I've never visited one website before, for the first time I visit this website and try to login, I use fiddler to monitor the post data,
in the http post header, there's already cookie in there. how would that happen?
How can I generate a cookie to auto login the website?
The following is the raw header.
POST https://us.battle.net/login/en/?ref=&app= HTTP/1.1
Host: us.battle.net
Connection: keep-alive
Content-Length: 64
Cache-Control: max-age=0
Origin: https://us.battle.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.77 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://us.battle.net/login/en/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,en-GB;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: perm=1; __utma=134253166.2032096419.1344959743.1344959743.1344959743.1; __utmb=134253166.2.10.1344959743; __utmc=134253166; __utmz=134253166.1344959743.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)
accountName=aaaa%40me.com&password=password&persistLogin=on
The cookie could have been generated on the GET request when you visited the login page.
Alternatively, although you haven't directly visited a website, it may have been integrated into another website you have visited, for example in an iframe. This is common with ad networks for example.
Related
We have a requirement to generate images on the fly and cache using CDN. For this we have configured a backend service with a load balancer enabled cloud CDN. We are using Nginx proxy server. We have added headers specified in the Google cloud CDN docs, but unfortunately it is not caching.
Request:
GET /resize?size=l&url=https://example.com/image.jpeg HTTP/1.1
Host: resize.example.com
Request Headers:
Host: resize.example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Response headers:
HTTP/1.1 200 OK
Server: nginx/1.17.2
Date: Wed, 15 Jan 2020 15:01:14 GMT
Content-Type: image/jpeg
Content-Length: 62771
cache-control: max-age=86400, public, s-maxage=86400
Via: 1.1 google
I suggest you a couple of pages that could help you.
a) Not all HTTP responses are cacheable. Cloud CDN caches only those responses that meet all the requirements in this section. Some of these requirements are specified by RFC 7234, and others are specific to Cloud CDN.
Cacheability for HTTP responses
Responses aren't being cached--Troubleshooting
The following example demonstrates using curl to check the HTTP response headers for http://example.com/style.css:
$ curl -s -D - -o /dev/null http://example.com/style.css
HTTP/1.1 200 OK
Date: Tue, 16 Feb 2016 12:00:00 GMT
Content-Type: text/css
Content-Length: 1977
Via: 1.1 google
Although perhaps because of the added response, you may have already read it.
I have recently set Cloudfront to cache files (images, css and javascript):
It requires me to clear cache manually from within the browser sometimes to get the new file.
Caching files within Cloudfront is really tough - A week ago - I tried enabling GZIP compression on Cloudfront and noticed that until I didn't add my file to the "Invalidaion" table - the file wasn't displayed updated on my website.
(I cleared cache from my browser and this didn't help either btw)
Is there any "smart" way for caching on Amazon Cloudfront?
Something like: "if the file has been updated - send the new file (as gzip of course). "
Here are my headers:
Request URL:https://abc.cloudfront.net/live/static/rcss/bootstrap3.min.css
Request Method:GET
Status Code:200 OK
Remote Address:77.77.77.77:443
Referrer Policy:no-referrer-when-downgrade
Response Headers
HTTP/1.1 200 OK
Content-Type: text/css
Connection: keep-alive
Date: Sun, 07 May 2017 08:14:04 GMT
Last-Modified: Wed, 26 Apr 2017 08:43:05 GMT
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 abc.cloudfront.net (CloudFront)
X-Amz-Cf-Id: abc-iuxzccRYcxce8LjxzcDeYdasdehHqFJGj80iczxcz8Q4asdDpWg==
Request Headers
Accept:text/css,*/*;q=0.1
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:abc.cloudfront.net
Pragma:no-cache
Referer:https://example.com/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
If there is anything else I can add to my post - please do ask.
I need to call aws mobile analytics KIP's api (http://docs.aws.amazon.com/mobileanalytics/latest/ug/drs-querying-kpis-lifetime-count.html) but I am stuck with how headers for this request should be passed.
I have gone through their api reference.
What is the header format for calling this api?
