I installed fiddler and made a GET request. It gives me what is returned from the server in header and cookies etc. Now I want to know the way to check (using fiddler) what is being posted to the server when I post a form (with some values in text boxes using firefox or any browser). Remember I am not seeking to know the way to compose a post request in fiddler. I want to know what browser sends to the server. Actually compose a post request is not working and it returns that same page which I post, so I want to know what browser is doing which I am unable to do?
Thanks in advance.
Click on the request that you wish to see in Fiddler, right click and select "Decode Selected Sessions".
If you're saying: "I don't see any traffic in Fiddler's Web Sessions list when sending a POST from Internet Explorer", you should follow the troubleshooting steps listed here: https://groups.google.com/forum/#!topic/httpfiddler/SsZnGxdxklg
If the target page is HTTPS, you need to ensure that you enable HTTPS decryption or you won't see anything other than the CONNECT tunnel through which HTTPS traffic flows.
Otherwise, if you do see the POST in the Web Sessions list, double-click it to activate the Inspectors tab. Use the Web Forms tab or the the Raw tab to see the data posted from the client application.
You might want to watch the Fiddler tutorial videos to quickly get up to speed on how to use Fiddler: http://www.youtube.com/playlist?list=PLvmaC-XMqeBbw72l2G7FG7CntDTErjbHc
Related
I've created an app using react native and which is using an IdentityServer 4 server to for authentication. I'm using react-native-app-auth to perform the authentication.
When I click login the app tries to open the Identity Server login page in Safari and iOS shows a standard dialog to say:
"myApp" Wants to Use "myIdServerUrl" to Sign In.
The problem is, where it should say myIdServerUrl, it actually says (null) as you can see in the screenshot.
Does anyone know why this might be? I'm not sure if its something I've misconfigured on the app side or something I'm not sending back from IdentityServer that I should be. I would have thought it would have just shown the URL that I'm requesting but that's not the case as the login page opens correctly when I click continue, so I haven't provided a null URL or anything.
If anyone knows where iOS looks when populating this dialog that would be a great help.
Thanks a lot!
EDIT
After a bit more investigation I've found that a CONNECT request is made to the Identity Server before showing the dialog. This suggests to me that the data it's using is somewhere in the certificate as the CONNECT request is where an SSL connection is requested for HTTPS sites. I'm still not sure what field I'm missing though. I have the Subject Alternative Name populated so I'm not sure what else it could be looking for.
EDIT
It seems, if the URL has a recognizable top-level domain, the domain name (as defined here) will be reported by the dialog. For example, some.host.name.zw will be referred as name.zw and video.google.co.uk as google.co.uk.
Otherwise, ("null") is produced, as in case of some.host.name.local, etc.
It is still an empirical finding, I don't have any official reference to this, but one that is easy to test.
I am trying to disable my logic app via a Http post from within the workflow, but I can't seem to get the authorization to work with my AD.
It says I need the Authorization Bearer token header, but when I fill the information in the fields marked with the red star it always fails.
Either I input the wrong information or I am doing something else wrong.
Where do I get all the information for the fields for the OAuth to work?
Also isn't some of these for using against a web application like an API?
In that case how do I do this only in relation to the resource explorer API?
UPDATE
So i have tried to put it as a web application in my AD and that doesn't work either, is there ANY documentation about this anywhere??
OK, so i found a workaround or maybe this is even the right way to do it.
Now using a HTTP Post Connector in Logic apps is probably the right way to do it when you have for example a API registered as an application in you AD that has the right permissions. what i did was:
First: Using/Created the Azure Resource Management Connector i didn't know excised, called "Invoke Recource Operation".
Second: After it propted you to login (with for example a service account), this layout is show to fill in the same inputs as in the request POST URL in the above connector.
Shown below:
This worked and disabled the LA perfectly.
I've got a website that requires a login, this website shows a "portal" which makes it possible to go to deluge/plex/sonarr (webapps). these apps are connected to ports. so example.com:83031 = plex and example.com:83032 is sonarr (as an example).
Now if I go to example.com it prompts me a login and I if I then click on "plex", the portal goes to example.com:83031. this is correct. however, is there a way to disable a direct link to example.com:83031 (so is there a way to ONLY make it able to enter that site through portal?)
Long story short: I want example.com:83031 to ONLY be available through the portal, not if you enter it directly into the browser. is this possible?
[Editted the domains, got the point!]
In theory, a browser should send a "redirect" indicating from where you came. Hence, example.com:83031 could check if you came from example.com:80. This is however not reliable.
However, if you redirect to example.com:83031/loginOK?<GUID> then you have explicitly encoded the redirection information, in a way that no browser can strip.
BTW, don't invent non-existent domains. example.com exists for a reason.
Using reverse-proxy on Apache has fixed this issue.
Picture describing the outcome
I'm about to build a console application that needs access to the authenticated YouTube Data API. Calling the API's themselves is not a problem, I know quite well how to make and process HTTPS requests.
I've already gotten the API key and the Client ID. No problems there, either.
The problem is the authentication.
I've checked here: https://developers.google.com/youtube/v3/guides/authentication#installed-apps
On the "Installed applications" tab, in step two, it instructs on how to set up a url to call to do the authentication step. All good so far. But before programming anything, I thought I'd try and see what that url does in the browser.
Turns out it just displays a login prompt. Well how about that. That won't work in this kind of console application. The idea is, presumably, that the user is somehow shown this webpage and be instructed to login and allow access. Then, somehow, by some kind of magic perhaps, the access token is sent back to my console application.
Two things I'm not quite sure about:
1) How do I prompt for the username and/or password in the console app and send that to the authentication URL?
2) How would I get the access token back from it?
The biggest problem is that the API seems to require a browser... Which isn't there. My console application will (eventually) run unattended, so starting up a browser and displaying a webpage and doing nothing until it returns a code, is out of the question. I need to somehow supply the authentication page a username/password and get back the code right away.
I am an ios app developer. We have implemented a custom URL scheme 'my_app://section_name' or so where if the link is opened in the user's mobile browser, it will redirect the user to a specific section in the app.
We would like to be able to tweet these URLs and have users on their mobile device click on them to open up the app, however it just can click once
(when you click close , maybe you click wrong then you want to click it second but it does not work )
I hope this isn't too silly of a question. Thanks
Make sure to check the tweet body after it have been posted.
This may be due of an URL shortener, especially if the tweet is posted from the iOS 5 Twitter framework.
I'm having a similar issue with url schemes. We can include them in emails and text messages, and they highlight and work properly.
Unfortunately, when we do the same with a tweet, the iOS Twitter client fails to recognise the special URL scheme and so the user cannot tap on it to open our app.
Pretty big oversight, methinks. Anyone else had any joy including special URL scheme links in tweets?
A solution that you should consider involves not sharing the URI scheme directly, but rather creating a page on your web server to handle this. In fact, if you want to be able to share full URI schemes with paths, you're better off building a web server to dynamically generate a page with a URI scheme redirect.
This is a over-simplified representation of what we built at Branch. This includes some code to get you started though the web server will require a bit of setup not described here.
instead of testapp://some.data.here, you'll link to http://yoursite.com/hosted-redirect/some.data.here.
your server should listen at the route /hosted-redirect, grab some.data.here and build the following page (body here):
(source: derrrick.com)
So your server will have to generate and respond with this page, filling in some.data.here, anytime http://yoursite.com/hosted-redirect/some.data.here is requested.
A lightweight node app could do this with a single file.