Develop Reference

HTTPS Proxy curl

i am use
curl -x https://www.skillacademy.com --resolve www.skillacademy.com:443:104.18.24.139 https://www.skillacademy.com:443 -vvv
output is
root#localhost:~# curl -x https://www.skillacademy.com --resolve www.skillacademy.com:443:104.18.24.139 https://www.skillacademy.com:443 -vvv
* Added www.skillacademy.com:443:104.18.24.139 to DNS cache
* Hostname www.skillacademy.com was found in DNS cache
* Trying 104.18.24.139:443...
* Connected to www.skillacademy.com (104.18.24.139) port 443 (#0)
* ALPN: offers http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS change cipher, Change cipher spec (1):
* (304) (OUT), TLS Unknown, Certificate Status (22):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Proxy certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: May 10 00:00:00 2022 GMT
* expire date: May 10 23:59:59 2023 GMT
* subjectAltName: host "www.skillacademy.com" matched cert's "*.skillacademy.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* allocate connect buffer
* Establish HTTP proxy tunnel to www.skillacademy.com:443
* (304) (OUT), TLS Unknown, Unknown (23):
> CONNECT www.skillacademy.com:443 HTTP/1.1
> Host: www.skillacademy.com:443
> User-Agent: curl/7.85.0
> Proxy-Connection: Keep-Alive
>
* (304) (IN), TLS Unknown, Certificate Status (22):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS handshake, Newsession Ticket (4):
* (304) (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 400 Bad Request
< Server: cloudflare
< Date: Tue, 18 Oct 2022 06:57:20 GMT
< Content-Type: text/html
< Content-Length: 155
< Connection: close
< CF-RAY: -
<
* Received HTTP code 400 from proxy after CONNECT
* CONNECT phase completed
* Closing connection 0
* (304) (OUT), TLS Unknown, Unknown (21):
* (304) (OUT), TLS alert, close notify (256):
curl: (56) Received HTTP code 400 from proxy after CONNECT
Look at Establish HTTP proxy tunnel to www.skillacademy.com:443
Why still HTTP not a HTTPS ?
what i try :
update openssl to latest
update curl to latest
Here output
root#localhost:~# curl -V
curl 7.85.0 (aarch64-unknown-linux-gnu) libcurl/7.85.0 OpenSSL/1.1.1q zlib/1.2.11
Release-Date: 2022-08-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets
root#localhost:~# openssl version -a
OpenSSL 1.1.1q 5 Jul 2022
built on: Tue Oct 18 06:23:52 2022 UTC
platform: linux-aarch64
options: bn(64,64) rc4(char) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DVPAES_ASM -DECP_NISTZ256_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
Seeding source: os-specific
root#localhost:~#
any help will apreciated

How to download file from cloudflare using curl?

As part of pipeline for building Debian package with popular game Factorio i need to download game's distribution files. This is without any problems in gui web browser.
I try to download file using curl but i still cannot solve problem with CSRF token:
#!/bin/sh
LOGIN=""
PASSWD=""
VERSION=`curl -s "https://api.github.com/repos/wube/factorio-data/tags" | jq -r '.[0].name'`
ARCHIVE="factorio_alpha_x64_${VERSION}.tar.xz"
CSRF=`curl -s -c ~/cookie.txt https://www.factorio.com/login | grep csrf_token | awk -F'"' '{print $8}'`
curl -v -c ~/cookie.txt -b ~/cookie.txt -H "X-CSRF-Token: ${CSRF}" -X POST -F "csrf_token=${CSRF}" -F "username_or_email=${LOGIN}" -F "password=${PASSWD}" https://www.factorio.com/login
curl -c ~/cookie.txt https://www.factorio.com/get-download/${VERSION}/alpha/linux64 > ${ARCHIVE}
The script run fail everytime with the final response:
vitex#exiv:~/Projects/Packaging/Games/factorio-deb$ ./downloader.sh
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 104.26.14.88:443...
* Connected to www.factorio.com (104.26.14.88) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Jul 6 00:00:00 2021 GMT
* expire date: Jul 5 23:59:59 2022 GMT
* subjectAltName: host "www.factorio.com" matched cert's "*.factorio.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55eea0a17d10)
> POST /login HTTP/2
> Host: www.factorio.com
> user-agent: curl/7.76.1
> accept: */*
> cookie: session=eyJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.D93FhsjkngmtONrHEFB6P0d4w8Y
> x-csrf-token: IjE5NjJlZTgwZDAyYjBhYTg0NDdlNThmYmExMmRkMzE4Y2U2OTExZGQi.YXicKQ.HKcRPgEkSRVU4_Xat-dCV31sHWg
> content-length: 461
> content-type: multipart/form-data; boundary=------------------------c63b0f58b7ac0deb
>
* We are completely uploaded and fine
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 400
< date: Wed, 27 Oct 2021 00:24:09 GMT
< content-type: text/html; charset=utf-8
< cache-control: no-cache
< x-frame-options: SAMEORIGIN
< strict-transport-security: max-age=31536000
< vary: Cookie
* Replaced cookie session="eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.PbtfNJW_assTK0ZkBWujMpBVnuM" for domain factorio.com, path /, expire 0
< set-cookie: session=eyJfZnJlc2giOmZhbHNlLCJjc3JmX3Rva2VuIjoiMTk2MmVlODBkMDJiMGFhODQ0N2U1OGZiYTEyZGQzMThjZTY5MTFkZCJ9.YXicKQ.PbtfNJW_assTK0ZkBWujMpBVnuM; Domain=.factorio.com; Secure; HttpOnly; Path=/
< via: 1.1 vegur
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HZPVm%2FRu31d1J8IkHuFfcRwFad6vXWf2%2FbHrH3PCRg1GFuXfHgsJDXN10zPpE6ZaOP7I1ClCiaDo0i0tO%2B5kih95W6gO28pCyjiiA3oXOmJvFHr%2F4iipMg0xlK7v2rVQ51w%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 6a47c7a32c4f27a0-PRG
<
<!DOCTYPE html>
<html>
<head>
<title> 400 - CSRF Error | Factorio</title>
...
How i can better work with cookies recieved by first request ?
What is wrong here ?

