxHKei%2BvMoCPKoa3LOkMGPilSEdaSqyqEFKIPnF0I3YcZDdKdElV0s%2B9%2FqBhMWhS2Qyvo7m0F2f3uTB3JBeKZF8Ou3EimeszE1Ms1IPMqDoYcVgPdF1CaQnnrANHwH1KhR1UxUlHed7VOyRPmfI26rO2FU65FQbvNuIZADHLRt1v8lF52vBeCqi6aSfyrfGau2lv3JDL4HVQv3dDmt%2FudFaX3a05CS94ncoGr0s&up_isPublicMode=false&up_isElevatedSecurityCheckShown=false&up_loginFailedByPermissions=false&up_externalUserManagement=false&up_loginSucceeded=false&up_allowCookies=true&up_externalPasswordManagement=&up_captchaFailure=false&up_isAdminFormOn=false&url=http%3A%2F%2Flrv142c3.europe.intranet%3A8080%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.atlassian.jira.gadgets%2Fgadgets%2Flogin.xml&libs=auth-refresh
Accept-Language: nl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip,
deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0)
Gecko/20100101 Firefox/34.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Host:
http://SOMESERVERON.intranet:8080
So I know to look for this part
name="atlassian-token" content="TOKENKEY"
But what is the RegEx that I need to find the token and put it in a parameter that I can re use.
Regular Expression: name="atlassian-token" content="(.+?)"
Hope this will help.
For handling both JSESSIONID and atlassian-token cookies just add a HTTP Cookie Manager, JMeter is smart enough to deal with them automatically.
I've never visited one website before, for the first time I visit this website and try to login, I use fiddler to monitor the post data,
in the http post header, there's already cookie in there. how would that happen?
How can I generate a cookie to auto login the website?
The following is the raw header.
POST https://us.battle.net/login/en/?ref=&app= HTTP/1.1
Host: us.battle.net
Connection: keep-alive
Content-Length: 64
Cache-Control: max-age=0
Origin: https://us.battle.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.77 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://us.battle.net/login/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,en-GB;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: perm=1; __utma=134253166.2032096419.1344959743.1344959743.1344959743.1; __utmb=134253166.2.10.1344959743; __utmc=134253166; __utmz=134253166.1344959743.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)
accountName=aaaa%40me.com&password=password&persistLogin=on
The cookie could have been generated on the GET request when you visited the login page.
Alternatively, although you haven't directly visited a website, it may have been integrated into another website you have visited, for example in an iframe. This is common with ad networks for example.
how can i create a batch that can send HTTPS requests ?
byfar i used Fiddler Request Builder so i can send requests like:
GET https://website.com/index.aspx?typeoflink=**[HERE-VARIABLE-FROM-FILE]**&min=1 HTTP/1.1
Accept: */*
Referer: https://website.com/index.aspx?chknumbertypeoflink&min=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: website.com
Connection: Keep-Alive
Cookie: cookieverrylongstringD%FG^&N*MJ( CVV%^B&N*&*(NHN*B*&BH*&H
But i have to mannualy change the variable NOT GOOD...
So the script would send many Requests and just changing the [HERE-VARIABLE-FROM-FILE] variable
The variables are textnames in a file (one variable per line)
if this could be done in a batch file or vbs or jscript or anything!
Thanks in advance!
adam
One way would be to download a version of curl for Windows, and then write a batch file that invokes curl.
set TYPEOFLINK=foo
curl https://website.com/index.aspx?typeoflink=%TYPEOFLINK%&min=1 > savedfile
I'm going to assume Windows because you mention Fiddler.
You can use curl which runs under cygwin.
curl is a command line tool which will allows you to initiates GET requests.