Here is an example of my raw Headers for one of my requests:
Host: mobileanalytics.us-east-1.amazonaws.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: application/hal+json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Amz-Date: 20161024T192952Z
X-Amz-Security-Token: INSERT_SECURITY_TOKEN
Authorization: AWS4-HMAC-SHA256 Credential=INSERT_CREDENTIAL/20161024/us-east-1/mobileanalytics/aws4_request, SignedHeaders=accept;host;x-amz-date;x-amz-security-token, Signature=INSERT_SIGNATURE
Connection: keep-alive
Be sure to include the Accept header:
Accept: application/hal+json
I'm using Jmeter to test my Jira instance. I recorded a login and a Scrumboard action.
When I want to replicate this using 2000 users I am getting an error.
I know this is because of the Token in needs.
How can I create a regex for finding the token?
I am doing a request to the server that looks like this
GET httb://SOMESERVERON.intranet:8080/secure/Dashboard.jspa
Cookie Data:
JSESSIONID=#IDNUMBER; atlassian.xsrf.token=#TOKENNUMBER
Request Headers: Connection: keep-alive Referer:
httb://SOMESERVERON.intranet:8080/plugins/servlet/gadgets/ifr?container=atlassian&mid=0&country=UK&lang=en&view=default&view-params=%7B%22writable%22%3A%22false%22%7D&st=atlassian%3AWYF9KCckTIxHKei%2BvMoCPKoa3LOkMGPilSEdaSqyqEFKIPnF0I3YcZDdKdElV0s%2B9%2FqBhMWhS2Qyvo7m0F2f3uTB3JBeKZF8Ou3EimeszE1Ms1IPMqDoYcVgPdF1CaQnnrANHwH1KhR1UxUlHed7VOyRPmfI26rO2FU65FQbvNuIZADHLRt1v8lF52vBeCqi6aSfyrfGau2lv3JDL4HVQv3dDmt%2FudFaX3a05CS94ncoGr0s&up_isPublicMode=false&up_isElevatedSecurityCheckShown=false&up_loginFailedByPermissions=false&up_externalUserManagement=false&up_loginSucceeded=false&up_allowCookies=true&up_externalPasswordManagement=&up_captchaFailure=false&up_isAdminFormOn=false&url=http%3A%2F%2Flrv142c3.europe.intranet%3A8080%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.atlassian.jira.gadgets%2Fgadgets%2Flogin.xml&libs=auth-refresh
Accept-Language: nl,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip,
deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0)
Gecko/20100101 Firefox/34.0 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Host:
http://SOMESERVERON.intranet:8080
So I know to look for this part
name="atlassian-token" content="TOKENKEY"
But what is the RegEx that I need to find the token and put it in a parameter that I can re use.
Regular Expression: name="atlassian-token" content="(.+?)"
Hope this will help.
For handling both JSESSIONID and atlassian-token cookies just add a HTTP Cookie Manager, JMeter is smart enough to deal with them automatically.
Good morning all,
I have a web app using Classic ASP, hosted on IIS 7.5. I need to create a word document and stream back to the client for display, however when the document is streamed into the response something (an IIS setting?) is causing a 401 error - and i cannot track it down.
A colleague very kindly furnished me with some C++ code which deals with the document building & streaming and an ASP page which builds the COM objects and makes the calls etc.
The document starts life as a template in an IIS virtual directory outside my ASP application. We make a copy, do some find and replace actions and then stream it into the response with the correct MIME type for the browser to handle it however it sees fit.
It seems as soon as the streaming takes place (via a call to ASPTypeLibrary::IResponsePtr piResponse->BinaryWrite()) the 401 response is sent back, until that moment the response looks fine.
The site uses Forms authentication, and i have by this point signed in, the request i see in fiddler definitely has valid session data and the rest of the site is happy with my authentication.
Any ideas? (he asks with a note of desperation)
p.s. I realise i haven't listed all the code, i can if it helps though...
The plot thickens...
I have had success using the ASP page to stream the file into the output using and ADODB.Stream object.