Elasticsearch curl post hangs and times out in a CI job

I'm trying to upload some data to Elasticsearch via Curl in a CI job. The Curl command I believe is correct and works perfectly locally. However within the job it appears to hang and then times out after 30 seconds.
Here is the Curl command:
curl -u $user:$password \
-XPOST "${HOST}${INDEX}/data" \
-H 'Content-Type: application/json' \
-d "$json_data" \
--max-time 30 \
--verbose
Here is the verbose output:
Note: Unnecessary use of -X or --request, POST is already inferred.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Trying <IP-ADDRESS>...
* TCP_NODELAY set
* Connected to <HOST> (<IP-ADDRESS>) port <PORT> (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [58 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [3024 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [556 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* ...
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Server auth using Basic with user '<USERNAME>'
* Using Stream ID: 1 (easy handle 0x565087a74580)
} [5 bytes data]
> POST /elasticsearch/<INDEX>/data HTTP/2
> Host: <HOST>
> Authorization: Basic <KEY>
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 13735
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
* We are completely uploaded and fine
{ [5 bytes data]
100 13735 0 0 100 13735 0 11388 0:00:01 0:00:01 --:--:-- 11388
100 13735 0 0 100 13735 0 6220 0:00:02 0:00:02 --:--:-- 6220
100 13735 0 0 100 13735 0 4280 0:00:03 0:00:03 --:--:-- 4280
...
100 13735 0 0 100 13735 0 469 0:00:29 0:00:29 --:--:-- 0
* Operation timed out after 30001 milliseconds with 0 bytes received
100 13735 0 0 100 13735 0 457 0:00:30 0:00:30 --:--:-- 0
* Connection #0 to host <HOST> left intact
curl: (28) Operation timed out after 30001 milliseconds with 0 bytes received
It looks like the host can be reached by the CI job but seems to hang for some reason. If I remove the timeout limit I get a curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 110 error. According to the libcurl docs the 56 error code is when there is a failure receiving network data, which is strange as it’s doing a POST. Everything works fine locally, but this error is happening with every job. Any ideas?

Curl not working in Jenkins jobs

I am trying to trigger an remote Jenkins job from an host Jenkins server.
I have created build token. I am trying to call the job using the curl
curl.exe -v -x -K --insecure -u "username#username.com:pwd" POST https://hostname:8443/job/mypackjob/build?token=XXXIODFASDF
if use the same command from the command prompt (i.e Windows CMD) the job is getting triggered, but from the Jenkins job it is not working. I am getting HTTP/1.1 error.
* Rebuilt URL to: POST/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Could not resolve host: POST
* Closing connection 0
curl: (6) Could not resolve host: POST
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 132.186.32.5...
* TCP_NODELAY set
* Connected to INCHNIISNW0113.net (132.186.32.5) port 8443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:#STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [85 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1580 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=INCHNIISNW0113.net
* start date: Nov 3 13:41:11 2016 GMT
* expire date: Dec 31 23:59:59 2039 GMT
* issuer: CN=API
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* Server auth using Basic with user 'username#xxx.com'
} [5 bytes data]
> -K /job/2.50HR0API0Obfuscation/build?token=TRIGGERMEHRAPIBUILD HTTP/1.0
> Host: INCHNIISNW0113.net:8443
> Authorization: Basic **************
> User-Agent: curl/7.58.0
> Accept: */*
>
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0{ [5 bytes data]
**< HTTP/1.1 404 Not Found**
< Date: Wed, 18 Apr 2018 15:46:23 GMT
< X-Content-Type-Options: nosniff
< Server: Jetty(9.4.z-SNAPSHOT)
* no chunk, no close, no size. Assume close to signal end
<
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0{ [5 bytes data]
* TLSv1.2 (IN), TLS alert, Client hello (1):
{ [2 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
* Closing connection 1
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]

