I received a request from and amazon web service with the user-agent on the header as : "user-agent: user-agent: Mozilla/"
What does this mean?
Is this legit or an attempt at an exploit?
The request was redirected by the proxy server, could that have caused to add another user-agent tag?
Related
In fiddler I have the following header:
GET http://localhost:49676/api/values HTTP/1.1
User-Agent: Fiddler
Authorization: Bearer xCatZFPvw8LjQPGrWvQyvITVewWmuUHk...
Host: localhost:49676
How do I run something like this in an address url bar on the browser? Or can't I?
You can try that approach using Postman. I'm afraid you won't be able to set the HTTP headers in the browser URL.
I've got a problem with an Ajax request in my web project. Most of the time it works just fine but sometimes there is simply no request from the client (it does not show in wireshark), FireBug just shows the request marked red.
Project looks like the following:
Java Backend with JSPs, Client is using the Firefox Browser
The request is done via prototypejs using the Ajax Updater function. I can debug the request preparation via firebug until the Ajax Update function fires the request but then no request is listed in my wireshark output (although all other request are listed just fine).
So I have a (sometimes) vanished Ajax request with no error and no clue where to look :( Any help would be much appreciated.
Request:
[...]/ajax/gruppe/loadTreeList.do?ajax=true&tstamp=645&context=GRUPPE&level=0&itemid=0
RequestHeader:
Accept text/javascript, text/html, application/xml, text/xml, /
Accept-Encoding gzip, deflate
Accept-Language de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Connection keep-alive
Cookie JSESSIONID=326D8AEAAFD254760CEC8D050734807E
Host localhost:8080
Referer [...]/domain/druck/gruppe.do
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20100101 Firefox/17.0
X-Prototype-Version 1.7.1
X-Requested-With XMLHttpRequest
There is no response.
We are trying to access Google Maps over HTTPS.
We modified the script on the JSP to
script src="https://maps.googleapis.com/maps/api/js?client=<xxxx>&sensor=false" type="text/javascript"
This seems to work properly in Chrome and IE8. But in Firefox(V 19.0.2 and 11), there are some issues.
Specifically, We are getting
TypeError: google.maps.InfoWindow is not a constructor
in the Firefox console which I think means that the Google APIs are not getting accessed properly.
Any suggestions/solutions for this issue?
More:
We are getting a 407 response from googlemaps apis.
Specifically, using Fiddler the Request looks like:
CONNECT maps.googleapis.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: maps.googleapis.com
and the Response looks like:
HTTP/1.1 407 Proxy Authorization Required
Date: Mon, 22 Apr 2013 04:46:47 GMT
Proxy-Connection: keep-alive
Via: 1.1 XXXXX
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="Websense Content Gateway"
Content-Length: 322
Proxy-Support: Session-Based-Authentication
<HEAD><TITLE>Proxy Authorization Required</TITLE></HEAD>
<BODY BGCOLOR="white" FGCOLOR="black"><H1>Proxy Authorization Required</H1><HR>
<FONT FACE="Helvetica,Arial"><B>
Description: Authorization is required for access to this proxy</B></FONT>
<HR>
<!-- default "Proxy Authorization Required" response (407) -->
</BODY>
Damn.. Its an issue with my company's internet proxy!! I had to add an exception to all the URLs used by my application(including google map apis) and it works fine.
Add all urls of google map api over https in Location input bar for certificate exceptions.
for example:
https://maps.googleapis.com
https://maps.gstatic.com
'Get Certificate' then 'Confirm Security Exception'
Tools > Advanced > Certificates > View Certificates > 'Servers' Tab > 'Add Exception...'
I'm calling a server site on our internal server. This domain looks like this:
http://server.domain:12345/x.html
Now, with IE this works just fine, I'm getting the data. (My problem there is that IE caches the website after the first call forever, but never mind).
Now, if I'm trying to do exactly the same in Firefox, it won't work, the same in Google Chrome.
Firebug says this:
Answer-Header
Connection Keep-Alive
Content-Length 109
Content-Type text/html; charset=UTF-8
Keep-Alive timeout=5000
Server AbWeb Version SRSG 1.34
Set-Cookie sessionkey=80da7dfe-1c9c-4460-9592-3ce55cecb379
Request-Header
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding gzip, deflate
Accept-Language de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Connection keep-alive
Host server.domain:12345
Origin http://otherserver.domain
Referer http://otherserver.domain/test/
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
Chrome says this:
X XMLHttpRequest cannot load http://server.domain:12345/x.html. Origin http://otherservere.domain is not allowed by Access-Control-Allow-Origin.
server.domain:12345/x.html
X Failed to load resource
It seems you perform cross-domain JavaScript calls. The target server must set the Access-Control-Allow-Origin HTTP header. In your case the server http://server.domain must set a header like:
Access-Control-Allow-Origin: http://otherserver.domain
I do not know why it works for IE, it may have to do with your security domains as your just working in the intranet.
See another example:
Jquery form doesn't show submission message on web server but it shows submission message on local host
Say, there's a URL, http://www.example.com/#hello.
Will the #hello thing be sent to the web server or not, according to standards?
How do modern browsers act?
The answer to this question is similar to the answers for Retrieving anchor link in URL for ASP.NET.
Basically, according to the standard at RFC 1808 - Relative Uniform Resource Locators (see Section 2.4.1), it says:
"Note that the fragment identifier is not considered part of the URL."
As stephbu pointed out, "the anchor tag is never sent as part of the HTTP request by any browser. It is only interpreted locally within the browser".
The hash variables aren't sent to the web server at all.
For instance, a request to http://www.whatismyip.org/#test from Firefox sends the follow HTTP request packet
GET / HTTP/1.1
Host: www.whatismyip.org
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cache-Control: max-age=0
You'll notice the # is nowhere to be found.
Pages you see using # as a form of navigation are doing so through javascript.
This parameter is accessible though the window.location.hash variable
The anchor part (after the #) is not sent to any $_SERVER variables in PHP. I don't know if there is a way of retrieving that piece of info from the URL or not (as far as I know, it's not possible). It's supposed to be used by the browser only to find a location in the page, which is why the page does not reload if you click on an anchor like so: hello