When this is successful Fiddler picks up two HTTP request/responses; the first request gets a 401 back, then the browser sends another request with different cookie data which returns a successful result.
When my COM object is used two requests occur, but the second request also receives a 401...
Points to some security setting to do with COM object? Something i am not adding to the response with the COM object?
As per my response to Eric, my colleague worked a bit of magic and got the thing working, i am still a little confused about why it was caused though...
The line which Magic Al changed was this one:
piResponse->AddHeader( _T("Content-Length"), (LPCTSTR)Length );
Which is called while the response is being built up and what he did was comment it out.
Apparently he noticed that the length written by the BinaryWrite was coming out 13 bytes larger than the length of the file. He tells me that this may be because it is writing out the reserved WORD blocks from the Variant it is given.
So the response header is a bit mangled and the result is an HTTP violation error in fiddler which i had overlooked and somewhere in between client and COM object the mangled 200 response is replaced with a 401.
I guess the moral of this story is that you should always pay attention to fiddler errors and to ensure your Content-Length is correct.
My new question is why 401? why not a 500? And what is likely to be throwing this out? is it coming from IIS?
This is the HTTP text fiddler registers for the exchange:
GET GET [The page address - its on localhost and is an ASP page] HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: localhost
Cookie: SessionUID={E41F5378-FBE2-475E-8F9A-6416AFE2BAA0}; DisplayMethod=0; ShowDataTips=1; LOGONUSER={UserName Info}ASPSESSIONIDQARAQRBD={Session ID} Authorization: Negotiate YH8GBisGAQUFAqB1MHOgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI/BD1OVExNU1NQAAEAAACXsgjiCwALADIAAAAKAAoAKAAAAAYBsR0AAAAPRE9DREVWLUpDV0RFVkVMT1BNRU5U
HTTP/1.1 401 Unauthorized
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
WWW-Authenticate: Negotiate oYIBYTCCAV2gAwoBAaEMBgorBgEEAYI3AgIKooIBRgSCAUJOVExNU1NQAAIAAAAWABYAOAAAABXCieJQEtMwe36vajD3zwEAAAAA9AD0AE4AAAAGAbEdAAAAD0QARQBWAEUATABPAFAATQBFAE4AVAACABYARABFAFYARQBMAE8AUABNAEUATgBUAAEAFABEAE8AQwBEAEUAVgAtAEoAQwBXAAQAOABEAGUAdgBlAGwAbwBwAG0AZQBuAHQALgBEAG8AYwB1AG0AYQB0AGkAbwBuAC4AYwBvAC4AdQBrAAMATgBEAE8AQwBEAEUAVgAtAEoAQwBXAC4ARABlAHYAZQBsAG8AcABtAGUAbgB0AC4ARABvAGMAdQBtAGEAdABpAG8AbgAuAGMAbwAuAHUAawAFACAARABvAGMAdQBtAGEAdABpAG8AbgAuAGMAbwAuAHUAawAHAAgAKRk7jhfZzQEAAAAA
Date: Thu, 13 Dec 2012 09:52:25 GMT
Content-Length: 341
Proxy-Support: Session-Based-Authentication
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Authorized</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Authorized</h2>
<hr><p>HTTP Error 401. The requested resource requires user authentication.</p>
</BODY></HTML>
------------------------------------------------------------------
GET [The page address - its on localhost and is an ASP page] HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Cookie: SessionUID={E41F5378-FBE2-475E-8F9A-6416AFE2BAA0}; DisplayMethod=0; ShowDataTips=1; LOGONUSER={UserName Info}ASPSESSIONIDQARAQRBD={Session ID}
Authorization: Negotiate oXcwdaADCgEBoloEWE5UTE1TU1AAAwAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAABXCiOIGAbEdAAAAD4GPyFfTAkcs1KpJqG4eT0ujEgQQAQAAAPUXp1AtIpqEAAAAAA==
Host: localhost
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Thu, 13 Dec 2012 09:52:27 GMT
Content-Length: 6630
Proxy-Support: Session-Based-Authentication
<HTML Page telling you about the error which gets displayed when you cancel the authentication dialog.>