Unable to PUT when tunneling to a remote URL using localhost(127.0.0.1)

I wanted to do a GET on the following URL in Postman with Basic Authorization:
https://1.2.3.4:8338/accounts
Unfortunately I cannot connect directly to that server so I've tunneled through Jump server 5.6.7.8 using SSH Tunnel Manager and
ssh -N -p 22 username#5.6.7.8 -o StrictHostKeyChecking=no -L 127.0.0.1:8080:1.2.3.4:8338
That worked. I now want to create a container by doing a PUT to this URL using AWSV4 Authorization:
https://1.2.3.4/testcontainer
If I use the above tunner I get a 404 error. I've a feeling that my issue is that the tunnel is on port 8338 but my URL doesn't specify a port. I've tried leaving the port on 1.2.3.4 blank but it defaults to 0 and the tunnel doesn't work.
I then tried setting that port to 443(default HTTPS port). When I do that I get a SignatureDoesNotMatch error. I think that's because I set the AWSV4 authentication up on port 8338(it's a guess).
Finally I tried to setup AWSV4 authorization with port 443 but received a 403 error.
I'm not sure where to go now. Can anybody advise what I might have to do a PUT to the below URL using localhost?
https://1.2.3.4/testcontainer
UPDATE 2017-06-28
I got access to a server that can connect directly to 1.2.3.4 and decided to try using curl in the terminal. It wouldn't work as I need to use AWS v4 auth. When looking into this I came across s3curl. I've tried running the following:
./s3curl.pl --id personal -- -s -v -X PUT https://1.2.3.4/testcontainer -k
Still no luck. This is the output:
* Hostname was NOT found in DNS cache
* Trying 1.2.3.4...
* Connected to 1.2.3.4 (1.2.3.4) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Request CERT (13):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA384
* Server certificate:
* subject: C=US; ST=T; L=A; O=B; CN=access01.b.com; emailAddress=b#us.b.com
* start date: 2017-06-04 08:05:04 GMT
* expire date: 2018-06-05 08:25:00 GMT
* issuer: C=US; ST=I; L=C; O=cc; CN=Manager CA; serialNumber=serialnumber
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> PUT /testcontainer HTTP/1.1
> User-Agent: curl/7.35.0
> Host: 1.2.3.4
> Accept: */*
> Date: Wed, 28 Jun 2017 13:23:01 +0000
> Authorization: AWS authoization
>
< HTTP/1.1 403 Forbidden
< Date: Wed, 28 Jun 2017 13:23:01 GMT
< X-Clv-Request-Id: requestid
< Accept-Ranges: bytes
* Server cc/3.1.0.1 is not blacklisted
< Server: cc/3.1.0.1
< X-Clv-S3-Version: 2.5
< x-amz-request-id: requestid
< Content-Type: application/xml
< Content-Length: 894
<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Error> <Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. For more information, see REST Authentication and SOAP Authentication for details.</Message><Resource>/pctestcontainer1/</Resource><RequestId>bfb1bdf1-9d7a-4bc7-966a-a3a5e89498eb</RequestId><StringToSign>PUT
Wed, 28 Jun 2017 13:23:01 +0000
* Connection #0 to host 10.137.63.202 left intact
/pctestcontainer1</StringToSign><StringToSignBytes>80 85 84 10 10 10 87 101 100 44 32 50 56 32 74 117 110 32 50 48 49 55 32 49 51 58 50 51 58 48 49 32 43 48 48 48 48 10 47 112 99 116 101 115 116 99 111 110 116 97 105 110 101 114 49</StringToSignBytes><SignatureProvided>signature</SignatureProvided><AWSAccessKeyId>accesskey</AWSAccessKeyId><httpStatusCode>403</httpStatusCode></Error>root#utility:/tmp/cp/s3curl#
Does this mean anything to anybody?

After a lot of investigation I found that I needed to include a "Host" key in my header and use the AWS V4 credentials I generated.
I can now do a PUT using a statement in Postman.