I encountered the problem when working with IP Camera Panasonic (BL-C111CE).
I want to get motion jpeg stream from this camera. So i did the following steps:
1. Open socket on HTTP port:
mySocket = connect("192.168.1.253" /*ip*/, "80" /*port*/);
2. Send the following string command to camera:
"GET /nphMotionJpeg?&Resolution=640x480&Quality=Motion&Framerate=30 HTTP/1.1\r\n\r\n"
This command work fine when I enabled the privilege view video for general user in camera's settings. But when I disable this privilege, the above command is failed.
I have searched, and I knew I need send admin's username and password in order to authenticate to Camera.
But I don't know the syntax for sending my username and password. And which step must I send it?
Many thanks,
Phong Le
I think you might need to use some sort of HTTP Authentication, either Basic or Digest. I'd try with Basic Authentication first, so send an additional header in your Request like
GET /nphMotionJpeg?&Resolution=640x480&Quality=Motion&Framerate=30 HTTP/1.1
Authorization: Basic <AuthString>
For AuthString you construct a string 'username:password' and encode it using BASE64.
Have a look at the linked Wikipedia articles for more information about HTTP Authentication.
i resolved the part about authorization by
request.setHeader("Authorization","Basic " + Base64.encodeToString ("user:password".getBytes(), Base64.NO_WRAP));
where request is a HttpGet instance;
Related
I am consuming PCC API, There are two way by using different URLs:
https://connect.pointclickcare.com/auth/token
https://connect2.pointclickcare.com/auth/token
Both using same haeder and bodey excpet onre thinh that is 2nd URLs need two SSL Authentication.
I am able to consume with 1st URL.
Now I added client certificate to try to consume 2nd URL, however I am facing error and also two less value are being sent in header(Same Request
parameter is being used I only change URL for both request.)
Error: INCORRECT_PASSWORD
Screenshot is attached.
I finally found the problem, Passphrase was not added for Client Certificate being sent with http request. so I added with passphrase and now it worked fine.
I have mysite.com and mysite.nl.
I want to build single sign-on, someone signing in on .com should be signed in in .nl.
I do this by putting an image (1 pixel transparent PNG image) on the .nl domain which sends back a cookie in the response.
In my firefox dev tools, I see 'response cookie' and it's set. It looks like this:
I have made sure the domain is set to mysite.nl
But somehow, when I then navigate to mysite.nl I don't see the cookie set. Am I missing something? I tried disabling tracker blocking, but to no avail.
Google is doing it this way as well right? Ie., log in in Google and you're logged in in Youtube.
If the browser makes a request to xyz.mysite.com, it has to drop the domain cookie for mysite.nl. This is due to the browser security model. If you want to achieve Single Sign On between xyz.mysite.com and xyz.mysite.nl you need some technology to 'transfer' the session token between the two domains. Either you use a standards-backed technology like SAML or OIDC or you use a proprietary mechanism. If you carefully look at the HTTP response, you will see two Set-Cookie HTTP response headers, one has domain property set to mysite.com, one has set domain property to mysite.nl.
So I am using a burp suite to intercept a request to
stage.training.com/ats/getAllStates.html?countryCode=CR
Once Intercepted I change the Hostname to localhost:4502
The localhost uses an authentication which I have already added to Platform Authentication under
User Options --> Platform Authentication
However I keep getting a 400 Bad Request response.
Any idea whats going wrong here
Firstly, we need to understand why 400 Http Bad Request is causing the response.
400 - Bad request. The request could not be understood by the server due to malformed syntax. The client should not repeat the request without modifications.
You can check the following operations from inside the burp suite for authentication.
User options > Connections > Platform Authentication > Add
Destination host: target URL
Authentication type: Basic, NTLMv1, NTLMv2 or Digest
Username and Password
Both sides need updating. from both intercept and user options. Otherwise, you will continue to receive errors.
I'm using SOCKET (WINSOCK2.H) to connect to IP camera.
After connect, I want to send the command "GET /nphMotionJpeg?Resolution=640x480&Quality=Standard HTTP/1.1\r\n\r\n" to get video stream.
But this command is not successful because the camera is protected by authentication basic.
Now, I want to insert into request command username and password but i don't know the syntax to do it.
the syntax is explained in the related wikipedia article: https://en.wikipedia.org/wiki/Basic_access_authentication
I want to integrate a credit card processing in my website using Paybox.com API's.
I have to send a POST request (using urllib2) to Paybox API's with credit card details (number, date, cvv) when a user submit a form.
How can I secure that? is it enougth to put https://www.mywebsite.com/card/processing in my form action?
How can I send POST data over HTTPS using urllib2?
PS: I work on Django.
Well in terms of security refer to this QA: POST data encryption - Is HTTPS enough?
As far as how to do it, here's an explanation about using urllib: http://www.codercaste.com/2009/11/28/how-to-use-the-urllib-python-library-to-fetch-url-data-and-more/
The idea is to use the urlencode command to create a parameters object for the request, then create a request object from the url and the parameters object, and then call urlopen on the request object in order to actually send the request.
Here are solutions using python-request lib: http://www.python-requests.org/en/latest/user/advanced/
request using ssl: http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
request using post: http://docs.python-requests.org/en/latest/user/quickstart/#more-complicated-post-requests (should also allow verify=True parameter)
By the way, python-request is a very powerful and easy way to make requests.