I'm using nusoap library but getting error during login.
...<..E.POST
X-Forwarded-For:
X-Forwarded-Proto:
X-Forwarded-Port: 443^M
Host:
X-Amzn-Trace-Id: Root=
Content-Length: 532^M
Accept: /^M
User-Agent: NuSOAP/0.9.5 (1.123)^M
Content-Type: text/xml; charset=UTF-8^M
SOAPAction:
^M
I interested in the standard way to print an instance of a Rack::Request class as a text HTTP request. Example below.
POST /cgi-bin/process.cgi HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
Host: www.tutorialspoint.com
Content-Type: text/xml; charset=utf-8
Content-Length: length
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
<?xml version="1.0" encoding="utf-8"?>
<string xmlns="http://clearforest.com/">string</string>
It would be nice for debugging and share with users. I have a team with non-rails stack using my API and raw requests will be useful.
A security scanning app picked up a risk against a signalR link in my asp.net MVC 5 website.
the X-Frame-Options response header is missing, which may allow
Cross-Frame Scripting attacks
Any one can tell me what's this about?
And How to solve it?
ASP.NET SignalR Input Validation Flaw Permits Cross-Site Scripting Attacks
Should not be the problem since I am using SignalR 2.1.x
The request is :
POST ***/signalr/send?transport=serverSentEvents&clientProtocol=1.4&connectionToken=bla**bla** HTTP/1.1
Host: ****
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
Accept: text/plain, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: myhost
Pragma: no-cache
Cache-Control: no-cache
Cookie: authentication token
Content-Length: 113
data=********
The Response is :
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: application/json; charset=UTF-8
Expires: -1
Server: Microsoft-IIS/8.0
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Some html body
I think this warning can safely be ignored. The X-Frame-Options header is used to prevent clickjacking. SignalR responses don't have any links or any other clickable content.
However, it might be a good idea to set an X-Frame-Options header on every response to be extra safe. You can do this via IIS manager or web.config. If you are not using IIS, you can use OWIN middleware instead.
I have a raw HTTP traffic file with following format :
---------------------- dataset.txt ----------------------------------
GET http://localhost:8080/tienda1/index.jsp HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.8 (like Gecko)
Pragma: no-cache
Cache-control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: x-gzip, x-deflate, gzip, deflate
Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5
Accept-Language: en
Host: localhost:8080
Cookie: JSESSIONID=1F767F17239C9B670A39E9B10C3825F4
Connection: close
POST http://localhost:8080/tienda1/publico/anadir.jsp HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.8 (like Gecko)
Pragma: no-cache
Cache-control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: x-gzip, x-deflate, gzip, deflate
Accept-Charset: utf-8, utf-8;q=0.5, *;q=0.5
Accept-Language: en
Host: localhost:8080
Cookie: JSESSIONID=933185092E0B668B90676E0A2B0767AF
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 68
id=3&nombre=Vino+Rioja&precio=100&cantidad=55&B1=A%F1adir+al+carrito
...
...
Is there any utility to read this file and submit to my local web server?
You have two requests here.
First is GET, second is POST.
Provided that you are having such format as above, you could write simple program that will ( in order)
Divide the sheet into separate HTTP requests
Parse requests and divide them into variables like : type of request (GET or POST), User-Agent and "headers" in general, request DATA, request submit URL
Create and maintain session with specific server (cookies etc)
Iterate through the loop and submit the data
It would be perfect to solve the problem in python-requests. Parsing may be done in python basic lib.
I'm getting an error trying to post a file to the dropbox in D2L. I'm using HttpRequest in PHP. The Org ID and Folder ID are both valid - I am retrieving the folder ID from the API (using the OrgID).
Here is the HttpRequest output:
POST /d2l/api/le/1.1/61381/dropbox/folders/677320/submissions/mysubmissions/?x_a=d0RNh1RjRGSMJu-dyj_wmw&x_b=_098IyP4bzkow_G-7Ke4Dv&x_c=3_L5VOX5RarK7mztTyX67sL_TyceBOK5r18GnRu9VbE&x_d=jVPR_DXuVf1JIl-YLe3Ad_OM2Ph8xG8UiMYriJVRc2w&x_t=1350769323 HTTP/1.1
User-Agent: PECL::HTTP/1.6.1-dev (PHP/5.2.6)
Host: <hostname>
Accept: */*
Content-Type: multipart/mixed; boundary=65ace1fa6e1f
Content-Length: 251
--65ace1fa6e1f
Content-type: application/json
{"Text":"test","HTML":null}
--65ace1fa6e1f
Content-Disposition: form-data; name=""; filename="file.txt"
Content-Type: application/octet-stream
eyAiVGVztCI6IlRsaXMgfXMgdGVzdYBkYXRhLiIgfQ==
--65ace1fa6e1f--
And the response:
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 131
Content-Type: text/html; charset=utf-8
Location: /d2l/error/404
Server: Microsoft-IIS/6.0
X-XSS-Protection: 0
X-Powered-By: ASP.NET
Date: Sat, 20 Oct 2012 21:42:26 GMT
It appears to be a 404 (No such dropbox folder, or no such org unit), but I know both values to be valid.
I've logged into D2L and the OrgID and DropboxID are both correct in the URL when I'm editing the dropbox settings. The user in question has permission to access the dropbox, and can do so in D2L.
Any help would be appreciated!